uDEFI Savings Pool Postmortem (Incident #4)
Date: 2022-08-08
Authors: werner
Status: Incomplete, action items in progress
Summary:
- In uDEFI bailouts tez collateral was expected by the engine.
- The bailouts repeatedly led to an essential number (the discount factor) being zero and consequently led to a division-by-zero error when trying to add uDEFI to the savings pool.
Impact: No funds were directly at risk at any time during the incident.
- There was a failure to allocate uUSD tokens to savers in the pool after each bailout in the uDEFI savings pool.
- The bailouts repeatedly led to an essential number (the discount factor) being zero and consequently led to a division-by-zero error when trying to add uDEFI to the savings pool.
Root Causes:
- The savings pool was meant to receive tez collateral.
- The trading above target price of uDEFI led to very large bailouts, which eventually led to numerical precision issues in the discount factor, which is essential for the working of the savings pool.
Trigger:
- Any time someone used the bailout in uDEFI with uUSD collateral.
- Repeated bailouts of >90% of the savings pool.
Resolution:
- Run an analysis to identify the correct allocation of uUSD to savers in the uDEFI savings pool.
- The new v3 engine which will be rolled out no longer supports bailouts. uDEFI will likely be subject to a sundown procedure. The savings pools of uUSD and uBTC were not affected.
Detection: An user mentioned in discord, that they could not deposit uDEFI to the savings pool.
Action Items:
Action Item | Type | Owner | State |
---|---|---|---|
Identify reason for failure | mitigate | florin | DONE |
Deactivate deposit and withdraw in the uDEFI savings pool. | mitigate | andy | DONE |
Run an analysis to identify the correct allocation of uUSD to savers in the uDEFI savings pool. | mitigate | florin | OPEN |
Identify an adequate procedure to close out uDEFI balances for minters and holders. | mitigate | werner | OPEN |
Migrate to the v3 engines to avoid bailouts and any potential numerical issues with the discount factor. | mitigate | florin | DONE |
#
Lessons Learned#
What went well- No funds were at risk at any time
#
What went wrong- Last minute change of the expected collateral for the savings pool was not spotted.
- Very large bailouts compared to the savings pool were not expected.
#
Where we got lucky- The volumes of uDEFI are relatively small, so the impact was limited.
#
Conclusion- Avoid last minute changes to smart contracts.
- Also thoroughly test those edge cases which do not present economic attack vectors.
#
Timeline(all times UTC)
- 2022-06-17 12:07 A user reports issues with the uDEFI savings pool
- 2022-06-20 11:00 Initial analyses of the problem.
- 2022-07-25 15:58 Deactivation of uDEFI savings pool in frontend.
- 2022-08-10 12:00 Amendment proposal 008 with workout procedure for uDEFI savings pool and sundown procedure for uDEFI started.
#
Further InformationMore details can be found in the blog post.