If there is one criticism of the DeFi industry, it is that there are still a lot of hacks and attempted exploits. Half of this is due to the general DeFi community tendency to “ape” projects, despite not completing proper due diligence.
With 2,000% APYs for early contributors, this makes complete sense. The second half of this issue is more related to experimental technology and published audits that allow hackers the opportunity to find complex exploits.
This article walks through one recent case, but unlike most DeFi exploits, has a happy ending and can be used by other founding teams that might find themself in a code red scenario.
Case Study: Crisis Management for DeFi Exploits
Warp Finance is an innovative decentralized finance (DeFi) platform that has created a novel and valuable use for liquidity provisioning (LP) tokens: collateralizing stablecoin loans.
However, shortly after it launched with nearly $50 million in Total Value Locked (TVL), Warp Finance was the unfortunate victim of a flash loan attack. These attacks involve individuals manipulating a protocol to extract large sums of money out of it.
While a setback such as this has proven difficult for many companies to overcome, Warp Finance was able to execute a quick recovery with the help of some of the biggest players in the DeFi space.
Not only was Warp able to resecure its protocol and relaunch, but it was also able to retrieve the majority of lost funds, which, in addition to other methods, compensated impacted users.
First Focus on Resecuring Exploited Infrastructure
One of Warp’s two major focuses in the wake of the flash loan attack was to resecure its platform. To do so, it sought the help of nakamo.to, a portfolio company of Advanced Blockchain AG with ventures in a multitude of major DeFi projects.
The experienced nakamo.to team helped Warp implement new security updates, in particular suggesting and facilitating Warp’s use of Chainlink price oracles to replace their previous use of Uniswap price oracles in valuing LP tokens.
This alteration enabled Warp to better calculate the underlying value of LP tokens, in addition to optimally protecting against any future cyberattacks. LP price-determination calculations were also optimized. Furthermore, the experienced team at security audit firm n-Var performed a thorough security review of this reworked coding.
The main objectives were to identify resolutions for the flash loan attack, as well as to ensure the security of the updates to Warp’s price oracles. With these new security changes in place, Warp Finance is able to more accurately price LP tokens while also being best protected against flash loans and other attacks.
Once Secured, Focus on the Community
The second major priority of Warp in the wake of the attack was to compensate impacted users. The Ethereum and white hack community (including Emiliano Bonassi, Artem “Banteg” K., Sam Sun, and Julien Bouteloup) were essential in helping Warp obtain the majority of the lost funds.
With their assistance, Warp reobtained 75% of the stolen stablecoins, equating to $5.82 million, which was returned to users.
To compensate the remaining losses, Warp also designed the Portal IOU token, which will also be distributed to impacted users. 7,760,241 Portal IOU tokens will be created and distributed, with 1 of these tokens being redeemable for 0.001449697206 Warp Token.
Furthermore, if users wait until the end of the 6-month vesting period to redeem their Portal IOU tokens, they will receive an additional Warp Token bonus.
As an alternative, users can freely trade Portal IOU tokens on Uniswap. This provides an option for generating value while still enabling the token to retain its redeemability.
As a final method to ensure community satisfaction in these platform changes, Warp has opened the opportunity for users to carry out community reviews of the platform, providing comprehensive feedback.
Overall, the recovery of Warp was one of the few happy endings from recent DeFi exploits and this was largely due to the quick thinking and coordination of a wide range of DeFi stakeholders. As a result, Warp Finance has relaunched in record time, allowing it to continue its value-add to users by enabling LP-token collateralized stablecoin loans.