On Feb 6, 2023 we discovered the critical security vulnerability in the dHEDGE protocol allowing a malicious trader or manager to almost fully drain the pool containing the clients’ funds, and submitted it to the dHEDGE via the Immunefi bug bounty platform. The team decided to close our submission as “won’t fix“, the protocol is still vulnerable. Here we’re sharing the details.OverviewdHEDGE is, as stated in their docs,an asset management protocol that facilitates a censorship-resistant and n...

On Feb 6, 2023 we discovered the critical security vulnerability in the dHEDGE protocol allowing a malicious trader or manager to almost fully drain the pool containing the clients’ funds, and submitted it to the dHEDGE via the Immunefi bug bounty platform. The team decided to close our submission as “won’t fix“, the protocol is still vulnerable. Here we’re sharing the details.OverviewdHEDGE is, as stated in their docs,an asset management protocol that facilitates a censorship-resistant and n...