Elastic Improvement Proposal #2
Bounty payment for critical vulnerability found by samsczsun
samczsun, is one of the prolific white hats in the industry.
A comprehensive list of which can be found here.
As mentioned in this article ElasticDAO Smart Contract and Security Audits | by (LS)Dan Matthews | ElasticDAO | Mar, 2021 | Medium
The security of the funds in ElasticDAO will always be its top priority.
After ElasticDAO’s successful launch to mainnet, which saw participants using 2069 ETH to mint over 30,000 EGT along with the SushiSwap pool having a trading volume of over $6m on the first day.
Members of the team were contacted by samczsun, alerting us to the fact that there was a possibility of draining the ElasticDAO of its funds.
Credit to our own ElasticDAO member @ycklsr for bringing it to his attention,
Here is the gist written by him explaining the bug: gist:4fe1c099f956fac991a25be78cfa73a9 · GitHub
Essentially, the bug was an infinite minting bug.
The possible bad actor could repeat the process of transferring to himself the maximum amount EGT possible, and in the same transaction, sell that EGT for the underlying ETH, draining all the underlying ETH in ElasticDAO’s SushiSwap pool.
The fix was a simple guard added to the transfer function that neither the team nor the wardens had anticipated necessary.
The fix in the
_transfer function of
require(_from != _to, 'ElasticDAO: Can not transfer to self');
This guard thus prevented ElasticDAO loosing all of its 2069 ETH and all the liquidity in the SushiSwap pool, this is becase the
_transfer function on
ElasticGovernanceToken.sol in tandem with infinite minting bug could have been used to drain all the funds.
We are requesting that 10% of the Sushiswap pool balance (valued at the moment the bug was found), which amounted to 90,000 USDC be paid to samczsun.
Note - The multisig will mint and redeem an equivalent value of EGT via the exit function for the underlying ETH value and burn the tokens. No tokens will be sold into SushiSwap.
Upon approval of #ELIP 2 ElasticDAO would have rewarded samczsun for finding an extremely obfuscated bug, occurance of which could have been catastrophic for this nascent experiment in fair governance that is ElasticDAO
The team would like to thank the community for their continued support and participation in ElasticDAO.