In today's edition of YIYL, (You Invest, You Lose) we head to my bread and butter, the DEFI space, the gift that keeps on giving. I feel like anyone who believes in DEFI hangs around hoping something cocks up and they're the first to react and pick up free money. It really has become a game of how much money can be lost building something very few people are using and the bill is stacking up.
A lot of people think that I just hate DEFI because it's not on bitcoin, no I hate DEFI because it's stupid lol. Just because you DEFI using bitcoin as an asset or DEFI using an EVM fork that you merge mine with ASICS doesn't make it better. As we can see with the case of Sovryn, a DEFI platform built on the RSK network, a so-called side chain of bitcoin.
It's only our first hack give us a chance
I've never used Sovryn, nor do I feel the need to, nor would I want to after they lost $1 million to a price manipulation attack. A user who had some brains about them was able to use the project's legacy lend and borrow functionality to maliciously withdraw 44.93 RBTC (~$915,000) and 211,045 USDT.
Not a bad move, for a day's work, I wouldn't mind slapping my keyboard silly for a day and walking away a millionaire, and good for him, you found a loophole, you executed and you were rewarded, that's how the game is played.
Humans are always going to look for ways to open up a honeypot, especially the bigger it gets, which is why I don't see how these DEFI services think they can hold any substantial amount of value before real G's come in and start looking to bang in your codes backdoor.
This was the service's first attack and probably because no one gives a fuck about using DEFI on bitcoin or some side chain, if I want to Degen and yield farm I will fucking do it on Ethereum or another shitcoin chain where the asset doesn't fucking matter. That's what DEFI is about moving in and out of systems to try and get more dollars in the end, what you trade and what you trade on means sweet blue fuckall.
A post mortem
The user bought WRBTC (wrapped RBTC) using a flash swap in RskSwap. Then, they borrowed additional WRBTC from Sovryn’s lending contract using his XUSD (another stablecoin) as collateral.
“The attacker then provided liquidity to the RBTC lending contract, closed their loan with a swap using their XUSD collateral, redeemed (burned) their iRBTC token, and sent the WRBTC back to RskSwap to complete the flash swap,” the post continued.
The entire process manipulated the iToken price such that the attacker could withdraw far more RBTC from the lending pool than was first deposited.
According to the protocol, their developers
"were able to identify and recover funds as the attacker was attempting to withdraw the funds".
The team have also announced that Exchequer, the project's treasury committee, would "reinject" the remaining stolen funds. Meaning no customer funds were lost and they can still redeem if they don't feel comfortable in the system.
Sounds very "decentralised" to me, if you can intervene, and re-inject funds, lol fucking DEFI.
We're built on bitcoin lol
Can anyone explain the reason why we need DEFI on bitcoin? Seriously? What does it offer me pooling bitcoin with stablecoins and suffering impermanent loss? Then if I do make a profit, I need to find a way to get out of this extended custodial system to peg out to get real on-chain bitcoin, just seems like a lot of effort and a lot of risk, for very little upside.
I guess I am not meant to think about these things and just look at the yield bro, paper gains bro, fucking hell
Sources:
Have your say
What do you good people of HIVE think?
So have at it my Jessies! If you don't have something to comment, "I am a Jessie."
Let's connect
If you liked this post, sprinkle it with an upvote or esteem and if you don't already, consider following me @chekohler and subscribe to my fanbase
| Earn Free bitcoin & shop | Earn Free Bitcoin & shop | Claim Free Bitcoin & Shop |
|---|---|---|
 |  |  |
Posted Using LeoFinance Beta