Sophisticated Trading Bot Exploits Synthetix Oracle, Funds Recovered

gepubliceerd op by Cointele | gepubliceerd op

When Ethereum-based synthetic asset issuance platform Synthetix, which allows users to mint and trade synthetic currencies in a peer-to-peer fashion, lost track of more than 37 million synthetic Ether on June 24, the company stopped all trading on its platform.

While users only lost trading access for 24 hours, the event led to trades with 1,000x profits equalling $1 billion in less than an hour.

Synthetix crypto-backed synthetic asset tokens are priced against the euro, Japanese yen, Korean won, Australian dollar and gold.

Since Synthetix users trade assets that are representations of their underlying assets and track the prices of those assets, if a user trades sUSD into sBTC at $10,000 per BTC and the price goes up to $12,000 per BTC, they can trade that back into $12,000 of sUSD, making a profit of $2,000 sUSD. The idea of synthetic digital currencies is not exclusive to Synthetix.

One bot owner's balance was inflated due to an incorrect sKRW price feed, which he then converted into an inflated amount of sETH. According to Kain Warwick, the founder of the platform, all the sETH were recovered, and the situation has since been resolved.

The company contacted the owner of the arbitrage bot that unintentionally hacked the oracle and agreed on a bounty deal with him in order to return the funds.

The bot owner's balance was inflated due to an incorrect sKRW price feed, which he then converted into an inflated amount of sETH, a synthetic asset that tracks the price of Ether by plugging into an oracle-backed price feed.

Synthetix's private price oracle misreported the price of KRW. The oracle had taken an average of just two remaining prices due to an earlier unrelated outage.

"Two API's had different independent outages simultaneously, and our error handling and aggregation logic failed to handle this. The pricing error was intermittently setting the rate for KRW to 1000x more than it actually was. And this happened multiple times within a one hour window. Each price error increased the bot's trading profit by 1000x, so after three cycles the bot had made over $1b.".

"Because there are no counterparties traders can make very large trades with low slippage, which means the system can handle large trading volume, potentially billions of dollars per day given the current throughput of Ethereum. But the profit potential is constrained by the SNX collateral in the system so profits are also effectively capped to the current total value of SNX.".

x