Warp Finance’s hack of $8 million could have been prevented with better oracles, the team says.
Warp Finance, a DeFi lending protocol that suffered an $8 million flash loan exploit shortly after release, is now gearing up for a relaunch that will include an integration with oracles by Chainlink.
The inclusion of Chainlink oracles reportedly serves as protection against similar exploits. Flash loan exploits use a feature that allows borrowing an unlimited amount of funds, as long as it is also returned within the same Ethereum block. According to the team, security experts determined that the root cause of the exploit was an exploitable price oracle.
The issue seems to have been compounded by Warp Finance’s use of liquidity provider tokens for collateral. This feature is one of the main selling points of the protocol, as it allows committing yield-bearing tokens as collateral, combining both the yield from trading fees and from borrowers using the protocol.
According to DeFi whitehat hacker Emiliano Bonassi, the exploit relied on the fact that Warp Finance oracles did not properly calculate the underlying value of the pool tokens. The new protocol will use Chainlink price feeds for all critical functions — notably the value of the LP tokens used for collateral.
Chainlink and its founder, Sergey Nazarov, have often been adamant about the fact that price oracles need to cover as much of the market as possible. Indeed, many flash loan exploits are closer to market manipulation than outright software bugs. Even when no malice is present, incidents such as Compound’s excessive liquidation event in November could have been prevented with more market coverage. Compound relied only on prices from Coinbase and Uniswap, which temporarily posted a highly inflated price for Dai.
When asked by Cointelegraph why Warp Finance did not initially use Chainlink oracles, a spokesperson replied:
“Uniswap oracles have been an option for many projects that seek price feeds for a variety of use cases. As such, we launched similarly to other lending platforms for the trial phase, with the ability to upgrade later.”
The spokesperson further noted that a significant portion of DeFi projects are not using Chainlink, and they believe that the relaunch “gives our users much greater peace of mind about the security of our protocol.”
Warp Finance also drafted a compensation plan for affected users, already having recovered 73% of the stolen funds.
[…]
Learn more
The defunct cryptocurrency exchange Mt. Gox is making waves again, this time with huge Bitcoin…
Lightning Labs, a leading developer in Bitcoin's Lightning Network ecosystem, has launched a groundbreaking protocol…
According to onchain data, a significant whale holding over 92,500 ether moved the funds to…
🛸Inspired by the internet's favorite extraterrestrial, Skinny Bob MemeCoin is revolutionizing the cryptosphere across multiple…
NFTs, or non-fungible tokens, are transforming various industries, including art, music, sports, and real estate.…
Proton Technologies AG, the Swiss company renowned for its encrypted email and VPN services, has…
Leave a Comment