DeFi exploits and rug pulls are not new. And as the space saw unprecedented growth, it became a hotspot for malicious actors and hackers looking for vulnerabilities in a protocol. In May, Binance Smart Chain [BSC] was observed to be the epicenter of the chaos. This has been a huge headache for market participants in DeFi as clones and unaudited protocols continued to make their way masquerading as legitimate ones.
However, in a first of its kind, decentralized finance protocol [DeFi] rug pull ended up benefitting the uses. As miraculous as it sounds, a bug let off borrowers’ loans prematurely for some time. The contracts for one of decentralized finance protocol, Alchemix’s synthetic assets, alETH, had experienced an “incident” which essentially resulted in users getting free money. In short, the users were allowed to withdraw collateral they shouldn’t have been.
What exactly transpired in this apparent DeFi “rug pull”?
It all started when some users of the platform’s alETH vault realized no outstanding debt even after previously borrowing alETH at a 4:1 collateral ratio. Moreover, the debt ceiling of almost 2K ETH was also freed up which enabled the minting of new alETH again. Soon after the team observed this, the minting of new alETH was halted temporarily. According to the post-mortem report by the DeFi protocol, both Yearn and Alchemix dealt with the issue efficiently.
In addition, it took Alchemix 15 minutes to execute a halt the mint function for alETH.
Detailing on the root cause, Alchemix stated,
“An issue with the deployment script of the alETH vault accidentally created additional vaults, the Alchemist then used the wrong index in the array of vaults which caused the outstanding rewards to be calculated wrong, forcing the transmuter funds to be sent entirely to pay off user debts.”
The loss is restricted to the backing of alETH only. The incident resulted in no user funds being lost because individual users, as well as anyone else currently in the contract, were able to withdraw all of their crypto-assets. The incident also did not have any impact on Yearn whose vaults kept functioning appropriately.
Are existing funds at risk of this happening again? According to the DeFi protocol, existing funds are not at risk of this incident happening again. Alchemix plans to redeploy a new Transmuter that correctly positions a single vault at index 0 to guarantee that this incident does not transpire again. It further revealed that it will install a fresh Alchemix Vault which will steer clear of the “maligned state of the current contract.”