Augur (REP) Dapp Discovers Vulnerability, Users Dwindle

The Augur (REP) platform announced the discovery of a vulnerability, based on testing by HackerOne. A bug in the prediction making interface would have allowed a malicious user to present misleading data, leading to losses.

So far, no funds have been lost. The Augur project took its time in releasing the app, and last month launched a $200,000 bounty program. The latest bug was discovered by Viacheslav Sniezhkov, on the HackerOne bug bounty platform.

“A third party site can include a hidden iframe which can override "augur-node" configuration variable of a running augur application. This variable is persisted in localStorage. In the case of browser page reload (user action or browser/OS crash), the normal "augur-node" websockets endpoint will be replaced with the provided by attacker so that all the markets data, addresses and transactions can be masqueraded,” explained Sniezhkov on the HackerOne bug reporting page.

On Friday, Augur wraps up the first month of its dApp and ecosystem. While initial activity for the novelty of the app was high, coinciding with the Football World Cup, later users dwindled. According to DappRadar, Augur only had 39 users in the past 24 hours, down from a peak of 265 users a month ago. The data reveals that usage of distributed apps remains extremely slow, despite the fact that Augur is one of the more famous prediction projects.

Fortunately, the bug only affected the user interface, and no vulnerabilities have been found in the Augur smart contract. The bug has been patched, and the reward of $5,000 went to Sniezhkov.

The Augur app had an emergency kill switch for the first two weeks following the public release, but later, the feature was disabled, deeming the smart contract safe enough.

The REP market price has suffered significantly during the latest market shakedown. REP crashed to $23.20 on Binance, sliding more than 22% net in the past seven days, and extending the crash. On Bithumb, the low liquidity due to locked wallets led to an anomalous price of $93.05, which is discounted from the final REP market position.

Some see REP as a token that is mostly speculative, as the celebrity death prediction market may have put off users:

https://twitter.com/MaxKozminski/status/1027234908287246337

Still, for a short-term trading opportunity, REP may continue to attract buyers at the current low prices, with the hope of repeating previous peak prices.

Neither the author nor the publication assumes any responsibility or liability for any investments, profits, or losses made as a result of this information. Cryptocurrency trading and investing are risky propositions, and market participants are advised to always conduct thorough research.