RUNE just recently lost $4.8 million worth of Ethereum (ETH) from its liquidity pools to an attack this past week.
This only effected their ETH pools, however it was due to a simple coding mistake:
The standard way is to use msg.sender instead of tx.origin.
you → contract (you = tx.origin, you = msg.sender)
contract → rune (you = tx.origin, contract = msg.sender)
Calling out the significant risks here imposed by smart contracts (i.e. the Official pooling protocol) that are unaudited by a third-party.
Pretty sure the pool contacts are in the repo if you want to go read/audit them. I’ve been meaning to learn lisp.
Yep, we read them over and seemed fine. Obviously nothing is 100%.
Looked through all the repos on Github and didn’t find anything in the pool-reference.
Please share as I’m happy to take a look. Appreciate the positive attitude!