Connect with us

News

The Crypto Justice League Exists

Published

on

Crypto Avengers Cover
Share this post

The Cover Protocol is a decentralized coverage market that offers peer-to-peer coverage on various DeFi protocols since November.

They are running a shield mining program that incentivized users to provide liquidity to the coverage market where users can earn $COVER tokens, the governance token of the platform.

Infinite Minting Bug

On 28 December 2020, Cover protocol’s shield mining contract was abused. Exploiters were able to mint more than  40 quadrillions of $COVER tokens by taking advantage of an infinite minting bug in the contract.

The price of the token dropped 77% within an hour of the exploit, according to a report from CoinMarketCap.

A preliminary post-mortem conducted by Peckshield, a leading blockchain security company, suggested that the contract miscalculated the reward amount for users who staked their LP tokens. Sorawit Suriyakarn, the CTO of Band Protocol, believed this was likely due to the misuse of memory and storage in the Solidity source code that amplified the amount minted.

This miscalculation could be triggered by staking and subsequently withdrawing their LP tokens. This incident was very different from other DeFi hacks that involved price oracle manipulation and flashloan attack.

The Justice League in DeFi

A white-hat exploiter was able to leverage the loophole and drain 4,350 Ether from liquidity pools on Uniswap and Sushiswap, then subsequently return the gain to the team. This act prevented other malicious actors from extracting further profits from those pools.

The incident happened at a time where most team members were asleep, according to  DeFi Ted, one of the team members. Fortunately, Leo Cheng from Yearn reached out and immediately set up a “war room” to counter any further exploits.

Shortly after the team was notified, they swiftly disabled the token minting functionality such that there would be no further exploits. They also issued an official statement advising liquidity providers to remove liquidity and users not to buy $COVER tokens from the open market to alleviate further losses.

Binance also suspended $COVER trading and deposits at 12:40 pm UTC, and is currently working with the team closely to find a solution that compensates the affected exchange users. On the other hand, all available developers from the Yearn ecosystem have come together and actively assist the Cover team in conducting a thorough investigation.

According to a closed source, they include well-known Solidity developers such as  Emiliano Bonassi Banteg Vasa Leo Cheng andy8052 , @fameal , 0xMaki, etc., as well as every member of the Cover team. Together with  CZ’s full support , They formed a CeFi and DeFi  Justice League to conduct an investigation and come up with a mitigation plan.

They also receive wide support from big players across the DeFi space, including Sushiswap developer 0xMaki.

The Next Step

The Crypto Justice League exists

The overall loss in this incident was relatively limited compared to other DeFi exploits. The Cover protocol remains largely unaffected, with only the governance token being compromised. Coverage seekers can still purchase coverage tokens on the open market. Version 2 of the protocol is on track to be launched in Q1 2021.

They are currently exploring ways to restore the governance component of the protocol. They would be providing a new token through a  snapshot right before the exploit to compensate token holders and liquidity providers who were affected by the exploit. Ether secured by the white-hat exploiter would also be returned to liquidity providers.

This zero-day exploit demonstrates how the DeFi community can come together in no time and collaborate to help contain a crisis and make DeFi a better place. Thanks to the help of other developers, the team can move swiftly to compensate the affected users.

cryptotelegram-telegram-banner
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending