Post Mortem of the 2022.10.28 Attack on Deri Protocol
This medium article covers details of the attack that occurred on October 28, 2022, explains the root cause that led to this attack, describes the solution that has been deployed, and provides the next steps of the compensation plan.
Please refer to this recap for the detailed procedure of this attack.
This attack was exploiting a design vulnerability of our margin system: maintenance margin failing to cover the loss due to trading-caused mark price change.
Maintenance margin is to cover the possible loss of a position, which takes place when the price moves unfavourably. There are two factors causing mark price to move and determining the final loss during a liquidation:
- Underlying price change
- Buying/selling actions push the mark price up/down via the DPMM mechanism
Our current margin mechanism was only designed to take care of mark price change due to the first factor but has not fully taken into account the second.
As far as factor 2 is concerned, the maintenance margin held for a position should be greater than the maximum possible value change of this position caused by trading action. Specifically, to cover the worst-case scenario, we should have the required margin per volume to satisfy the following inequality:
where ΔMark is the change of the mark price within a block, i.e. the possible change of the mark price due to trading actions.
This worst-case scenario could take place as follows:
- Somebody long 1 unit volume establishing position, when mark price is the highest possible point, M1;
- A short trade drags the mark price to the lowest point M2 and causes position A to be liquidated at M2.
From 1 to 2, position A has experienced a loss = max(ΔMark). Per the previous mechanism (before the fix), ΔMark was not bounded, which means attackers can manipulate with the positions to create Mark as large as wished. And this leads to the possibility of the margin as a buffer being completely penetrated. Whenever there is a theoretical loss of some position that could not be realized, it’s a potential loss for the liquidity pool. This is the root cause of the 11.28 attack.
As a quick fix specifically for everlasting options exploited, we brought back the min initial margin requirement enforced when everlasting options were rolled out. However, this is only temporary and will be lifted again at some point in the future.
The more important measure is to bound ΔMark, which is enforced by introducing a limit of the open interests. That is, we have implemented a limit on the maximum open interest of any symbol by the constraint of the pool liquidity. This constraint has already been deployed such that the inequality above is always ensured. Specifically, even the opposite-position trick adopted in the 11.28 attack, which caused very little net position, could not bypass this constraint.
This attack resulted in a total loss of 143,622 USDC on Deri Protocol’s trading pool on Arbitrum.
A fund will be set up by the treasury to compensate for the loss of liquidity providers directly due to this exploitation. Any liquidity providers who have suffered a loss can claim the compensation at https://deri.io.The webpage will go live before 08:00 AM UTC, November 11th, 2022.
All the compensation has to be claimed within 90 days from the date the compensation website goes live.
Thank you, again, to the Deri community for your continued encouragement and support.
About Deri Protocol
Deri, your option, your future!
Deri is the DeFi way to trade derivatives: to hedge, to speculate, to arbitrage, all on chain. With Deri Protocol, trades are executed under AMM paradigm and positions are tokenized as NFTs, highly composable with other DeFi projects. Having provided an on-chain mechanism to exchange risk exposures precisely and capital-efficiently, Deri Protocol has minted one of the most important blocks of the DeFi infrastructure.