Arkadiko Oracle Glitch Aftermath

Hello Arkadians,

We’ve had a tumultuous past 12-hours at Arkadiko. A technical glitch on Coinmarketcap resulted in our oracle malfunctioning which led to some undesirable behaviour on the platform.

What happened ?

Yesterday, 14th of December at roughly 9.30 pm UTC, prices of Coinbase and Coinmarketcap briefly became incredibly inflated on many assets.

STX was also affected and our oracle, which partly depended on data from coinmarketcap, forwarded a price of over 21 million per STX to the smart contract. This unrealistic price led to Vaults being heavily over-collateralized and enabled the minting of millions of USDA. The Vaults incorrectly believed the value of their collateral to be sufficient to sustain these mints.

A few wallets used the opportunity to mint USDA this way, resulting in a heavily inflated and unbacked USDA supply. Most who minted this way did not take any subsequent actions, likely experimenting to see if what the UI was showing them would actually work.

Others were not so benevolent. A few wallets used the surplus USDA to start swapping in the STX/USDA pool, effectively draining the pool of STX for freely minted USDA.

The response

Arkadiko developers were alerted quickly thanks to a watchful community. Once we noticed the excess USDA supply, we immediately disabled Arkadiko Swap through a privileged function that only the DAO-contract can call.

This meant that no further swaps were possible, removing the attack vector on Arkadiko. Still, the excess USDA that came into existence needed to be sorted out, as it could still be used on other protocols that have liquidity pools containing USDA, such as StackSwap.

Next step was to use DAO-contract to burn the wrongfully minted USDA so that they could not be used in the future. An initial list with some of the most serious offenders was created and within a couple of hours, the vast majority of USDA was already gone. After more thorough investigation, we identified a few million more USDA which was burned in a second round.

In this phase of the protocol, devs still hold some control over vital functionality. This enabled us to disable the swap and mint/burn USDA. In the early months of the protocol where it can experience some growing pains, it is actually a great boon to have these limited tools to contribute to a solution. The plan was always to further decentralize as the protocol matures.

We are currently working on stabilizing the Vaults that minted the excess USDA. The USDA tokens they minted are gone, but the Vault still registers a massive debt that was created by the mint. We will mint USDA to repay and burn that debt, ensuring that these Vaults do not lead to abberant behaviour in the future.

We’ve also adjusted the oracle to be more robust when confronted with outlier data points. Something like this can not happen anymore in the future. As the first DeFi protocol on Stacks, we had to write our own oracle implementation as typical oracle solutions such as Chainlink or Band were not yet supported. We’ve been closely tracking Chainlink development on Stacks, have been in contact with Chainlink, used it on testnet and applied for a Chainlink grant. Hopefully we can use them as soon as possible once they deploy to mainnet. In the meantime, our oracle has been beefed up and should be resilient to the type of glitch we experienced last night.

Damage assessment

Now that the dust has settled, we calculated the effect of the malicious swaps that happened as a consequence of the minting glitch.

The following addresses were able to get a swap through before we were able to disable it completely:

SPRAHKK7E6HZ159H4PV1QPZ685QXCXER6S4MZR7W
SP11ETHNJKZRF8N4VMMK62FM322HKVQPRAN8JM1R6

A total of 680 000 USDA was swapped for 279 787 STX.

SP11ETHNJKZRF8N4VMMK62FM322HKVQPRAN8JM1R6 was identified as typeonchain.btc . He has not moved the swapped STX out of his wallet and we ask him to contact us to return the swapped STX so we can use it to partly rebalance the pool.

If you value USDA at 1 USD, no dollar value was lost as the consequence of these swaps. However, due to the imbalance that was created in the pool, actual price of USDA is 0.66 USD at the time of writing. This represents an arbitrage opportunity that should close over time. Longterm, the extra USDA in the pool should not affect the protocol too much as there is still plenty of STX-value in the Vaults to cover it.

Liquidity Providers in the STX-USDA pool are the only ones affected if you decide to withdraw your LP at this point in time. The impermanent loss originates from off-peg USDA so LP’s might want to wait it out until the gap closes.

If you believe in Arkadiko and USDA, the arbitrage opportunity is there as soon as we re-enable the swap.

Conclusion

Due to an external error on coinmarketcap, our oracle experienced a glitch which resulted in a very brief window that enabled malicious users to take advantage of it. Two wallets were able to extract some STX from the pool, decreasing USDA price for everyone else. USDA is structurally healthy right now and the lowered price of USDA will most likely be closed by arbitrage in the future. Thanks to a vigilant community and quick dev response, Arkadiko was able to mitigate the damage done.

While the whole event was a negative for the protocol, we’ve seen the strength of the community in action. We’ve received a lot of help with investigating on-chain and the discord chats were full of suggestions, possible fixes and general good spirit. It is in these times that the usual silent majority joins us to combat these external threats. We are truly blessed to have such smart and understanding people working together with us.

Join the discussion on our Discord to follow up on the status on Arkadiko in these next few days.

We have some big things coming up which should be unaffected by what happened today.