Decentralized lending protocol Compound has zastao the supply of four tokens as lending collateral on its platform, aiming to protect users against potential attacks involving price manipulation, similar to the recent $117 million exploit of Mango Markets, according to a proposal on Compound’s governance forum that was recently passed.
Uz pauzu, korisnici neće moći deponovati YFI Yearn.finance (AND FI), 0x-ov ZRX, osnovni token pažnje (BAT) i proizvođačev MKR (MKR) kao kolateral za uzimanje kredita.
The proposal passed on Oct. 25 with 99% of all voters in favor. It stated:
„Napad zasnovan na manipulaciji proročanstva, analogan onom koji je koštao Mango Markets 117 miliona dolara, mnogo je manje vjerovatno da će se dogoditi na Compound-u zbog kolateralne imovine koja ima mnogo dublju likvidnost od MNVO-a i Compound-a koji zahtijevaju da zajmovi budu prekomjerno osigurani. Međutim, iz obilja opreza, predlažemo pauziranje ponude za gorenavedena sredstva, s obzirom na njihove relativne profile likvidnosti.”
In a security review of Compound v2 performed in September, the Volt Protocol team identifikovane potential market manipulation risks related to low-liquidity tokens. The report explained:
“The attack is possible when the amount of a token borrowable on markets like Aave and Compound is large compared to the liquid market. The most notable example is ZRX, which has borrowable liquidity on each of these markets comparable to or greater than the usual daily volume across all centralized and decentralized exchanges.”
On Twitter, Robert Leshner, founder of Compound, explained that the conservative approach wouldn’t impact existing users.
Nakon @mangomarkets eksploatisati, @gauntletnetwork has proposed disabling new supply for the most thinly traded collateral.
This conservative approach won’t impact existing users, and encourages the migration of usage to Compound III (which is resistant to the attack vector). https://t.co/yMQDgRXru7
- Robert Leshner (@rleshner) Oktobar 21, 2022
On Oct. 11, Avraham Eisenberg, the hacker behind the Mango Markets eksploatacija, manipulated the value of a posted collateral — the platforms’ native token, MNGO — to higher prices, then took out significant loans against the inflated collateral, which drained Mango’s treasury.
The exploiter, self-described as a digital art dealer on Twitter, claimed that he and a team of hackers undertook a “highly profitable trading strategy” and that it was “legal open market actions, using the protocol as designed.”
After a proposal in the Mango’s governance forum was approved, Eisenberg was dozvoljeno da zadrži 47 miliona dolara as a “bug bounty” while $67 million was sent back to the treasury.
Source: https://cointelegraph.com/news/after-mango-market-exploit-compound-pauses-four-tokens-to-protect-against-price-manipulation