Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Learn More →
UPDATE: funds have been returned to the Silo team, and we cleared up any misunderstandings due to ImmuneFi's system. Appreciate the Silo team's understanding and cooperation. Let's make Arbitrum safer, together
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Learn More →
The RAMSES team is security focused and has an extensive background in information security. When there is an opportunity to safeguard user funds/rewards from potential malicious actors, we will take the necessary steps to resolve it. In this case, our team did not get a response rapidly, thus we had to move swiftly on our own.
White-Hat Operation: Drain ALL $SILO Rewards
On July 21th, 2023 at around 00:30 UTC, RAMSES had identified a vulnerability in Silo's code which allowed any bad actor to drain ALL $SILO funds within the incentives contract (~$45,000 at time of writing). Upon this discovery, our team worked on creating an accurate Proof of Concept (POC) to report in the Silo ImmuneFi bug bounty.
After we had completed the POC and verified that draining the entire balance was possible (See screenshots of tests below) we submitted our bug report to ImmuneFi.
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Learn More →
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Learn More →
Our bug report was closed promptly, being deemed "out of scope.".
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Learn More →
We made multiple efforts of replying trying to get the ticket re-opened, to no avail. (update: seems to be ImmuneFi's doing, not Silo's)
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
Learn More →
Due to the nature of the situation, we took it upon ourselves to perform a white-hat operation; draining the $SILO incentives and sending it to the RAMSES Treasury for safekeeping.
What's Next?
We are kindly asking Silo team members to reach out to us to discuss next steps to move forward. RAMSES is committed to help Silo solve this exploit, and how to prevent future issues from arising.
UPDATE: