Algorand has only one DEX, Tinyman and that too got attacked and hacked today where the attacker exploited an unknown bug in contract. This allowed hacker to withdraw assets from Tinyman’s pool that they were not allowed to.
This exploit has been executed on myriad pools already. Since Tinyman pools make use of immutable contracts, there is no quick-fix to this issue for the current slew of pools. Meanwhile, Tinyman pool has announced that the exploit is still going on and hackers have been draining the pools. That is why users are suggested to withdraw their liquidity from pools immediately.
Tinyman says they will not be responsible for any funds that are lost after 4th January 2022. However, what can be done for those who have locked their liquidity and are unable to remove it from liquidity pools? Tinyman says that they are aware of this and are working for something for these users.
Tinyman cannot absolve itself of total legal liabilities. Tinyman has a responsibility to safeguard those liquidity pools assets. Tinyman cannot push full liabilities to the small investors. Users are clearly not happy. One twitter user said,
4- In the meantime we believe the best plan of action is to ask our community to remove all their liquidity from ALL Tinyman pools.
We will make sure that the commumnity is taken care of and we will publish a detailed incident report in the coming days.
It’s your responsibility for not heeding your own audits and allowing it to happen on your watch period. Giving victims unreasonable ultimatums just shows your lack of integrity again. Something that seems to be sickeningly common in Defi as a whole. It’s not enough time.
I am from Brisbane, Queensland and I hold post of Associate Editor at Cryptocoindaddy.