As hacks and exploits continue to go rampant within the crypto industry, the importance of finding vulnerabilities to prevent potential losses becomes of utmost importance. However, a Web3 developer highlighted that it’s not rewarding to do so.
In a tweet, a Web3 developer claimed that he found a vulnerability in a Solana smart contract that would have affected several projects and around $30 million in funds. According to the dev, he reported and helped patch the vulnerabilities. However, when it was time to ask for a reward, the projects just started to ignore him.
The developer noted that this sends a wrong message because it shows that projects would rather get hacked than have critical bugs reported to them. He wrote:
Community members also echoed the sentiment of the developer. Smit Khakhkhar, a fellow developer, responded by claiming that he also made the same mistake multiple times. “This is one major reason why hackers exploit first and then negotiate,” he wrote. On the other hand, a Twitter user thinks that it's also possible for developers within the projects to secretly want to exploit the code for themselves. They tweeted:
Yep, the incentives to hack it yourself is way higher than the incentive to report. Also..perhaps these devs secretly wanted to exploit it themselves. Don't rule that out. I'm sure the people that a most likely to spot exploits are the code writers.
Because of these, some predict that the next cycle in crypto will be a break-and-fix cycle. According to the community member, traders could potentially pay blackhats to exploit critical vulnerabilities while shorting projects.
Related: Trader allegedly saw over 5,000x gains after Ankr protocol hack
Meanwhile, many industry executives believe that
Read more on cointelegraph.com