Postmortem Incident 6
Date: 2023-05-22
Authors: florin, markus, ale
Status: Incomplete, action items in progress
Summary: The Youves team wanted to launch the uBTC with tzBTC as collateral engine and 0% minting fee. Following the launching plan of our team, the engine was deployed and wired to the Youves environment to enable testing on it before releasing the engine to the wider public. Due to the way the engine is implemented, the compiled Michelson code from SmartPy contained a bug that allows the user to mint more tokens that they are entitled to, up to a factor of 10^8 (the decimals of the tzBTC token). Due to the fact that testing requires an engine to be wired to Youves environment, the issue could have had a greater impact on the Youves platform as anyone could have used any means of interacting with the smart contract other than the youves frontend and exploit this bug.
Impact: A user could have minted a lot of uBTC token which could have lead to a depreciation of the uBTC token, but because it was not released to the public, there was no impact on the uBTC token.
Detection:
Youves team (markus) observed during testing the posibility of minting a lot more uBTC than he was entitled to and notified other members of the issue.
The issue was investigated and the source of the error was detected in the Michelson code of the engine.
Root causes: The root cause of the bug was due to token decimals values being set during compilation time. The previous engine deployed was uBTC with SIRS collateral and 0% minting fee, but the SIRS token has 0 decimals compared to tzBTCs 8 decimals. The compiled contract code from the uBTC engine with SIRS collateral 0% minting fee was used to deploy the uBTC with tzBTC collateral 0% minting fee. The token decimals difference lead to the issue where a user could mint 10^8 times more tokens than they would be entitled to. Of course the impact of this would have been large for all uBTC pools, swaps, farms etc., but due to our testing due-dilligence it was not release to the wider public.
Trigger: An issue with the compilation step of the SmartPy code to Michelson lead to allowing the deployment of such engine.
Resolution: The issue was investigated by our team and in a short matter of time was found. Our team also confirmed that other engines are not affected by this and a simple removal of the engine from the platform was enough to fix the issue. A new uBTC with tzBTC collateral and 0% minting fee will be deployed, wired and tested before releasing it to the wider public.
Action Items:
| Action Item | Type | Owner | State |
|---|---|---|---|
| Identify reason for failure | mitigate | ale | DONE |
| Request removal of the engine from the Youves environment | mitigate | multisig signers | DONE |
| Fix issue of the SmartPy compilation to Michelson | mitigate | florin | DONE |
| Deployment, wiring and testing of a new engine | mitigate | florin | TO DO |
| New engine release | mitigate | florin | TO DO |
Timeline: (all times UTC)
- 2023-05-08 10:30 - Issue was found by markus and reported to the Youves team
- 2023-05-08 11:30 - Investigated and found the source of the bug and confirmed this is not affecting other engines.
- 2023-05-08 12:15 - Requested multisig signers to approve the operation of removing the engine from the Youves platform.
- 2023-05-08 13:32 - The faulty engine was removed from the Youves environment.
Lessons Learned#
What went well#
The issue was caught during testing period.
What went wrong#
- The compilation step from SmartPy to Michelson code was not done properly for the uBTC with tzBTC collateral and 0% minting fee engine.
- The SmartPy meta-programming issue with the compiled Michelson code was not caught before deployment.
- There are no enforcing checks before deployment to verify the meta-programming values are set correctly.
Where we got lucky#
- The issue was detected during the testing period and the engine was not released to the wider public.
Conclusion#
- Update compilation step for all Youves contracts (from SmartPy to Michelson).
- More attention should be given to the Michelson code before deployment.
- A better way of testing needs to be developed for Youves engines (possibility of testing before wiring the engine or allowing testing with small amounts)