In this article I would like to focus on:
-Mirror Protocol (Terra)
-Maiar Exchange (Egld)
-Osmosis (Cosmos)
-Optimism (Ethereum Layer 2)
MIRROR PROTOCOL: DECEIVED ORACLES (MAY 30, 2022)
This platform is famous on Terra because it is possible to trade crypto and stocks. Its other characteristic are the strategies: long, short and delta neutral.
Long is a normal farming with APR in Mir token, short allows you to earn on the falls of an stocks/crypto and delta neutral cancels the volatility of the market. How does the delta neutral strategy work? I buy a stock in the spot market. Then I take the same amount of tokens and put them in the "short" pool. If the token goes up I earn the % increase, if it goes down I earn with the short APR of the pool (Mirror token).
About 1 week ago a large part of the liquidity was drained, due to an exploit, where the oracle's price feed was tricked. The oracle periodically keeps updated prices on collateral and sends them to Mirror Protocol to handle liquidations.
The oracle took as the price feed not that of the old Luna (Lunc) but that of the new one (Luna 2.0) which has a price about 1000 times higher. The attackers bought Lunc spot by paying thousandths of a dollar, they used them as collateral to borrow mAsets (synthetic tokens linked to an underlying that can be a share or a cryptocurrency) with a value 1000 times higher than it was been blocked and then dumped them. For every 1000 Lunc, the attacker has blocked about 1.3 million dollars as collateral. This was possible because the Oracle believed that Luna 2.0 (and not Lunc) had been collateralized.
03d1cdc31a9289a5d1224013cda4a7f340af4062dce881ad6a60a9dafc5ceaa7.pngOnly cryptocurrencies (mBtc, mEth, mDot and mGlxy) were borrowed because Mirror does not allow the creation of synthetics while the stock exchange is closing. Instead, the mAsets that track the price of cryptocurrencies as the markets are open 24/7 have been minted and drained. The loss was approximately $ 2 million. FatMan, a Lunc validator, warned that the Mirror protocol was on the verge of collapse, as they also asked users to withdraw all their funds from the protocol.
Meanwhile, Chainlink Community Ambassador (Link) "ChainlinkGod" explained in a Twitter post that the problem occurred due to Terra Classic validators running an outdated version of Oracle software.
MAIAR EXCHANGE: ANOTHER BUG FOR EGLD (JUNE 6, 2022)
Those who follow Egld know that the main dex is Maiar. This dex already had some problems in December 2021 so the chain had been halted. This had brought the prices of the dex and Egld token down in a swooping way.
On June 6, another bug on Maiar brought the price of Egld from $ 75 to around $ 5. More than 1 million and 600 thousand Egld were generated, then dumped on the dex (Egld/Usdc) thanks to a smart contract. The price is dumped by 92% in about 38 minutes. The gain is derived from arbitrage transactions. Later the devs blocked the dex, taking it offline.
f002ccc30505188f3eedd1923356a295a670dcf1437d0221fffde455cf6fb29c.png
In fact, one of the biggest problems of Egld is centralization and we have also seen this in the past always on the Maiar Exchange. Much of the infrastructure is "internal" both as regards the dapps and the Maiar wallet.
Egld, rebranded with this name after the supply change (previously known as Elrond), is one of the most scalable chains thanks to the Secure Proof Of Stake and sharding (fragmentation of the chains into "shards" that speed up validation of blocks and transactions ).
Secure Proof Of Stake sees random validators validating blocks on their shard. The validators are mixed every 24 hours on the various shards, for security reasons.
The chain uses the "Adaptive State Sharding" with a variable number of shards (the shards increase with increasing use of the network) and the metachain (central coordination chain). The variable shards optimize the network, once the transaction is validated on the shard it is sent on the metachain. The latency of the communication protocol between the shards is zero so the Arwen VM smart contracts are instant. The Egld token has an initial supply of 20 million and can reach a maximum hard cap of 31.5 million (in reality the supply max will be lower because with the use of the network the transaction fees are subtracted from the supply issue and distributed to stakers).
OPTIMISM: WINTERMUTE WRONGS RECEIVING ADDRESS (JUNE 8, 2022)
Those who interacted with the Optimism bridge received the OP token airdrop. You had to bring liquidity from ETH to Optimism (layer 2) and then interact with their dapps.
ca00a99501d0dc732358897d03557d511ea5111e816c8915a7a2cdc7cd5f58e1.png
The Optimism Foundation had chosen as the Market Maker the company Wintermute which was to manage part of the liquidity of the OP token. Wintermute was to receive 20 million OPs in exchange for 50 million USDC (collateral) on a smart contract address (smart contract address, NOT wallet address). The company, believing that the address of the smart contract of OP was the same as that of ETH, provided the address of ETH (actually OP and ETH are both EVM but the addresses of the smart contracts are different). Wintermute understood the mistake and tried to recover the funds but suffered a "front run" attack (bot?). 1 million OPs were dumped for ETH and then cleaned up on Tornado Cash. The attackers have 19 million OPs left (however there is little liquidity on the chain to trade them). The company promised to buy back the tokens (OP made -16% in one day).
Here you can learn more about what happened with more technical details: Optimism Attack (Twitter Thread)
e11c42c4f47e3b96afa57b6ad65fec3103cff452c6c73ff905f6b069ec048af9.jpg
OSMOSIS: POOLS DRAINED FOR 5 MILLION DOLLARS (JUNE 8, 2022)
Osmosis is a layer1 built on Cosmos. On June 8 the dex suffered from a serious bug where some pools were drained for an equivalent value of about 5 million dollars. The vulnerability was later spread on Reddit.
The bug allowed to insert the liquidity, remove it and have a profit of 50%!
c80d564dedab4e378701df1d41516c024ad3f984571db3af165c53ed3955c6d8.png
Why did the user write it on Reddit? The chain was halted immediately. A validator (Firestaker) also exploited the bug and then reported a joking tweet. Will they return the stolen crypto? It seems so.
420722b9e7ce0f1a7d953e26d205fc032c2023d10b91a9f23d0722cc04e75e99.png
Osmosis seems to have solved the problem but the chain will remain stationary for a few more days. The stolen funds will be taken from the team allocation and refunded to the users.