After Mango Markets exploit, Compound pauses 4 tokens to protect against price manipulation

XRP

Decentralized lending protocol Compound has paused the supply of four tokens as lending collateral on its platform, aiming to protect users against potential attacks involving price manipulation, similar to the recent $117 million exploit of Mango Markets, according to a proposal on Compound’s governance forum that was recently passed.

With the pause, users will not be able to deposit Yearn.finance’s YFI (YFI), 0x’s ZRX, Basic Attention Token (BAT) and Maker’s MKR (MKR) as collateral to take loans.

The proposal passed on Oct. 25 with 99% of all voters in favor. It stated:

“An oracle manipulation-based attack analogous to the one that cost Mango Markets $117m is much less likely to occur on Compound due to collateral assets having much deeper liquidity than MNGO and Compound requiring loans to be over-collateralized. However, out of an abundance of caution, we propose pausing supply for the above assets, given their relative liquidity profiles.”

In a security review of Compound v2 performed in September, the Volt Protocol team identified potential market manipulation risks related to low-liquidity tokens. The report explained: 

“The attack is possible when the amount of a token borrowable on markets like Aave and Compound is large compared to the liquid market. The most notable example is ZRX, which has borrowable liquidity on each of these markets comparable to or greater than the usual daily volume across all centralized and decentralized exchanges.”

On Twitter, Robert Leshner, founder of Compound, explained that the conservative approach wouldn’t impact existing users. 

On Oct. 11, Avraham Eisenberg, the hacker behind the Mango Markets exploit, manipulated the value of a posted collateral — the platforms’ native token, MNGO — to higher prices, then took out significant loans against the inflated collateral, which drained Mango’s treasury.

The exploiter, self-described as a digital art dealer on Twitter, claimed that he and a team of hackers undertook a “highly profitable trading strategy” and that it was “legal open market actions, using the protocol as designed.”

After a proposal in the Mango’s governance forum was approved, Eisenberg was allowed to keep $47 million as a “bug bounty” while $67 million was sent back to the treasury.

Products You May Like

Articles You May Like

Ethereum Price Drops 12% As Spot ETFs Witness Significant Net Outflows
Ethereum Adoption Grows As BlackRock ETF Secures 1 Million ETH
XRP Consolidation Could End Once It Clears $2.60 – Top Analyst Expects $4 Soon
Ripple Stablecoin RLUSD Is A ‘Trojan Horse’ For DeFi And Banking, Claims Venture Capitalist
Can Ethereum Break $3,500 Before End Of 2024? Analyst Weighs In

Leave a Reply

Your email address will not be published. Required fields are marked *