Statemind Reveals 2-year-old Exploit in Keep3r Network And 6 Other Protocols


DUBAI, UAE: Statemind, a leading blockchain security auditing firm, has announced that it has discovered a two-year-old exploit in the popular DeFi protocol Keep3r Network and related protocols. This development is significant as it continues the emergence of Statemind as a major player in the smart contract auditing sector.

Major Exploit Discovered In Keep3r Smart Contract

Keep3r is one of the projects from Andre Cronje, the brain behind the legendary DeFi project Yearn.Finance. According to the report, Statemind’s team of expert auditors found the exploit in the GuageProxyV2 contract on Keep3r Network. GuageProxyV2 contract is a unique smart contract that distributes reward tokens on the Keep3r network, and auditors found a vulnerability that could allow an attacker to boost voting weights for rewards.

This was due to an imbalance in the `_vote()` function that enabled the passing of the same tokens in the `_tokenVote` array. So, in theory, an attacker could increase the voting weight of a particular token with a relatively small balance of the tokens, thereby manipulating the balancing system within Keep3r network.

Exploit Further Discovered In Six Other Blockchain Projects

Interestingly, the exploit had been active for the past two years, but no funds had been lost. Following this discovery, Statemind submitted a report to Keep3r network, which is expected to make the necessary changes to eliminate the exploit.

Also, the smart auditing platform immediately scanned for projects with similar exploits using a smart contract sanctuary of verified contracts. This action led to the discovery of several blockchain projects with similar vulnerabilities within their smart contracts, and Statemind contacted them with their report.

In total, the exploit vulnerabilities affected six blockchain projects and five chains. These include Pickle Finance, Milky Swap, Venera Swap, Keep3r Network, and Snowball Finance.

About Statemind

Statemind is a smart auditing platform that has made significant strides in recent weeks. Its biggest move prevented what could have been the third-largest hack in DeFi history when it discovered some vulnerability on the Avalanche blockchain.

Statemind has more than 100,000 LoC worth of Solidity and Vyper experience. Combined, the auditing firm has secured over $10 billion in TVL and counts LIDO, 1INCH and Yearn.Finance as some of its clients.