This Vulnerability Could Put Prime Protocol Users’ Funds at Risk

Updated 16:00UTC, 23 May: A spokesman for Prime Protocol issued the following statement on Twitter:

“We’re aware of some recent communication regarding a specific functionality in our contracts. We want to be clear – this is NOT a vulnerability that would allow a bad actor to seize others’ funds from the protocol at any point.

“We are promptly taking action to address the concerns, and we will provide a comprehensive explanation of the solution once it is complete.”

A security firm has reported a feature (or a bug) in cross-chain brokerage Prime Protocol that could jack up TVL and put users’ funds at risk.

While decentralized finance (DeFi) is often the victim of various hacks and thefts, open-source code also helps discover certain vulnerabilities.

A Vulnerability in Prime Protocol?

According to a security firm, Dilation Effect, a feature in Prime Protocol could put users’ funds at risk. The security firm claims that after users complete an approval operation, anyone can deposit their approved crypto into the protocol’s loan pools.

While it is not a critical bug, it might get misused to jack up the total value locked (TVL) of the DeFi protocol. According to DefiLlama, the TVL of Prime Protocol stands at $1.3 million.

If there is an attack on the platform, apart from TVL, the additional users’ funds are also at risk. This is because the hackers can deposit the approved crypto into the loan pool and steal away the additional funds.

According to the official website, security firms Veridise and Ackee Blockchain have audited Prime Protocol’s security.

Got something to say about this article or anything else? Write to us or join the discussion on our Telegram channel. You can also catch us on TikTok, Facebook, or Twitter.

For BeInCrypto’s latest Bitcoin (BTC) analysis, click here.