Fairyproof’s Insights into USDM Incident on Curve
— — A decentralized or DAO-governed minting mechanism is needed for stablecoins
A decentralized or DAO-governed minting mechanism is needed for stablecoins
There have been a lot of discussions on the exploitation that was launched by the Mochi team targeted to CURVE. However, most of these discussions were elaborating on how this exploitation was carried out. As a blockchain security company, Fairyproof will disclose why this could happen and how to prevent this from happening in the future.
Firstly, let’s recap how the USDM tokens used in this exploitation were minted.
On November 10, the Mochi team deployed a token contract whose address was:
0x60ef10edff6d600cd91caeca04caed2a2e605fe5.
It is worth noting that the contract used a proxy mode and was upgradeable. Its implementation contract was deployed at:
0xc9fb714cf8901d993dc2db2533d3bf526b12b650.
In the implementation contract, the “initialize” function called the “_mint” function. According to this implementation, when an upgrade for its implementation contract was carried out it would mint additional 10¹⁵ tokens.
Here is the code section:
With regard to USDM’s minting mechanism, normally, a user can stake a crypto token as collateral in the collateral contract to mint the USDM token. In general, the price of a crypto that a user stakes when the staking operation happens is retrieved from Chainlink.
However, for the Mochi token, its price was not retrieved from Chainlink when a staking operation with Mochi happened. Its price was fed by a contract deployed at:
0x0E0F438482CE5EE70d859D1f463c9B4D323081F3.
And the contract’s admin had full access control to the contract. In this case the admin called the “setPrice” function to set the Mochi token’s price. This transaction’s hash value was:
0x7df4de8a42993fb1f9f0650e904f213ec4601be51de391858b7bd2ad2d47612c
This contract was used as the price feed for the Mochi token’s price used in the USDM’s collateral contract whose address was:
0x94e7688a13d029DA7B57B3941b0A320109A99dAF
Then, a transaction that staked the newly minted Mochi tokens to mint USDM tokens was initiated and the hash value of the transaction was:
0x1e260fe5c10e25ddc117d588e95dc22c64c521c2111a40809bf5184bfcef1325.
In this transaction 10,000,000,000,000 Mochi tokens were staked and 46,000,000 USDM tokens were newly minted.
In general, after running the above steps, an exploiter would exchange the exploited tokens directly to a popular token in a DEX. But in this case, some tricky operations were executed.
Here came the tricks:
It is discovered that around 20 days ago a USDM Curve Gauge pool was created. The Mochi team used Convex to launch a governance attack in which part of the exploited USDM tokens were exchanged to DAIs and the DAIs were exchanged to Convex’s governance token CVX. By doing so the Mochi team acquired enough CVX tokens such that 40% of the voting power in Curve’s governance was possessed by the Mochi team and the Mochi team was able to manipulate Curve’s governance.
Thereafter the Mochi team took advantage of this and increased the reward for the USDM’s pool in Curve and attracted huge liquidity into this pool thus causing its TVL to be up to 170 million USDs. With such a high TVL, the Mochi team successfully exchanged the exploited USDM tokens to 46,000,000 DAIs.
Lessons that have rarely been discussed but should be learned from this Exploitation:
The USDM token is a USD pegged stable coin. From a technical point of view, if a stable coin’s minting is not governed by a decentralized mechanism, huge risks will be introduced and triggered in some cases.
In Fairyproof’s view, this can be categorized as a design vulnerability.
In this case, the Mochi team took advantage of this vulnerability, minted huge amounts of tokens, and eventually minted huge amounts of USDMs
This vulnerability is widely discovered among popular stablecoins such as USDT and USDC. The issue with USDT and USDC is even worse: they are claimed to be backed by off-chain assets, which excessively rely on centralized control.
From Fairyproof’s point of view, it is suggested to follow MakerDAO’s way of handling this, i.e., using a DAO-governed mechanism to mint DAIs. By following this mechanism, whenever a new underlying token is proposed to be collateral to mint DAIs, it should go through a voting process which usually lasts for multiple days. This somehow gives the whole community enough time to review and investigate the underlying token and greatly mitigates the risk encountered in this incident.