Lack of liquidity mitigated damages to BonqDAO exploit: Report

According to blockchain information steadfast CertiK, the harm caused to decentralized protocol BonqDAO connected Feb. 1 whitethorn person been overmuch little than initially thought. 

As told by CertiK, the attacker archetypal borrowed 100 cardinal BEUR, a euro stablecoin, with little than $1,000 successful collateral owed to a deficiency of controls connected the collateralization ratio. If users acceptable the parameter to zero, past the level defaults to returning the "maximum worth of uint256," allowing an astronomical sum of loans to beryllium issued.

However, CertiK said that contempt the attacker borrowing 100 cardinal BEUR (around $120 cardinal astatine the clip of attack), the hacker lone managed to retreat astir $1 cardinal owed to a deficiency of liquidity connected the platform. Previously, blockchain information firms specified arsenic PeckSheild stated that around $120 cardinal was lost during the attack.

Bonq is simply a fork of Liquity Protocol, which, akin to that blockchain, uses Troves to correspond isolated indebtedness positions. However, Bonq reportedly implemented a Community Liquidation Feature wherever 45 Troves with BEUR vulnerability were liquidated owed to the incident. According to CertiK, the onslaught besides impacted Troves containing astir 110 cardinal Alliance Block tokens (ALBT). That said, nary of the Alliance Block astute contracts were breached during the incident, and the task has said it volition airdrop caller tokens to compensate affected holders.

Bonq protocol was exposed to an oracle hack, wherever exploiter accrued the ALBT terms and minted ample amounts of BEUR. The BEUR was past swapped for different tokens connected Uniswap. Then, the terms was decreased to astir zero, which triggered the liquidation of ALBT troves.

— BonqDAO (@BonqDAO) February 1, 2023

Although a deficiency of liquidity appears to person mitigated damages to BonqDAO during the incidents, others were not truthful lucky. On Oct. 12, DeFi protocol Mango Markets initially mislaid $116 cardinal aft hacker Avraham Eisenberg manipulated the terms of the MNGO token price, driving it up 30 times via tremendous perpetual aboriginal contracts wrong a abbreviated period. This was imaginable arsenic a comparatively tiny archetypal superior was required to manipulate MNGO owed to debased liquidity. 

Related: How debased liquidity led to Mango Markets losing implicit $116 million

Afterward, Eisenberg acquired a indebtedness for $116 cardinal utilizing $423 cardinal of his inflated MNGO holdings arsenic collateral and siphoned funds from the platform. On Dec. 28, Eisenberg was arrested successful Puerto Rico connected charges of commodities manipulation and commodities fraud.