BitSwap Incident Report for 6/11/21
Published June 15, 2021
On June 11, the BitSwap Exchange went live for the BitSwap Discord community after a month of continuous development. As hundreds of users joined the platform and began trading, we learned of a bug of the platform that potentially affected user balances. The incident was not a result of a security vulnerability on the platform. The BitSwap team took action immediately and moved the site offline to assess the issue. The Issue The BitSwap deposit system handles BitClout functions by using BitClout APIs to verify a user’s balance and transfer funds. The function on our backend that would process the amount submitted by a user would behave strangely when handling very large numbers, which might give the wrong amounts to users’ balances. Actions Taken To remedy the situation, the team manually reviewed all the transactions in the database and reverted orders for the incorrectly-credited BitClout. ETH has been refunded to the BitSwap balances of all affected users. The engineering team immediately began working on resolving the issue, and continues to investigate and test the application to make sure that it is functioning properly; we are also working to remediate any users who were adversely affected. Going Forward BitSwap takes the integrity of the platform very seriously, and will be working to ensure that the platform is secure. To uphold high standards on security, compliance, and user experience, the platform will be tested by a small sample of users and we’ve improved our internal auditing tools to identify issues sooner and address them with less downtime. While the platform is not yet accessible publicly, BitSwap support will help users manually withdraw their funds if needed. BitSwap support can be contacted through the BitSwap community Discord server, emailing [firstname.lastname@example.org], or by submitting the form on [https://bitswap.network/]. If you have already requested a withdrawal of your funds from the platform, there is no need to do so again. The BitSwap team will diligently begin processing these transactions if those transactions can be verified.