Luna Classic pricing error leads to Mirror Protocol exploit : omgfin

An error on the pricing oracle software for Terra Classic validators opened the door for an user to drain four artificial quality pools from the Mirror Protocol.

A mismatch within the reported value of underlying assets on artificial assets redistributed finance (DeFi) platform Mirror Protocol has caused associate degree current exploit that has the potential to empty all of its funds.

The exploit was observed on Sunday by governance participant Mirroruser on the protocol’s forum. As of the time of writing, the Mirror BTC (mBTC), Mirror Polkadot (mDOT), Mirror Ether (mETH) and Mirror Galaxy (mGLXY) synthetic plus pools on the protocol have lost almost all of their assets valued at over $2 million.

Mirror permits mercantilism of artificial assets like stocks and cryptocurrency on the Terra and Terra Classic layer-1 blockchains, BNB Chain and Ethereum.

A valuation error for Roman deity Classic (LUNC) created the exploit potential. The remaining validators on Terra Classic reported that the value of LUNC at $0.000122 was an equivalent as the new launched Terra (LUNA) ($9.32), although their real market costs vary wildly according to CoinGecko.

Chainlink community ambassador ChainLinkGod explained on Tuesday that the “Terra Classic validators were running an noncurrent version of the oracle software.”

Venus Protocol and Blizz Finance every suffered from a similar exploit in could once worth oracle Chainlink’s reported Luna price remained at $0.10, whereas the market price ran way below that. Blizz Finance was entirely drained while Venus lost $11.2 million.

Terra community whistleblower on Twitter, pseudonymous FatMan, warned that the Mirror exploit can have an effect on the opposite “m” quality pools by about 8:00 am UTC on Tues. However, the account additionally claims that the majority of the pools are often saved if the developers intervene to repair the bug.

By 12:55 am UTC, it appeared that the rating error had been fastened for LUNC, because the worth being verified by the oracle has came to its real market value.

This is the second time Mirror has suffered from a significant vulnerability. The previous bug in Mirror’s code was exploited “hundreds of times” since 2021, in line with FatMan in a Fri tweet. the primary exploit allowed a user to unlock alternative users’ collateral on the protocol and pull it out themselves. In all, the primary user got away with “well over $30 million” and wasn't detected till could 2022, he added.

( Brian Newar, Cointelegraph, 2022 )

Luna Classic pricing error leads to Mirror Protocol exploit Print

Related Articles