Moonwell remained unaffected during an exploit of Gamma Strategies that led to precautionary pause of v3/concentrated liquidity pools on Stellaswap. Concerns were raised about the impact on Moonwell’s liquidators using flash loans. However, as Stellaswap resumed operations after 4 hours and no liquidations were impacted by this event, Moonwell’s operations remained stable and safe.
The exploit was linked to Gamma Strategies’ deposit protection mechanisms, where the price change threshold was set too high, allowing for manipulation without triggering safeguards. The attacker took advantage of this to deposit funds at an inflated value. Gamma Strategies has since ceased deposits and is working on stronger security measures. Please see this tweet for more information.
During the Gamma Strategies incident, a key concern for Moonwell centered around its liquidation processes, which are integral to the platform’s financial stability. Liquidators on Moonwell heavily rely on flash loans for their operations. Flashloans allow users to borrow large sums of cryptocurrency instantly without needing any collateral, provided they repay the loan within the same transaction block. This mechanism is particularly useful for liquidators to efficiently manage undercollateralized loans.
Here’s how the process typically works:
When a loan becomes undercollateralized (meaning the value of the collateral falls below a certain threshold), liquidators step in to pay off the debt and claim the collateral. To execute this, liquidators use flash loans to borrow the necessary funds swiftly.
They then use these funds to repay the undercollateralized loan, seize the collateral, sell it (often on a platform like StellaSwap), and repay the flash loan, all within one transaction. StellaSwap’s role is crucial here, as it not only provides the necessary liquidity for flash loans but also serves as a marketplace where liquidators can sell the collateral they’ve acquired.
The temporary pausing of StellaSwap’s liquidity pools, due to the Gamma Strategies exploit, raised concerns about potential disruptions to Moonwell’s liquidation process. If StellaSwap’s pools remained paused, it could have restricted liquidators’ access to flash loans and their ability to quickly sell off collateral, potentially impacting Moonwell’s ability to efficiently manage and liquidate undercollateralized positions.
Gauntlet was monitoring the situation closely and was prepared to recommend the following guardian actions:
Pausing New Borrows: The team contemplated temporarily stopping the creation of new borrow positions. This step is crucial in scenarios where the liquidity is constrained, as it prevents users from taking on new loans that might become risky if the platform’s liquidity status worsens.
Pausing Withdrawals: In a bid to preserve platform liquidity and prevent a potential “cascading withdrawals” scenario, where numerous users might attempt to withdraw their funds simultaneously due to panic or uncertainty, a temporary pause on withdrawals was also considered.
Pausing Liquidations: Due to the possible malfunction of the liquidation mechanism, caused by limited access to flash loans and liquidity pools, we considered temporarily suspending liquidations as a last resort. This step would help avoid additional issues stemming from the inability to execute liquidations effectively, thus protecting both borrowers and lenders on the platform.
Keeping the community informed without causing unnecessary alarm was a priority.
In the past week (from Dec 28th to Jan 4th), Moonbeam experienced liquidations totaling $16,850 ($16,691 on Jan 3rd, 12 PM ET and $159 on Dec 29th). As shown in the chart below, liquidations were not triggered during the StellaSwap LP pause and shortly thereafter, indicating that this pause did not cause liquidation issues.
Moonwell’s protocol is secure, with all systems operational. The liquidity pools are functioning as intended, and the risk management protocols have proven effective. Gauntlet will continue to monitor and evaluate the situation, ensuring robust protective measures are in place.
Additionally, it is important to note that although StellaSwap’s Pulsar V3 liquidity pools were temporarily frozen, their V2 liquidity remained active, indicating that liquidations may have still occurred if necessary. In addition, Beamswap, a competing DEX on Moonbeam which also supports flash loans, did not pause swaps and could have also been leveraged by liquidators.
- Jan 3, 2024, 11:33 PM ET:
Stellaswap has temporarily paused their v3/concentrated liquidity pools due to an exploit in Gamma Strategies, a code used by multiple chains. According to a tweet posted by Stellswap on Jan 3, 2024, an alert was received that a DEX linked to Algebra, which uses a different version of the code, was encountering issues. While no issues were detected on Stellaswap, the swaps and add liquidity functions were paused as a precautionary measure. It was later identified that the issue pertained to Gamma’s automated pool, not @CryptoAlgebra.
- Jan 4, 2024, 12:33 AM ET:
Discussions around potential risks to Moonwell and proactive strategies for mitigation. Moonwell contributors reached out to StellaSwap team to understand the timeline on opening swaps back.
- Jan 4, 2024, 1:57 AM ET:
Decision to monitor the situation and await StellaSwap’s unpausing before community notification. Stellaswap mentioned that they will soon unpause the swaps.
- Jan 4, 2024, 3:17 AM ET:
StellaSwap announces that they were unaffected, unpauses swaps, confirming safety for Moonwell.
- Gauntlet will continue to quantify Moonwell’s exposure to other protocols to enhance proactive protection.
- Monitoring for incidents that could impact Moonwell will be ongoing.
- Ensuring that team across different time zones are available for timely responses to any incidents.