The Osmosis Network, the Cosmos-based DeFi protocol, was halted on June 8 at block #4713064 due to a critical vulnerability in its liquidity pool. This feat happened just two blocks before the halt.
- The attack was first reported by a Reddit user who warned that if a customer deposits funds into the Osmosis pool they will receive an additional 50% when they withdraw. The post has since been removed.
- But users began taking advantage of the vulnerability shortly after stealing funds from Osmosis.
- In one case, a malicious entity provided liquidity of 101,230 OSMO and made a 50% profit after exiting the position a few seconds later with 151,084 OSMO tokens. They managed to repeat this process at least 30 times.
- it was only after validators started Reporting issues on Discord following the v9 Nitrogen upgrade that an emergency halt was put in place to protect the remaining liquidity on the decentralized exchange.
- As a result, Osmosis DEX and its native wallet are currently inactive.
- Without disclosing further details about the exact nature of the vulnerability, the DeFi protocol revealed Identifying bugs and writing patches.
- Devs are currently testing the protocol before recommending validators to restart the network.
“Update: Bug has been identified and a patch has been written. More testing is underway before it is recommended to coordinate a restart of validators. Full bug report for testing chain upgrades in the coming days.” And the action plan will be more thorough and proper end to end test.
- Later, the team behind the protocol more information provided What happened, including admitting that $5 million more was withdrawn and promising to return all lost money.
- Before providing more updates on the matter, the protocol will implement “several changes and upgrades to our safety protocols to ensure the quality and safety of osmosis”.
The bug itself was simple, and involved incorrect calculation of LP shares when adding and removing liquidity from the pool.
It should have been caught. This was painfully overlooked in internal testing that focused on the more advanced functionality related to the upgrade.
— osmosis (@osmosiszone) 8 June 2022
PrimeXBT Special Offer: Use this link to register and enter code POTATO50 to get up to $7,000 on your deposit.