По експлоатацијата на Mango Markets, Compound паузира 4 токени за да се заштити од манипулации со цените

Decentralized lending protocol Compound has паузираше the supply of four tokens as lending collateral on its platform, aiming to protect users against potential attacks involving price manipulation, similar to the recent $117 million exploit of Mango Markets, according to a proposal on Compound’s governance forum that was recently passed.

Со пауза, корисниците нема да можат да го депонираат YFI на Yearn.finance (ЈФИ), 0x's ZRX, Basic Attention Token (BAT) и Maker's MKR (Ден) како гаранција за земање заеми.

The proposal passed on Oct. 25 with 99% of all voters in favor. It stated:

„Нападот заснован на манипулација со пророци, аналоген на оној што го чинеше Mango Markets 117 милиони долари, е многу помалку веројатно да се случи на Compound поради колатералните средства кои имаат многу подлабока ликвидност од MNGO и Compound кои бараат заемите да бидат прекумерно обезбедувани. Сепак, поради големата претпазливост, предлагаме да се запре понудата за горенаведените средства, со оглед на нивните релативни профили на ликвидност“.

In a security review of Compound v2 performed in September, the Volt Protocol team идентификувани potential market manipulation risks related to low-liquidity tokens. The report explained: 

“The attack is possible when the amount of a token borrowable on markets like Aave and Compound is large compared to the liquid market. The most notable example is ZRX, which has borrowable liquidity on each of these markets comparable to or greater than the usual daily volume across all centralized and decentralized exchanges.”

On Twitter, Robert Leshner, founder of Compound, explained that the conservative approach wouldn’t impact existing users. 

On Oct. 11, Avraham Eisenberg, the hacker behind the Mango Markets експлоатираат, manipulated the value of a posted collateral — the platforms’ native token, MNGO — to higher prices, then took out significant loans against the inflated collateral, which drained Mango’s treasury.

The exploiter, self-described as a digital art dealer on Twitter, claimed that he and a team of hackers undertook a “highly profitable trading strategy” and that it was “legal open market actions, using the protocol as designed.”

After a proposal in the Mango’s governance forum was approved, Eisenberg was дозволено е да задржи 47 милиони долари as a “bug bounty” while $67 million was sent back to the treasury.