Acala governance proposal submitted to burn $1.28B aUSD following investigation of exploit

The Polkadot ecosystem stablecoin Acala ($aUSD) was exploited over the weekend, allowing malicious actors to mint $1.2 billion out of thin air. The Acala team has “suspended” operations through an urgent governance proposal to investigate this issue.

August 15, Governance proposal was filed to “effectively burn” US$1.288 billion following the release of an on-chain report from the Acala Council.

Acala initially notified users of the issue around 3am on August 14th and said it was working to “mitigate the issue.”Exploit source was public report Just 10 hours later, by 1pm BST on August 14th.The announcement states that โ€œmore than 99% of mis-minted aUSD [remained] With Fudo Myoo’s parachain.

In the Twitter thread that identified the cause of the exploit, Acala said it had identified an ongoing โ€œwallet address that received erroneously crafted aUSDโ€ฆon-chain activity tracking.โ€

Commenting on the potential impact on the broader Polkadot ecosystem, Analog Founder and Chief Architect Victor Young said:

โ€œWe still believe Polkadotโ€™s infrastructure is secure by designโ€ฆ About the Acala Network, an application-specific chain customized to power liquidity, economic activity, and stable coin utility on our platform.โ€ cannot say the same.

In my view, these attacks will continue to increase as many dApp developers have not stepped in when it comes to defining the security properties of their code. Even if the smart contract is audited, the code may not be secure. “

Governance framework and leadership

Acala Network is working on a community governance proposal to determine the resolution of incidents. Acala currently has a Governance Council with five addresses.

according to Concept roadmap For Fudo Myoo, “perfect democracy” is still in the “planning” stage. The nearly completed Phase 3 roadmap states:

โ€œAcala Foundation decisions regarding the network (runtime upgrades, improvements, etc.) will be made transparent on-chain through voting by the appointed Acala General Council.โ€

Acala also enabled elements of democracy. He said it was “so that anyone can propose a referendum by depositing a minimum amount of tokens for a period of time.” However, “Full Democracy” is scheduled for Phase 4 and will not be implemented until the following checkpoints are met.

โ€“ All DeFi protocols are bootstrapped and run for a reasonable period of time with high stability and security (to ensure that the protocols are healthy when the market is highly volatile).

โ€“ There is a sufficient amount of liquidity in the network to power the protocol, and the liquidity is sustainable.

โ€“ Sound and transparent processes are in place for each DeFi protocol for continuous business as usual (BAU) improvements, such as adding new trading pairs and new collateral.

โ€“ Professional councilors such as risk assessors, technical assessors, etc. have been identified to continue to ensure the security and safety of the network and protocols.

โ€“ Acala EVM is well-developed with production-grade features and security.

Therefore, according to the current governance process, the Acala Council still appears to retain a great deal of control over the network. This may not be optimal for the level of decentralized nature of the protocol, but could be useful for Acala’s resolution management and “resolve USD error mints and restore USD pegs” .

solution and solution

To further mitigate risk, Acala states that โ€œparachain native token transfers have been disabledโ€ so that erroneous aUSD could leave the native parachain and spread contagion to the broader Polkadot ecosystem. do not.

At the time of writing, aUSD is valued at $0.88 per token after dropping to a low of $0.09. The peg appears to be between $0.90 and $0.80, but is still 10% to 20% below the desired peg.

Source: Trading View

Acala posted an update on the situation on Monday morning, confirming that the minted aUSD is worth $1.288 billion. in the tweet, forum post Details in “Trace Results”.

The Acala team confirmed that the information can be used to “verify on-chain data and formulate proposals to resolve USD error mints.”

The specific cause of the incident is time-stamped in the forum post.

“2022-08-13 22:41 UTC โ€“ The iBTC/aUSD pool was enacted with the wrong composition and started the wrong mint. “

Due to a “misconfiguration”, AUST was created incorrectly and funds were sent to multiple LP providers for pooling. As Acala confirmed, these funds are now effectively frozen.

โ€œSwapped digital assets remaining on the Acala parachain have since been disabled for transfer pending a co-government decision of the Acala community regarding the resolution of the error minting.โ€

Since the update was released, the “referrer” suggestion Submitted.of suggestion There are no “against” votes as of press time. By reverting to the Honzon protocol, we aim to “effectively burn” the errant aUSD.

The proposal contains the code needed to move the funds to a pseudo-burning address, listing all addresses present in Acala’s findings.

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button