Open in app

Sign in

Write

Sign in

dNyan-2 mining exploit post-mortem

Nyan.finance
4 min readOct 31, 2020

Incident summary

On Oct-30–2020 04:49:59 PM +UTC, a Nyan-2 LP staker was able to mint 1,285 dNyan-2 through a mining/claiming error. Once the staker claimed the dNyan-2, they went on to sell ~half the dNyan-2 over a series of consecutive transactions in the dNyan-2 uniswap ETH pool. The consecutive sales subsequently drained the dNyan-2/ETH pool of most of the ETH within it.

Leadup

At Oct-24–2020 05:01:31 AM +UTC, the dNyan-2 contract was launched with an error in the code that caused a failure in setting the mining difficulty.

This error was found and updated in a subsequent contract update. Unfortunately, the exploiting staker managed to trigger a contract update during the claim, causing the contract to mint an inappropriate amount of tokens for the staker.

Fault

Although, a patch to address the mining difficulty was implemented, it failed to place an updated mining difficulty on the user’s rewards mapping.

Based on assessments, two stakers were able to take advantage of this error, however only one staker actively took advantage of the Uniswap pool.

The address of the exploiting user is: 0x55a31476429841c5896B63De58128cbEaC5c3B92

Detection and Response

The incident was detected ~1 hour after the minting and the exploiting staker was quickly identified. The lead developer(black_zero) was offline during this period, and trading was not halted at this time. After contact was re-established, all dNyan-2 trade was halted and the error was identified.

The largest fault with the detection and response was the inability to reach the lead dev, which in turned wasted time that could have been used to halt trading earlier.

At the moment, the main exploiting wallet still holds 585 dNyan-2, and a community decision will have to be reached on how to handle the balance.

Timeline

Oct-24–2020 05:01:31 AM +UTC — The dNyan-2 contract was launched with a mining error.

Oct-30–2020 04:49:59 PM +UTC — Staker address ‘0x55a31476429841c5896B63De58128cbEaC5c3B92’ placed a reward claim on the dNyan-2 contract.

Oct-30–2020 05:02:48 PM +UTC — The staker first swaps 1.90 dNyan-2 for ETH and then proceeds to swap 100s of dNyan-2 for ETH in a series of transactions.

Oct-30–2020 07:32:19 PM +UTC — The staker makes a final swap of 60 dNyan-2 for 2 ETH. Their wallet still holds 585 dNyan-2.

Root cause identification: The Five Whys

  1. The dNyan-2 contract had an exploit that failed to check for difficulty.
  2. The exploiter was able to claim a large amount and began to swap them into the Uniswap ETH pool.
  3. The main dev was unable to be reached in an appropriate amount of time.
  4. Trading was not halted in time to prevent the swapping of the tokens.
  5. The fault lies with the main developer for moving too quickly with a series of consecutive contract deployments and updates.

Root cause

The main factor here is the lack of sufficient developer time to check and test code in such short deadline spaces. This incident will make sure that an additional 24–48 hours will be placed as a buffer in front of all contract upgrades to give more space for testing.

Lessons learned

Contract deployment can no longer occur in a rushed and time-limited window. Appropriate time must be spent on checking the contracts for any issues before deploying new updates to the mainnet.

As for the mining algorithm, the developed patch is being tested now and trading should be unhalted once it is released.

Moving Forward

By looking over the code and identifying the error, these steps will be taken to ensure that dNyan-2 operations return to normal with all services functioning:

-Disabled all trading for dNyan-2: Although a fix is already implemented, all trading for dNyan-2 will remain halted until thorough checks have been done to ensure that the code is completely secured.

-Add a patch that will determine a true balancefor all dNyan-2 holders in order to remove excess tokens from the exploting wallets: Since the main exploiting staker still holds 585 dNyan-2, code will be added to check each user’s balance and remove any excess tokens they may have. This will not affect any other dNyan-2 holders.

-A thorough audit of all the V2 contracts: A respected and well proven auditing firm will be hired to review and reveal any other error or issues that may exist within the V2 contracts.

-Develop new systems with the aim of replenishing the dNyan-2/ETH pool over time to help dNyan-2 LP stakers: New development ideas and plans will be presented in order to establish ways dNyan-2 LP holders suffer as little of a loss as possible.

-Transfer of contract ownership to the Nyan voting contract: Ownership of ALL contracts within the Nyan ecosystem will be transferred over to the control of the voting contract. This in turn, gives control of updates and variables to Nyan-2 LP stakers. This will effectively eliminate all developer centralization within the ecosystem.

-Transitioning away from V1: A series of votes will be occuring for Nyan-2 LP stakers to decide how all V1 versions should be retired. This will help cause less confusion amongst newcomers and place all forward focus on V2 development. Community members have also suggested using NyanV1’s liquidity to replenish dNyan-2’s liquidity faster. This will require an on-chain vote as well as intense discussion on the methodology and timeline.

-A better roadmap: A long term roadmap will be released to make sure that both the community and developers are on the same page. Rather than set dates, we will switch to milestones with general periods for completion. This will ensure that there is always enough time to develop and test.

Nyan Finance
PostMortem

--

--

Nyan.finance

Written by Nyan.finance

135 Followers

Nyan.finance is a Decentralized hedge fund focused on introducing beginners to Defi.

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams