关于暂停Deri Protocol V1的公告

自2021年2月上线以来,Deri Protcol已经平稳运行一段时间。最近的各类DeFi项目受攻击事件不断,团队在日常运营过程中进一步加强了安全检查工作。

北京时间2021年6月1日早上10点,在平台的日常安全检查过程中,团队发现某个地址的交易异常,调查后确认为该地址试图利用系统的Oracle规则漏洞获利。

确认情况后,项目团队立刻启动应急响应程序,采取如下措施第一时间确保用户资金安全

– 暂停所有用户在Deri Protocol V1的充提币及交易操作

– 排查所有异常交易,识别恶意地址

– 确认恶意地址黑名单确保平台上普通用户的资金安全

因及时发现及响应,Deri Protocol确认用户资金安全,用户可在浏览器内查询确认资金的安全性:

https://bscscan.com/address/0x639a9C2fAe976D089dCcc2ffAE51Ef1dd04B7985

在项目启动之初,为应对可能出现的此类攻击情况,保护平台用户的资金安全,Deri Protocol在合约内设定了流动性池迁移功能,可将用户的资金安全迁移到另一个流动性池内。此次,团队将按此规则对V1现有的流动性池进行迁移,迁移过程如下:

  1. 重新部署了合约  https://bscscan.com/address/0xaf081e1426f64e74117ad5f695d2a80482679de5
  2. 根据迁移规则设定,对新合约设置了三天的审核窗口期,用户可以自行检查合约详情。
  3. 三天审核窗口期结束后(UTC时间2021年6月4日4点15分),团队将会在新的合约内调用executeMigration()功能将原流动性池内的资金及仓位进行迁移。
  4. 恶意地址的盈利将在迁移过程中返回给新的流动性池内,确保用户资金不受损失。
  5. 迁移完成后,原流动性池将在Deri Protocol平台移除,普通用户可以在新的流动性池内进行平仓、充提币的操作。

详细信息请在浏览器内查看:

https://bscscan.com/address/0x639a9C2fAe976D089dCcc2ffAE51Ef1dd04B7985#readContract

⚠️Deri Protocol采用新的Oracle解决方案,该漏洞在V2不适用。

虽然V2不会有这个漏洞,但是因为V2需要用户进行流动性迁移,团队决定待V1 修复后再上线V2,最大化平台用户的利益。

Announcement on the suspension of Deri Protocol V1

Since its launch in February 2021, Deri Protcol has been running smoothly. Over the past month, various DeFi projects have been attacked continuously, and the team has further strengthened security inspections in all our operations .

At 10 a.m. on June 1, 2021, SGT time, during the daily security check, the team found an address’ abnormal transactions . After investigation, it was confirmed that the address was trying to profit from the system’s off-chain Oracle rule loopholes.

After assessment of the situation, the team immediately started the emergency response procedures, and took the following actions to ensure the safety of user funds at the first time:

-Suspend the deposit, withdrawal and staking operations of Deri Protocol V1 for all users

-Troubleshoot all abnormal transactions and identify malicious addresses

-Confirm the blacklist of malicious addresses to ensure the safety of funds for ordinary users

Due to timely discovery and response, Deri Protocol confirms the safety of users’ funds. Users can check and confirm the safety of funds in the browser link:

https://bscscan.com/address/0x639a9C2fAe976D089dCcc2ffAE51Ef1dd04B7985

At the beginning of the project, in order to deal with such possible attacks and protect the security of users’ funds, Deri Protocol has set up a liquidity pool migration function in the contract, which can safely migrate users’ funds to another liquidity pool. This time, the team will migrate the existing liquidity pool of V1 according to this rule. The migration process is as follows:

  1.  Deploy new contract https://bscscan.com/address/0xaf081e1426f64e74117ad5f695d2a80482679de5
  2. According to the migration rules, a three-day review window is set for the new contract, and users can check the contract details by themselves.
  3. After the three-day review window is over (at 4:15 am on June 4, 2021 UTC), the team will call executeMigration() function in the new contract to migrate the funds and positions in the original liquidity pool.
  4. The profit of the malicious address will be returned to the new liquidity pool during the migration process to ensure that user funds are not lost.
  5. Post migration, the original liquidity pool will be removed from the Deri Protocol platform, and ordinary users can close positions, deposit and withdraw coins in the new liquidity pool.

️Deri Protocol uses a new Oracle solution, and the vulnerability is not applicable in V2.

Although V2 will not have this loophole, because V2 requires users to migrate liquidity, the team decided to wait for V1 to be fixed before going online to V2 to maintain the interests of all platform users. The profit of the malicious address will be returned to the new liquidity pool during the migration process to ensure that user funds are not lost.

欢迎加入社群 探讨web3,分享项目空投信息  https://discord.gg/RW94PbPv3p

原创文章,作者:我叫十七,如若转载,请注明出处:http://www.lianchaguan.com/archives/37090

(1)
上一篇 2021年6月1日 下午1:00
下一篇 2021年6月1日 下午3:01

相关推荐