币市雷达_CopyTrading_cc
--
Detailed reveal: How the master used uni to harvest 660,000 US dollars of wool last night! (via CoinsRadar.net):
Last night (2024.2.23)
#uni In an instant, the price rose from 7 US dollars to 11 US dollars.
Compound is a lending agreement that allows users to mortgage other currencies (such as usdc) to borrow uni. For a short period of time after the instant pull of uni, compound did not update the price of uni in a timely manner, resulting in the agreement being able to use mortgages with low uni values. Go and borrow uni. This was discovered by a very few people, who borrowed a large amount of uni by mortgaging usdc, and then sold the uni into usdc. Then you will find that the amount of usdc they obtained is actually more than the amount of compound they mortgaged. Let me carefully analyze this attack on the lending protocol. The data source is https://bad-debt.riskdao.org/. The addresses that are profitable for the attack are the following four: 0x6980a47bee930a4584b09ee79ebe46484fbdbdd0
0x5968ada261a84e19a6c85830e655647752585ed4
0x49bc3cec1fb7978746f742a4e485d0d601831cea
0x2f99fb66ea797e7fa2d07262402ab38bd5e53b12
Now check the balances of these four addresses on debank. You will find that in the compound protocol, these four addresses have a debt, but the collateral is almost zero, as follows:
This screenshot shows that the address 0x2f99fb66ea797e7fa2d07262402ab38bd5e53b12 mortgaged 1.1503Dai and 0.051715usdc in compound, but borrowed 28702.7973uni. The collateral is almost 0, but the value of the borrowed uni is as high as 330,000 U. In this case, this address will definitely not repay the uni debt. The other three addresses are the same, using almost zero collateral and borrowing hundreds of thousands of U uni coins. These four addresses have borrowed a total of 55,565.9001uni. Currently calculated as 12U each, the total value is 55565.9*12=666790.8 usdt, resulting in a loss of 660,000 U.
Why is it possible to borrow and sell hundreds of thousands of uni coins while using almost zero collateral? The entire attack logic is as follows: 1. Assume that it is time point T0, the price of uni in the market is 7U/uni, and the price feed of compound to uni is normal, which is also 7U/uni2. Then at time point T1, uni is in the market The price on the website suddenly skyrocketed, reaching 11U/uni in an instant. However, there is an error in the price feed of uni in compound, and it still stays at 7U/uni.3. Then someone discovered that Compound’s price feed for Uni was wrong, and immediately mortgaged 200,000 USDC into Compound as collateral, and borrowed Uni coins at the top of the price, according to Compound’s feed price (7u/uni, and a loan rate of 85% ), you can borrow 20*0.85=170,000 U of uni, 170000/7=24285.7143 uni, that is, you can borrow 24,000 uni. 4. Then sell the 24,000 uni in the market (such as uniswap v3) and exchange it for usdc. Because the market price is 11U/uni, you can sell it for 2.4*11=26.4 wUsdc, which is 64,000 more than the collateral. Usdc, this is profit. The following transaction https://etherscan.io/tx/0xaee0f8d1235584a3212f233b655f87b89f22f1d4890782447c4ef742b37af58d can clearly see the above logic.
It mortgaged 193020usdc, lent 19748uni, sold uni to ETH and then ETH to usdc, and finally received 195461usdc, which was 195461-193020=2441 usdc more than the collateral. 5. After Compound feeds the correct Uni currency price into the agreement, these debts will definitely be liquidated, and the liquidation will not be clean. Even if the liquidator takes away all the collateral, a large amount of Uni debt will still be left. This is bad debt.
Why does compound have a uni price feed error? Compound has currently launched a vote to fix this bug. Because compound uses double insurance to set the price of uni currency, one is to use chainlink’s oracle price feed, and it also uses Uniswap TWAP (time weighted average price). But I didn’t check the specific choice between the two price feeds. But judging from the current results, both of them must be normal at the same time for compound to feed prices normally. When the price of uni suddenly skyrocketed, chainlink's price feed was normal, but there was a problem with the price of UniswapTWAP, and the compound protocol gave the wrong price.
