WUSD Incident Recap and Solution
On August 4th, 2021, at 1:49:05 AM UTC, an attack took place on WUSD’s pegging mechanism. You can review the detailed step-by-step of the attack in this article by Inspex.
Upon learning of the attack, the Wault team quickly turned off WUSD minting on the UI, and worked with three audit firms to deduce the nature of the attack and scope of the vulnerability, soon identifying it and confirming no more funds were at risk.
The result of the attack was the attacker gained ~$816k from the WUSDMaster contract. However, the 90% portion of USDT collateral for WUSD was not affected, nor was the Treasury; As we stated when introducing WUSD, we designed these two portions of funds to be isolated and safe under all conditions. All other pools and products in Wault were also unaffected and continued operating efficiently.
Over the following day, the team developed a solution to the vulnerability and simulated it with auditors, confirming that it would eliminate the attack vector and make WUSD safe.
First of all, we want to apologize to any of our users this affected. Even though we commissioned two audits before launching this code, unfortunately, no one foresaw this type of attack. Luckily, this problem occurred early on, giving us the chance to fix it before WUSD’s circulating supply increased further. Now, we can move forward with a technical solution, and do our best to compensate our users.
The Solution
We’ll be implementing the following things to close the vulnerability and make sure WUSD operates without issue.
- Mint Timelock (1 block): When someone mints WUSD, they will only receive it one block later. This prevents flash loan attacks.
- Redeem Timelock (1 block): When someone redeems WUSD, they will only receive it one block later. This prevents flash loan attacks.
- Minting Fee: We’ll move the 0.2% transaction fee from redemption into a minting fee of 0.2% to mitigate potential arbitrage attacks.
- Sell WEX On Redeem: Just like how the protocol buys WEX on mint, it will sell WEX on redemption. This will prevent price manipulation attacks.
We’ll be queuing the changes over the weekend and getting them audited next week.
Compensation
The first thing we need to point out is that no funds were stolen nor incorrectly minted. The attacker profited by manipulating the WEX price a modest amount. Following that, some users panic sold and panic redeemed WUSD, which caused the bulk of the WEX price drop.
Regardless, we’ll be doing several things to get WUSD and WEX prices back on track.
WUSD Stability Mechanisms At Work
At the moment, WUSD redemptions return less than $1 because there is insufficient WEX in the contract. However, even during the attack, WUSD never dropped below 0.91 because the collateral model held strong as intended. This is already more stable than many other stablecoins at launch, and they didn’t suffer an attack, proving that WUSD’s stability model works.
Now, the next step is to return to peg, and for that, we only need to allow WUSD’s stability mechanisms to do their job.
Stability Mechanism 1 — Treasury
The 90% of USDT collateral has held as a strong floor, so all we have to do now is fill up the WEX portion. The first step we did was to buyback and burn $141k worth of WEX from the treasury.
https://bscscan.com/tx/0x8f181c2a12e1230e0319a3104f6e18a5a9d91086d2cd61cda2109b1aa85fc9b5
The treasury will continue filling up from the below stability mechanisms until it restores the peg, and then continue to grow as a future buffer.
Stability Mechanism 2 — WSwap Emissions Support
Due to WUSD being below $1, we’re slowly increasing the portion of WEX emissions that goes to the WUSD Treasury (total WEX emissions are unchanged). This portion is growing and continuing to refill the Treasury.
Stability Mechanism 3 — WSwap Trading Fees Support
We’re steadily increasing the WSwap trading fees going to the Treasury from 15%. Along with emissions, these will serve as ongoing buybacks & burns on WEX until the peg is restored.
Stability Mechanism 4 — WUSD Staking Support
Once we resume allowing WUSD minting, we’ll be allocating healthy emissions to the WUSD-BUSD pair, which should attract new minters to help refill the treasury.
With these mechanisms, the WUSD peg should be restored within a number of days, and the treasury will continue to grow to create an additional safety buffer.
In addition, we’re speaking with future WPool partners and offering them incentives to pair their tokens with WUSD for their WPool farms, which will create further buying/minting demand for WUSD.
Once WUSD is back on track, that should reignite WEX buying and lockup as WUSD circulating supply increases. Finally, we will make efforts to boost WEX as well.
Big Buyback & Burn
We’ll be dedicating half a million dollars from a combination of the team’s development fund and trading fees to do a large buyback & burn of WEX soon. Between this and our other initiatives, it should cover the bulk of the attack amount. However, we won’t just stop there. We’re working on improving security as well.
Professional Bug Bounty Program With Immunefi
We’ll be launching a professional Bug Bounty Program with Immunefi, offering up to $100k USD to their network of white hats to help inspect and secure all our code.
Of course, even though audits aren’t invulnerable as proven by this event, we’ll keep getting them, starting with one next week for our solution on WUSD.
Once again, we apologize to our users for this incident. Even though we’ve been doing the best we could in regards to internal and external security, DeFi is growing so fast that some accidents can’t be foreseen no matter how hard you try.
However, we will learn from this experience, work harder, and build smarter. We also want to thank each and every one of you for your supportive comments in our Twitter posts and group chat rooms. Even in such a time, the vast majority of you gave us positive comments and stood by us. If nothing else, we have the best user base on BSC. That’s why we believe it won’t be long until we’re doing better than ever.
Let’s make Waultmerica great again.
