DeFi
Safety researchers discovered a bug within the design of Aave v2’s newest launch for the Polygon (MATIC) blockchain. Evidently a nine-digit sum in U.S. Greenback Tether (USDT), Wrapped Bitcoin (WBTC), Wrapped Ethereum (WETH) and Wrapped Matic (WMATIC) can’t be operated by their house owners.
$120 million price of property caught in Aave v2 on Polygon, this is how
Based on an evaluation revealed by sensible contract auditors and on-chain researchers at BlockSec, a design flaw was disclosed within the Polygon-based model of Aave v2, a blue-chip DeFi protocol.
.@AaveAave the most recent improve of ReserveInterestRateStrategy in Aave V2 (Polygon) has precipitated a short lived halt of the protocol, impacting property price ~$110M!
The foundation trigger is the brand new ReserveInterestRateStrategy is simply suitable with Ethereum, not suitable with Polygon. https://t.co/kg5696QNPo pic.twitter.com/Ze3zSBS8Ck— BlockSec (@BlockSecTeam) Could 19, 2023
Researchers said that the problems had been related to the up to date ReserveInterestRateStrategy, which is a component of the protocol’s logic in Aave v2.
The newest model of this logic is simply relevant to Ethereum (ETH), however to not Polygon (MATIC).
Pseudonymous Ethereum (ETH) developer who goes by @mookim_eth on Twitter shared an in depth evaluation of the roots and results of the problems highlighted by BlockSec. Based on him, Aave v2’s lending pool expects a unique interface and can’t work together with the up to date technique.
Because of this, customers briefly can not withdraw or alternate 5.5 million USDT, 35,000 Wrapped Ethers (WETH), 1,500 Wrapped Bitcoins (WBTC) and 11 million Wrapped Matic (WMATIC), which is roughly equal to $120 million.
Group creates emergency repair proposal
Even though the Aave crew didn’t affirm the problem through its official communication channels, the group of the protocol has already launched an announcement relating to the problem.
This assertion confirmed that the property are unavailable on account of a battle between the Ethereum- and Polygon- based mostly variations of Aave v2 designs:
The foundation of the issue is that, for legacy causes, the v2 model used on Aave v2 Polygon (and Avalanche) is barely totally different from Aave v2 Ethereum, regarding the interface utilized by the LendingPool to name the speed technique of an asset. The brand new rate of interest methods utilized to these property respect the interface of Aave v2 Ethereum, however not v2 Polygon, so when the LendingPool queries the technique for the present charge, this name reverts, and so does the motion “wrapping” it (e.g. deposit, borrow, and so on).
On the identical time, all property are secure within the protocol and there are not any dangers of dropping any of them. Different property on Aave v2, together with USD Coin (USDC), Dai (DAI) and Aave (AAVE) are working as supposed.
On Could 20, 2023, group voting on implementing a repair to the Aave v2 codebase will begin at about 4 p.m. UTC, the proposal of Aave Governance goes.
