Warp Finance, a DeFi lending protocol that suffered an $8 million flash loan exploit shortly after launch, is now gearing up for a relaunch that may embrace an integration with oracles by Chainlink.
The inclusion of Chainlink oracles reportedly serves as safety towards related exploits. Flash mortgage exploits use a function that permits borrowing a vast quantity of funds, so long as additionally it is returned throughout the identical Ethereum block. In keeping with the group, safety consultants decided that the foundation reason behind the exploit was an exploitable value oracle.
The difficulty appears to have been compounded by Warp Finance’s use of liquidity supplier tokens for collateral. This function is among the major promoting factors of the protocol, because it permits committing yield-bearing tokens as collateral, combining each the yield from buying and selling charges and from debtors utilizing the protocol.
In keeping with DeFi whitehat hacker Emiliano Bonassi, the exploit relied on the truth that Warp Finance oracles didn’t correctly calculate the underlying worth of the pool tokens. The brand new protocol will use Chainlink value feeds for all crucial capabilities — notably the worth of the LP tokens used for collateral.
Chainlink and its founder, Sergey Nazarov, have typically been adamant about the truth that value oracles must cowl as a lot of the market as attainable. Certainly, many flash mortgage exploits are nearer to market manipulation than outright software program bugs. Even when no malice is current, incidents equivalent to Compound’s excessive liquidation event in November may have been prevented with extra market protection. Compound relied solely on costs from Coinbase and Uniswap, which briefly posted a extremely inflated value for Dai.
When requested by Cointelegraph why Warp Finance didn’t initially use Chainlink oracles, a spokesperson replied:
“Uniswap oracles have been an possibility for a lot of tasks that search value feeds for quite a lot of use circumstances. As such, we launched equally to different lending platforms for the trial section, with the flexibility to improve later.”
The spokesperson additional famous that a good portion of DeFi tasks will not be utilizing Chainlink, and so they imagine that the relaunch “offers our customers a lot better peace of thoughts in regards to the safety of our protocol.”
Warp Finance additionally drafted a compensation plan for affected users, already having recovered 73% of the stolen funds.