KyberSwap announces potential vulnerability, tells LPs to withdraw ASAP
The developer stated that so far, no funds have been lost.
Kyber Network, developer of the Kyberswap Elastic decentralized crypto exchange, has announced on Apr. 17 that there is a potential vulnerability in the exchange’s contracts. It has advised all liquidity providers to remove their funds as soon as possible.
1/2
Attention KyberSwap Elastic Liquidity Providers:
We have identified a potential vulnerability, and as a precaution we strongly advise all Liquidity Providers to withdraw your funds on Elastic as soon as possible.Investigations are ongoing and no user funds are lost.
— Kyber Network (@KyberNetwork) April 17, 2023
The developer has stated that no funds have been lost. However, it has advised liquidity providers (LPs) to remove their funds as a precaution. Only Kyberswap Elastic funds are at risk. Kyberswap Classic smart contracts do not contain the vulnerability, the team said.
In a separate message, the team stated that farming rewards have been temporarily suspended until a new smart contract can be deployed. All rewards earned prior to 18 April 2023, 11pm (GMT+7) have already been dispersed and are unaffected by this pause.
The developer has stated that it will update the community soon with an explanation as to when funds can be safely deposited back into the protocol.
This is a developing story, and further information will be added as it becomes available.
According to its official docs, KyberSwap Elastic is a decentralized exchange (DEX) that allows LPs to provide “concentrated liquidity.” Instead of requiring them to provide liquidity for any price point, it allows them to decide a price ceiling and price floor for the tokens they deposit into the pool.
Related: Binance identifies KyberSwap hack suspects, involves law enforcement
If the price moves below the floor or above the ceiling, LPs no longer receive fees. However, they receive higher fees if the price stays within the range they have set. This is contrast to the DEXs previous incarnation, KyberSwap Classic, which does not allow for concentrated liquidity.
The user interface for Kyberswap was hacked in September, and an attacker got away with $265,000 worth of crypto as a result of it.