Ether Collateral Bug Disclosure

*No funds in danger*

There’s an previous saying in DeFi;

If samczsun hasn’t discovered a bug in your code are you even on mainnet?

We’re very grateful to Sam (@samczsun) for reviewing the Synthetix contracts and discovering and a bug in our Ether Collateral contract yesterday. The code is deployed to mainnet however is not but lively, so no funds are in danger. The code requires an express swap from the protocolDAO and might solely be activated on the finish of the three month trial interval which is 2 months away. Regardless of the code isn’t being lively now we have determined to pause new Ether Collateral loans till we are able to deploy a repair. Open loans will stay open and whereas we encourage everybody to shut loans so we are able to deploy the up to date contract there isn’t a deadline to take action.

Synthetix has had an open bug bounty programme since early 2019, nevertheless, after assessment we really feel that it’s inadequate for the present dimension of the venture so now we have simply up to date the bug bounty tiers as follows:

  • Informational: $100 sUSD
  • Low severity: $500 sUSD
  • Average severity: $1000 sUSD
  • Excessive severity: $5000 sUSD

Regardless of this code not being lively we really feel it is a excessive severity bug and will probably be paying Sam the up to date bounty consistent with the severity.

Whereas the Ether Collateral contract upgrades have been audited by Sigma Prime there was a misunderstanding as to the intent of the liquidation course of specced within the SIP. As well as this was put by way of code assessment internally sadly this concern was missed and was not lined by our inner exams, this lack of check protection is one thing we’ll handle transferring ahead to make sure we enhance check protection from 95%+ to 100%.

We will probably be working intently with our audit companions Sigma Prime and Iosiro sooner or later to make sure we minimise the chance for future incidents akin to this by way of clearer communication.

The precise technical particulars of the disclosure are under:

On line 345 of the _closeLoan personal operate, the borrowed sETH is burned with the next code.

synthsETH().burn(account, synthLoan.loanAmount);

This presently works on the closeLoan public operate as account is the mortgage creators pockets handle. For liquidations this must be msg.sender.

After the three month trial is full we wished all loans to be closed to arrange for the total implementation of Ether Collateral. The loanLiquidationOpen flag may be turned on by the protocolDAO which might permit anybody with sETH to shut any remaining unclosed loans and obtain the debtors ETH. That is anticipated to be ample incentive for debtors to shut all loans. If there have been deserted loans as a result of a borrower had probably misplaced all of their borrowed funds then there was nonetheless a mechanism to permit the sETH to be faraway from the system and shut the trial.

Nonetheless since line 345 is ready to account which is the mortgage creators handle it will each;
– require the liquidator to have the overall sETH borrowed of their pockets handle &
– require the borrower to nonetheless have the sETH of their pockets handle

Provided that each these situations are met after the three month trial has ended and the ProtocolDAO has enabled mortgage liquidations then it will burn the entire debtors sETH and ship the ETH to the liquidator as an alternative of burning the liquidators sETH.

This has rendered the liquidation mechanism faulty and it cannot be activated.

As quickly as all loans are closed we are able to deploy a brand new model with the repair and proceed the trial. Nonetheless, we aren’t forcing mortgage closures to make sure we don’t affect anybody with an open place in the course of the trial.

If you need to debate this concern additional please be part of us in discord.

Supply hyperlink