Interim Exploit Update

• An attacker exploited the legacy Lend/Borrow protocol to inappropriately withdraw funds
• The attack was detected by Sovryn devs and the system placed into maintenance mode
• Roughly half of the funds have been recovered so far
• Potential remaining user losses will be fully covered by the Exchequer

Today, starting early in the a.m. (UTC), an attacker began an effort to exploit a vulnerability they had discovered in the legacy Sovryn Lend/Borrow protocol. This exploit is still being investigated. We currently know that it does not affect Zero. Present investigation indicates only two lending pools have been impacted:

• The RBTC lending pool
• The USDT lending pool

This allowed the attacker to withdraw RBTC and USDT from the lending pools in the following amounts: 

• 44.93 RBTC
• 211,045 USDT

The below addresses have been associated with the attacker:

• 0xc92EBeCDa030234C10e149bEEAD6bba61197531a
• 0xDaA2e727738f742FF1a2FCD2C6419Dc6BEfBFf6C
• 0xa893cdcb731ae8f91cb50f51f28980cdba96b0a6
• 0xe40151f2b79816BC00D277addb991c4e16607d22 
• 0x23B2Df5d429cA8f189Fd57D5Bc4B35f5dE580731 

Some of the funds were withdrawn using the AMM swap function, so the attacker ended up with several different tokens. See below for a more detailed description of the exploit.

The unusual activity was detected by Sovryn devs and the system was placed in maintenance mode. This restricted further transactions and allowed time for developers to investigate the issue. 

Due to the multi-layered security approach taken, devs were able to identify and recover funds as the attacker was attempting to withdraw the funds. The effort to recover funds is ongoing. At this point, through a combined effort, devs have managed to recover about half the value of the exploit. Fund recovery efforts are still ongoing.

User funds are not at risk. Exchequer will reinject any missing value to the lending pools. 

1. Asset recovery efforts will continue.
2. A full investigation of the exploit will be concluded.
3. A plan is being formulated to return the system to full functionality. We are currently targeting midday tomorrow - but maintenance mode will only be removed once there is confidence in system safety. 
4. A full post-mortem will be published.
5. Findings will be documented for future improvement.

The exploit utilized a manipulation of the iToken price. This token price is updated every time there’s an interaction with one of its lending pool’s positions. The attacker first bought WRBTC with a flash swap from RskSwap and then borrowed WRBTC from the RBTC Sovryn lending contract using their own XUSD as collateral. The attacker then provided liquidity to the RBTC lending contract, closed their loan with a swap using their XUSD collateral, redeemed (burned) their iRBTC token, and sent the WRBTC back to RskSwap to complete the flash swap. This sequence of events manipulated the iRBTC price such that they were able to take out much more RBTC than they originally deposited.

‍