Alchemix DeFi Protocol Fixes Reverse Rug Pull Vulnerability

Share Article
In Brief
  • Alchemix DeFi protocol could have potentially lost $6.53 million.

  • Development team acted quickly with a fix to prevent a rug pull.

  • ALCX token prices dump 18%.

  • promo

    Gravity Dex Protocol: Bringing DeFi to Cosmos

The Trust Project is an international consortium of news organizations building standards of transparency.

The Alchemix decentralized finance (DeFi) protocol discovered a potential exploit and acted quickly enough with a patch before the funds disappeared.

Sponsored



Sponsored

In an incident report posted on June 16, the DeFi protocol explained how it managed to save as much as $6.5 million being lost to malicious actors.

The team tweeted the alert regarding the vulnerability in its smart contracts but worked together with developers from Yearn Finance to come up with a fix.

Sponsored



Sponsored

“There has been an incident with the Alchemix alETH contracts. Together with the fantastic team at [Yearn Finance], we have identified the error and are both working on a post-mortem and a solution to the problem. Funds are safe.”

Alchemix Finance is a future-yield-backed synthetic asset platform that gives users advances on yield farming via a synthetic token that represents a fungible claim on any underlying collateral on the protocol.       

The reverse DeFi rug pull

In the post mortem, developer “n4n0” stated that some users of the Alchemix alETH vault discovered they had no outstanding debt. This was after they previously borrowed alETH (the protocol’s synthetic ETH token) at a 4:1 collateral ratio.

In addition to this, the debt ceiling of almost 2,000 ETH was freed up to mint new alETH again, he added. For a short period of time users were able to withdraw their ETH collateral with their alETH loans still outstanding. This could have resulted in a community rug pull of around $6.53 million.

The developer explained,

“Individual users could withdraw all of their ETH, and so can anyone else currently in the contract. The loss is limited to the backing of alETH only. Meaning, users were allowed to withdraw collateral they shouldn’t have been.”

Fifteen minutes after Alchemix team started looking into the issue, a pause on the mint function for alETH was executed. Alchemix confirmed that no user funds were lost from either the protocol or Yearn vaults which automatically repay the synthetic loans.

To fix the issue new Alchemix vaults will be deployed to clear out the malignant smart contract. The protocol will also temporarily increase its fees to generate additional revenue towards filling the gap. It will also add some ETH and sell some DAI from the treasury to further collateralize its alETH tokens.

ALCX token price reaction

Although the exploit was nipped in the bud, it did not prevent the protocol’s ALCX token from dumping. According to CoinGecko, ALCX has slumped 18% on the day from just under $600 to $492 at the time of press.

Like many DeFi tokens, it’s down by over 75% from its all-time high of just over $2,000 in March. Around $30 million in TVL has also left the protocol over the past 24 hours dropping it to $580 million.

Disclaimer

All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.
Sponsored
Share Article

Martin has been covering the latest developments on cyber security and infotech for two decades. He has previous trading experience and has been actively covering the blockchain and crypto industry since 2017.

Follow Author

Market signals, studies and analysis! Join our Telegram Today!

Go

Market signals, studies and analysis! Join our Telegram Today!

Go

Market signals, studies and analysis! Join our Telegram Today!

Go