😍Follow me! Get news faster!
Last night (2024.2.23)
#uni In an instant, the price rose from 7 US dollars to 11 US dollars.
Compound is a lending agreement that allows users to mortgage other currencies (such as usdc) to borrow uni. For a short period of time after the instant pull of uni, compound did not update the price of uni in a timely manner, resulting in the agreement being able to use mortgages with low uni values. Go and borrow uni. This was discovered by a very few people, who borrowed a large amount of uni by mortgaging usdc, and then sold the uni into usdc. Then you will find that the amount of usdc they obtained is actually more than the amount of compound they mortgaged. Let me carefully analyze this attack on the lending protocol. The data source is https://bad-debt.riskdao.org/. The addresses that are profitable for the attack are the following four: 0x6980a47bee930a4584b09ee79ebe46484fbdbdd0
0x5968ada261a84e19a6c85830e655647752585ed4
0x49bc3cec1fb7978746f742a4e485d0d601831cea
0x2f99fb66ea797e7fa2d07262402ab38bd5e53b12
Now check the balances of these four addresses on debank. You will find that in the compound protocol, these four addresses have a debt, but the collateral is almost zero, as follows:
This screenshot shows that the address 0x2f99fb66ea797e7fa2d07262402ab38bd5e53b12 mortgaged 1.1503Dai and 0.051715usdc in compound, but borrowed 28702.7973uni. The collateral is almost 0, but the value of the borrowed uni is as high as 330,000 U. In this case, this address will definitely not repay the uni debt. The other three addresses are the same, using almost zero collateral and borrowing hundreds of thousands of U uni coins. These four addresses have borrowed a total of 55,565.9001uni. Currently calculated as 12U each, the total value is 55565.9*12=666790.8 usdt, resulting in a loss of 660,000 U.
Why is it possible to borrow and sell hundreds of thousands of uni coins while using almost zero collateral? The entire attack logic is as follows: 1. Assume that it is time point T0, the price of uni in the market is 7U/uni, and the price feed of compound to uni is normal, which is also 7U/uni2. Then at time point T1, uni is in the market The price on the website suddenly skyrocketed, reaching 11U/uni in an instant. However, there is an error in the price feed of uni in compound, and it still stays at 7U/uni.3. Then someone discovered that Compound’s price feed for Uni was wrong, and immediately mortgaged 200,000 USDC into Compound as collateral, and borrowed Uni coins at the top of the price, according to Compound’s feed price (7u/uni, and a loan rate of 85% ), you can borrow 20*0.85=170,000 U of uni, 170000/7=24285.7143 uni, that is, you can borrow 24,000 uni. 4. Then sell the 24,000 uni in the market (such as uniswap v3) and exchange it for usdc. Because the market price is 11U/uni, you can sell it for 2.4*11=26.4 wUsdc, which is 64,000 more than the collateral. Usdc, this is profit. The following transaction https://etherscan.io/tx/0xaee0f8d1235584a3212f233b655f87b89f22f1d4890782447c4ef742b37af58d can clearly see the above logic.
It mortgaged 193020usdc, lent 19748uni, sold uni to ETH and then ETH to usdc, and finally received 195461usdc, which was 195461-193020=2441 usdc more than the collateral. 5. After Compound feeds the correct Uni currency price into the agreement, these debts will definitely be liquidated, and the liquidation will not be clean. Even if the liquidator takes away all the collateral, a large amount of Uni debt will still be left. This is bad debt.
Why does compound have a uni price feed error? Compound has currently launched a vote to fix this bug. Because compound uses double insurance to set the price of uni currency, one is to use chainlink’s oracle price feed, and it also uses Uniswap TWAP (time weighted average price). But I didn’t check the specific choice between the two price feeds. But judging from the current results, both of them must be normal at the same time for compound to feed prices normally. When the price of uni suddenly skyrocketed, chainlink's price feed was normal, but there was a problem with the price of UniswapTWAP, and the compound protocol gave the wrong price.
😍Follow me! Get news faster!
Disclaimer: Includes third-party opinions. No financial advice. May include sponsored content. See T&Cs.
97
0