Modefi
  • Introduction
  • Oracle Solutions Suite
    • Decentralized Aggregated Oracle
    • On-Demand Oracle
      • On-Demand Oracle - Technical Manual v0.1
        • The On-Demand Oracle System
        • Types of Users
          • Data Request Creators
            • Requesting Data
            • Setting Times
            • Cancelling Data Requests
            • Disputing Results
          • Validators
            • Account Management
            • Staking (and Unstaking)
            • Providing/Endorsing Data
            • Disputing Results
            • Receiving Payment
          • ODO Custodian
        • Algorithms
          • Computing Request Costs
          • Depositing and Withdrawing Coins
          • Staking to Endorse Data
          • User and Staking Slot Tiers
          • Timing/Lateness
          • Bumping
          • Withdrawing
          • Endorsing
          • Payment
          • Slashing
          • Reputation
          • Staking Bonuses
          • Disputes and Resolutions
          • Coin Credits
          • Account Transfer
      • On-Demand Oracle - High-Level Overview
    • Oracle Marketplace
  • Defi Dashboard
    • What is the Modefi DeFi Dashboard?
  • Token
    • Tokenomics
      • Token Distribution
      • Token Stats
      • Token Emission Schedule
    • Token Sale
    • Token Utility
  • General Information
    • History of Oracle Based Hacks / Exploits
      • Synthetix $1 Billion Exploit
      • Trader Exploits bZx Oracle for $330,000 Profit
      • $100 M Liquidated on Compound Following Oracle Exploit
  • Blockchain Basics
    • What is a Smart Contract?
    • What is an Oracle?
  • FAQ
    • Staking on Fantom
    • Staking on Binance Smart Chain
  • How-to's
  • Smart Contract Addresses
  • Links and Socials
  • Media Kit
  • Disclaimer
  • Terms and Conditions
  • Privacy Policy
Powered by GitBook
On this page
  1. General Information
  2. History of Oracle Based Hacks / Exploits

Synthetix $1 Billion Exploit

June 25th 2019

PreviousHistory of Oracle Based Hacks / ExploitsNextTrader Exploits bZx Oracle for $330,000 Profit

Last updated 4 years ago

In what amounts to a particularly heart-warming example of the power – and responsibilities – of decentralization, founder Kain Warwick announced that an error that netted one legitimate user over $1 billion in profit has been fixed and that the user rolled back all the transactions in exchange for a bug bounty.

Definitely a rough day, but I am proud of our team and community in handling this issue. No funds were lost, the owner of the bot who exploited the issue agreed to reverse the trades.

— kainwarwick.eth (@kaiynne)

The error occurred when a commercial API began reporting wildly high prices for the Korean Won.

“Our price oracle has a mechanism for discarding outliers and should have absorbed this discrepancy gracefully, unfortunately the price feed for KRW was only being served by two API’s at that time due to an earlier unrelated outage which had not been caught by our exception reporting,” wrote .

From the report:

There are currently a number of trading bots actively trading on Synthetix.exchange using different strategies, one of these bots was able to detect this price error and exploit it to trade into and out of sKRW during the window where the API was incorrectly reporting the price. This resulted in several trades with profits of 1000x, resulting in over $1b in profit in less than an hour.

Luckily the bot owner understood their preposterous position and agreed to send the crypto back, a noble and/or important part of growing ecosystems like this one.

“No funds were lost, the owner of the bot who exploited the issue agreed to reverse the trades,” Warwick said. “He was unaware of the issue (his bot was fully automated) until after the news broke. He reached out on Reddit once he knew and we negotiated a bounty for reversing he trades. His goal was to build a profitable bot and he wanted to make sure the profit he had made up to that point, about 30k, was safe. So we paid him a bounty for reversing the trade, since his bot was the only one that was able to exploit the oracle defect.”

Original source of article -

Synthetix
https://t.co/SEIiP458Ne
June 25, 2019
Warwick
https://www.coindesk.com/synthetix-trader-rolls-back-broken-trades-that-netted-1-billion-profit