Gains Network Branch Exploit Allows Traders to Claim 900% Profit per Transaction

May 10, 2024 · Crypto News · Source:NewCoinSpot

A branch of the Gains Network, a DeFi product ecosystem operating on Polygon and Arbitrum, reportedly enables traders to claim tenfold returns on each transaction, regardless of the traded token’s price performance, according to blockchain security experts.

Gains Network Vulnerability

Gains Network, with a total value locked (TVL) of $20.29 million according to DeFi Llama, has processed $25 billion in derivative transactions since its inception in May 2023. A report by Zellic on April 19 highlighted a flaw in a protocol branch that allows attackers to set arbitrarily high buy limit orders and automatically profit from every trade.

Here’s how it works: When an order is activated, the stop-loss price is stored as the “currentPrice” in the protocol, which is used to calculate profits and losses. If a user sets their stop loss/gain price above the opening price, they can profit from the trade without risk.

For example, imagine Bitcoin is priced at $60,000. A trader sets an opening price of $59,000 and a stop loss/gain price at $61,000. If the price drops to $59,000, the trade is activated, but the price immediately falls below the trader’s stop loss, triggering an automatic exit.

Normally, this should result in zero profit for the trader. However, because the stop-loss price of $61,000 is recorded as the “current price,” the system inadvertently logs a profit of $2,000 for the user.

If an attacker makes enough trades with sufficiently high stop loss/gain settings, they could potentially deplete the protocol’s funds. Although there is a check in the protocol to prevent setting a stop loss above the buy order’s opening price, other vulnerabilities were discovered that allow attackers to circumvent this check.

Zellic notes that with certain figures, traders could guarantee a 900% profit.

This specific exploit was found only in a branch of the Gains Network, not in Gains itself. However, Zellic also uncovered a vulnerability in an early version of the actual Gains protocol that allowed traders to gain a 900% profit on sell orders.

Zellic has informed several teams managing Gains Network branches, including Gambit Trade, Holdstation Exchange, and Krav Trade, about these vulnerabilities. All these teams have ensured their protocols are no longer susceptible to these exploits. Nevertheless, Zellic warns that other branches may still be at risk of similar losses.