On-chain options trading protocol Hegic says that a ‘typo’ in its smart contract code led to the $28000 worth users funds being locked in its smart contract.
On-chain options trading protocol built on the Ethereum Blockchain, Hegic has already encountered its first hurdle, days after it launched on the Ethereum mainnet. Hegic introduced its smart contract on 23rd April, but a bug in its code (at least that is what initial audit suggested) has locked up $28000 worth user funds, most of which were in DAI stablecoin and the rest in Ether. Hegic has however assured to refund the money to all its users.
However, it acknowledged that the lost funds will forever be locked in the smart contracts.
What hasn’t gone down well with users is the fact that Hegic is now reasoning the fund locking to have occurred due to a typo in its smart contract code. A user even took to Twitter alleging that Hegic is underplaying the severity of the bug.
‼️ ALERT A typo has been found in the code. Because of that, liquidity in expired options contracts can’t be unlocked for new options. ‼️ Please EXERCISE ALL OF YOUR ACTIVE OPTIONS CONTRACTS NOW. Everyone will be 100% REFUNDED with the amount of premium that you paid for options.
— Hegic (@HegicOptions) April 25, 2020
A software auditing firm named Trail of Bits claimed that Hegic had ignored bug warnings, along with other important flaws in its code.
In an interview with the blockchain news platform Decrypt, Dan Guido, CEO of Trail of Bits told, “It’s clearly an error, and one that would have been easily caught had they written any unit tests.”
Here is how options trading works. Using this method, traders are able to purchase a contract, and then buy or sell assets pertaining to that contract at a later date for a specific price. However, in this case, the error in Hegic’s smart contract stopped users from accessing their funds locked in the contracts, once they had expired.
Commenting about the issue, Dan Guido, CEO of Trail of Bits stressed the fact that misrepresentation of security audits can be detrimental to the entire DeFi ecosystem. Similar incidents have happened on Ethereum before.
For example, in the 2017 Parity wallet case, an entire library of wallets worth $280 million in the Parity DAO was accidentally removed by an anonymous developer.