馃敡 Bridge Security Bug Caught During Deployment Testing
馃敡 Bridge Security Bug Caught During Deployment Testing
馃悰 Bug Almost Drained Bridge
A developer discovered a critical security vulnerability in a cross-chain bridge during deployment testing. The bug involved decimal correction code that could have allowed fund theft through incorrect decimal inputs.
The Issue:
- Token registry was one-directional (destinations mapped only to source)
- Decimal correction between chains (e.g., 6 decimals vs 18 decimals) used user-provided counts
- Could enable fund theft by entering wrong decimals
While rate limiting would have reduced impact, the developer notes it "would have been a serious security incident involving loss of bridge funds." The fix鈥攊mplementing bidirectional mapping鈥攈as been completed.
Additional mainnet testing revealed more issues:
- Improper cw20 token validation
- Missing decimal bounds checks
- Lack of enumeration for auditability
- Silent fallbacks that should error
The developer emphasizes why thorough testing cycles matter: "often its only once things go onto the full mainnet setup that certain issues become apparent."
On a lighter note: dark & light mode color schemes are now working and live on devnet.
During deplyment, I found a bug - originally, our token registry was one directional, meaning destinations mapped only to source. However, we also do decimal correction between chains (for instance some coins might be 6 decimals on one chain and 18 decimals on a different chain).
All issues found during QA on devnet are resolved! I am preparing to deploy to mainnet with non-economic test tokens for a few days of live trials. - CF @terralunamoney @BNBCHAIN
馃敀 LUNC Universe Launches Bug Bounty Program for CL8Y Bridge Security
LUNC Universe and ALPHA token have announced a bug bounty program to support security testing of the CL8Y bridge. **Key Details:** - Program targets the CL8Y bridge infrastructure - Rewards offered to community members who identify vulnerabilities - Initiative emphasizes security, collaboration, and community participation - May expand to other CL8Y dapp releases based on program success The team acknowledges rewards are modest but represent appreciation for testing efforts. This follows industry trends of projects implementing bug bounty programs to strengthen security through community involvement. [Program Announcement](https://x.com/Lunc_Universe/status/2025853496457626044)
馃 TidalDex Broker Bot Launches Conversational Trading
**TidalDex has launched conversational swaps** on their Telegram broker bot, allowing users to execute trades through natural language commands. **Key Features:** - Use `/llm_app` command to start chatting with the trading bot - Execute swaps through conversational interface - Currently has limited functionality but operational **What's Coming:** - Support for preregistration USTC app on BSC - Enhanced trading capabilities The bot represents a step toward **more intuitive DeFi interactions**, removing technical barriers for users who prefer conversational interfaces over traditional trading UIs. *Try the bot on Telegram to experience AI-powered trading firsthand.*
USTR Preregistration Dapp Adds Mobile Wallet Support for BSC and TerraClassic
The **USTR Preregistration dapp** now supports mobile wallets for both BSC and TerraClassic networks. **Supported TerraClassic wallets:** - Keplr Mobile - LuncDash Mobile - TerraStation Mobile - Galaxy Station Mobile - Leap Mobile - Cosmostation Mobile *Note: TrustWallet support is not currently available.* All wallets use **WalletConnect** for connectivity. For enhanced privacy, developers recommend using the in-app browser or desktop browser when possible. This update addresses previously logged wallet requests and expands accessibility for mobile users across both supported blockchain networks.
馃敀 CL8Y Guardian Protocol Upgrades AccessManager for Better Security Auditing
**CL8Y's Guardian Protocol** has upgraded its AccessManager to **AccessManagerEnumerable** for improved security auditing. **Key Changes:** - Additional blockchain storage of account roles and target permissions - Enhanced reliability over event-based data access - Minimal gas cost increase (pennies) for significantly better auditability **Recent Security Improvements:** - **60 roles revoked** from inactive contracts and old admin wallets - Annual key rotation completed - Legacy permissions system audit finished **What's Next:** - Two remaining security tasks before resuming CL8Y bridge development - Potential dashboard upgrade for auditing newer AccessManager systems - Initial CMM version may cause brief development pause The upgrade prioritizes **security and auditability** over gas optimization, reflecting best practices for protocol management.
TidalDex Migration Update: Higher Volume, Lower Fees, and USTC Bridge Integration
TidalDex reports significant progress post-migration with **increased volume and burns**. Key updates: - 99% liquidity migration completed - $100k liquidity milestone reached - Potential CZB burn rate reduction from 0.49% to 0.19% under analysis - Integration with Wormhole for USTC bridging between BSC and TerraClassic The platform's 0% fees are attracting bot activity, while growing liquidity is improving slippage rates. The proposed burn rate reduction aims to incentivize bot traders to use TidalDex for BNB and USDT trades. Visit [TidalDex.com](http://TidalDex.com) to explore the new features.