Bug Bounty: Humble Swap | Kevin Wellenzohn

This is an excerpt of a blog post that I co-authored with a number of colleagues from Blockshake when we discovered a vulnerability in an automated exchange.

The Defly wallet app grew out of a fascination with automated market makers (AMM). Most of the current decentralized exchanges (DEXs) are based on this idea. They are extremely elegant in how they can replace centralized order book exchanges with a relatively simple smart contract and a liquidity pool.

In late March we started integrating the HumbleSwap AMM into Defly. We were very excited about this new DEX and pushed hard to have full support in our app. After all, providing a great user experience is one big factor holding DEXs back. This is when we noticed some curious behavior and, upon further investigation, a vulnerability. Now that HumbleSwap was taken offline and all funds were secured, we believe it’s time to shed some light on what has happened.

Continue in our blog post to learn more.