Congratulations to Alexander Schlindwein.
He’s the chap who discovered what has been described as a “critical bug” that reportedly could have “drained the entirety of underwriting funds” for ArmorFi, a “smart insurance aggregator for decentralized finance (DeFi)”.
(I just write these words, don’t expect me to understand what ArmorFi actually does.)
Schlindwein – who aside from being a vulnerability researcher is also the CTO of Ideal Markets – found a serious bug in AmorFi’s smart contract code, as bug bounty platform ImmuneFi explained:
Had the bug been left unchecked, a malicious actor, with just a single dollar of coverage, could have drained all funds from ArmorFi’s underwriting contract. With Immunefi’s bounty system, that bug was eliminated.
More specifically, in the event where a party needed to draw on its insurance policy after suffering some negative event covered by that policy, this exploit would have let the party withdraw 10^18 times the amount of coverage that they purchased.
Ouch!
What does Schlindwein win for his discovery and responsible disclosure of the bug?
Armor cryptocurrency. Specifically a stash currently worth an alleged $1.5 million US dollars.
Oh, and AmorFi’s CTO has offered to get a tattoo chosen by the bug hunter as well.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
