Decentralized lending protocol Compound has pristabdytas the supply of four tokens as lending collateral on its platform, aiming to protect users against potential attacks involving price manipulation, similar to the recent $117 million exploit of Mango Markets, according to a proposal on Compound’s governance forum that was recently passed.
Su pauze vartotojai negalės įnešti Yearn.finance YFI (YFI), 0x's ZRX, pagrindinis dėmesio ženklas (BAT) ir kūrėjo MKR (MKR) kaip užstatas paskoloms imti.
The proposal passed on Oct. 25 with 99% of all voters in favor. It stated:
„Ataka, pagrįsta manipuliavimu orakulais, panaši į tą, kuri kainavo Mango Markets 117 mln. USD, yra daug mažesnė tikimybė, kad junginys įvyks dėl įkeisto turto, kurio likvidumas yra daug didesnis nei MNVO ir junginių, kuriems reikia per daug užstato paskolas. Tačiau dėl didelio atsargumo siūlome sustabdyti pirmiau nurodyto turto tiekimą, atsižvelgiant į jų santykinį likvidumo profilį.
In a security review of Compound v2 performed in September, the Volt Protocol team nustatyta potential market manipulation risks related to low-liquidity tokens. The report explained:
“The attack is possible when the amount of a token borrowable on markets like Aave and Compound is large compared to the liquid market. The most notable example is ZRX, which has borrowable liquidity on each of these markets comparable to or greater than the usual daily volume across all centralized and decentralized exchanges.”
On Twitter, Robert Leshner, founder of Compound, explained that the conservative approach wouldn’t impact existing users.
Po @mangomarkets išnaudoti, @gauntletnetwork has proposed disabling new supply for the most thinly traded collateral.
This conservative approach won’t impact existing users, and encourages the migration of usage to Compound III (which is resistant to the attack vector). https://t.co/yMQDgRXru7
- Robertas Leshneris (@rleshner) Spalis 21, 2022
On Oct. 11, Avraham Eisenberg, the hacker behind the „Mango Markets“ išnaudojimas, manipulated the value of a posted collateral — the platforms’ native token, MNGO — to higher prices, then took out significant loans against the inflated collateral, which drained Mango’s treasury.
The exploiter, self-described as a digital art dealer on Twitter, claimed that he and a team of hackers undertook a “highly profitable trading strategy” and that it was “legal open market actions, using the protocol as designed.”
After a proposal in the Mango’s governance forum was approved, Eisenberg was leista pasilikti 47 mln as a “bug bounty” while $67 million was sent back to the treasury.
Source: https://cointelegraph.com/news/after-mango-market-exploit-compound-pauses-four-tokens-to-protect-against-price-manipulation