ApeRocket was hacked on BSC and on Polygon today. Hacker stole in total ~$1.3M (883 BNB + 521 ETH). What was the reason for the hack? Both were flash-loan enabled attacks, and both had flawed vault minting reward logic.
I won't go into the details of both hacks, WatchPug covered it well.
I want to focus on the subject I already covered some time ago. Developers responsibility.
This type of attack isn't new and is quite "popular" in the past few months. So why are developers not extensively testing their code for new potential vulnerabilities?
In most cases, they don't care as much. They either conducted an audit or are in the middle of one. All they care about is the TVL and if the project makes them money. Sad but true. I'm not saying many projects are like that, but that's how it looks from my perspective.
No matter the size of the project or your TVL, security should be the number one focus. You're dealing with people's money and hearing about many hacks happening left and right nowadays. You should stay vigilant. Add constantly new test cases and test scenarios. Keep up to date with the latest hacks and check if your application is vulnerable to the same exploit. To answer the question from the title: All.The.Time.
Your work doesn't end when you deploy to the mainnet. It only begins.
Thanks for reading, and if you like my writing, you can subscribe to my blog to receive the daily newsletter as I'm currently in the middle of 100 days of blogging challenge. Subscription box below 👇
If the newsletter is not your thing, check out my Twitter @adrianhetman, where I post and share exciting news from the Blockchain world and security.
See you tomorrow!