$8 200 000 USD
DESCRIPTION OF EVENTS
"Saddle is an automated market maker optimized for trading between pegged value crypto assets." "Saddle Finance was launched on Jan. 20, with the aim of alleviating the problematic spread between stablecoins and wrapped or tokenized crypto assets." "Saddle is the easiest way to trade and earn with pegged value crypto assets, beginning with tokenized bitcoin."
"Saddle is built by DeFi natives with prior years of developer experience at Web2 companies like Uber, Amazon, and Square." "According to the founder of the Saddle Finance platform Sunil Shrivastava, the main reason for creating the Saddle platform is to reduce the slippage chances of tradable assets by providing users the unequal opportunities to choose from four tokenized Bitcoin liquidity pools, including sBTC, tBTC, renBTC, and wBTC."
"Pegged value crypto assets are tokens that have their value pegged to an underlying asset by some means. For example, the value of a stablecoin or tokenized bitcoin is supposed to be $1 or 1 BTC, respectively."
"Different subtypes of pegged value crypto assets (i.e. USDT and USDC, or wBTC and renBTC) are better suited for specific on-chain actions, or may be supported only by specific applications. Trading in between those assets, therefore, should be as simple as exchanging 1–1. In other words, there should exist little to no arbitrage opportunity when trading between one stablecoin and another; users should be able to retrieve 1 USDT for 1 USDC — or as close to that as feasible."
"The issue with the pegged value asset market today is that the desired 1–1 trading isn’t easily accessible. Trading among and in between these types of assets can be expensive and inefficient, resulting in lost capital and therefore lost market leverage." "Saddle solves the pegged value crypto asset trading problem by offering an AMM specifically tailored to allow users to trade in between these assets with minimal slippage. Saddle achieves this through the StableSwap algorithm, enabling an autonomous market maker that allows for the transfer of pegged value assets with minimal slippage."
"Bitcoin is the largest cryptocurrency by market capitalization, and the amount of tokenized BTC on Ethereum has been exploding — the supply has increased ~135X in 2020. Despite this growth, tokenized BTC is often not a priority when it comes to features and support. We believe bitcoin deserves to be treated as a first-class citizen in DeFi."
"What’s different about Saddle is our commitment to open-source software and collaboration. The promise of DeFi, and of financial lego blocks, can only be fulfilled with a willingness to share and help one another. Our ethos is rooted in this desire to support the ecosystem."
"In terms of audits, Saddle Finance has undergone three back-to-back smart contract audits with Certik, Quantstamp, and Open Zeppelin." "The security of user funds is our top priority. Saddle is built on our new Solidity implementation of the StableSwap algorithm. Deploying new code that deals with money requires extra care and scrutiny, which is why we conducted three back-to-back smart contract audits with Certik, Quantstamp, and Open Zeppelin."
"It is also adopting the guarded launch mechanism." "Saddle is launching with Proof of Governance to protect our users with certain limits and discourage sybil attacks. Initially, there will be a pool TVL cap of 150 BTC and a per-address deposit limit of 1 BTC. These limits will be raised every 1–2 weeks." "For LPs to qualify for PoG, an address must have demonstrated active network participation."
"On 11/06/2021, an attacker manipulated the nUSD Metapool virtual price, lowering it by approximately 12.5%." "[A]t 11:40 am EST, Socrates from Synapse Protocol contacted Sunil on Telegram. One of the team’s contributors had noticed a bad actor taking advantage of a bug in Synapse’s Avalanche nUSD metapool."
"The exploit was possible due to a missing virtual price check on the _calculateSwap() function of the Saddle Metaswap implementation (used by the Synapse AMM). This allowed the attacker to continuously swapped from one asset to another within the same metapool without compensating for the liquidity removal in the first asset. A total of $8.2 million nUSD was drained from the pool, and the virtual price for nUSD within the pool was depegged and dropped by 12.5%."
"While most users directly swapped from Asset D to A, B, or C, when swapping to the LP token of A,B C, the Saddle Metaswap contract left out a check to calculate the base virtual price of the LP token. See line 424 of the Metaswap contract. Compare this to line 277, which correctly implements it, as adding liquidity & removing one token from the pool is effectively the same as a swap. This correctly scales the liquidity removal by the base virtual price. This is also correctly implemented in swapUnderlying()."
"The omission of the check described above allowed [the malicious actor] to loop through transactions continuously, lowering the Metapool virtual price and draining funds from LPs. A secondary address 0xb9...2415 linked to 0x38…81e8 performed transaction loops at a smaller scale."
"By 11:52 am the Saddle Multisig had been alerted and at 5:23 pm the tBTC v2 metapool was paused to prevent similar issues. Saddle worked with the Synapse team to diagnose the problem and begin implementing a fix for the vulnerability."
"Interestingly, the attacker just adopted the same approach used in the Synapse incident, which is not an optimized way to achieve the goal. Alternatively, it is possible launch attacks more efficiently, e.g., applying optimized parameters to drain the liquidity in one transaction. The result suggests that the attacker might NOT fully understand the root cause of this vulnerability."
"Although funds were drained from the metapool, the attacker was unable to exit, because they attempted to withdraw funds using the (same) Synapse bridge, and was stopped by network validators. Synapse assured users in their post-mortem that the $8.2 million nUSD will be returned to the affected liquidity providers."
"After Saddle’s post-mortem, we’ve increased the size of our gnosisSafe multisig from 3/5 to a 3/7, to include Aurelius from Synapse and Scoopy from AlchemixFi to improve our response time. [We've also c]reated a Telegram group for teams using Saddle code for faster comm[unications, p]rioritized formal verification of smart contracts with Certora[, and p]aid out [a] $50,000 Immunifi bug bounty to [the] vulnerability discoverer."
"Thwarting the attacker and fixing the vulnerability showed how multiple projects and users of different DeFi protocols can benefit equally from each other, thanks to open-source code (OSS) and collaboration. Improvements made in one codebase help to make better products across a whole ecosystem, once again proving the benefits of a Web3’s composability."
Saddle Finance offers a automated market between different pegged assets. There was a vulnerability discovered in one of the smart contract hot wallets for metaswap. However, network validators blocked their exit to cash out the funds and funds were ultimately returned to affected users.
HOW COULD THIS HAVE BEEN PREVENTED?
There were no funds lost in this case. Saddle Finance has three separate audits which don't appear to have caught the vulnerability. The best practice is to have less funds in hot wallets and more managed through a multi-sig with offline keys, which can be disbursed over time. The hot wallet size can be increased based on the size of any treasury insurance fund, industry insurance fund, of blockchain smart contract insurance.
Fix for Metaswap exploit is live (Jan 9)
Introducing Saddle, a specialized AMM for pegged value crypto assets (Jan 9)
The Story of Saddle (Jan 9)
Saddle (Jan 9)
Address 0x3ab92d06f5f2a33d8f45f836607f8da68cab81e8 | SnowTrace (Jan 10)
saddle-contract/MetaSwap.sol at 141a00e7ba0c5e8d51d8018d3c4a170e63c6c7c4 · saddle-finance/saddle-contract · GitHub (Jan 10)
Fix incorrect fee math in MetaSwapUtils by penandlim · Pull Request #469 · saddle-finance/saddle-contract · GitHub (Jan 10)
11 06 2021 Post Mortem Of Synapse Metapool Exploit (Jan 10)
The Analysis Of Nerve Bridge Security Incident (Jan 10)
https://blog.insurace.io/security-incidents-in-november-e4bcb39dd7f9 (Feb 1)
Cross-chain Protocol Synapse Bridge Prevents $8M Attack (Feb 7)