QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$540 000 USD
MAY 2024
GLOBAL
BLOOM ON BLAST
DESCRIPTION OF EVENTS

"Powerful leverage, simplified trading Stacked yields. Decentralized. Trade with up to 50x leverage on crypto assets."
"With both ETH and USDB (Blast's native stablecoin) auto-rebasing on Blast and smart contracts, our liquidity providers gain yield from their rebasing USDB as well as a portion of platform fees.
Similarly, our traders will earn the same rebasing yield on their collateral, but additionally enjoy the best liquidation price possible and rebates on their losses made possible through rebasing yield earned on their bets."
"The first perps DEX for rebasing assets, powered by Blast" "Whether you're an LP or a trader, invest in your beliefs and stack rebasing stablecoins. That's the Bloom effect." "A CEX-like experience with fully onchain execution and self-custody. We don't compromise on security or UX."
"Stacked yields make your trades more powerful. Native yield is earned on the Blast network from using rebasing USDB as collateral.
This means better lower opportunity cost, and better liquidation prices for traders. Similarly, as a liquidity provider, you can stack auto-compounding, rebasing rewards and you’ve got yield on yield."
"On Bloom, traders can place "bets" (positions) and either bet "up" (go long) or bet "down" (go short). To open a bet, traders will need to use USDB as collateral, Blast's native yield bearing stablecoin. We offer gas-sponsored, 1-click transactions, which allow traders to open and close bets with a single signature."
"Bloom is developed by Avantis Labs, a blockchain development company backed by some of the world's best investors across crypto, traditional finance and frontier tech, such as Pantera Capital, Galaxy Digital, and Founders Fund."
"The exploit was due to an issue with how Blast-native yields were handled when updating cash for a position, specifically for positions that are in a loss during withdrawal."
"The core problem was located in the method updateTrade(Trade memory _t) inside of TradingStorage.sol . This method updates relevant data for an existing trade during cash deposit / withdrawals through updateMarginCallback inside of TradingCallbacks.sol .
The timestamp variable that defines the pending yield accrued for a position was not being updated correctly when positions have pnl < 0. Because the timestamp wasn’t updated appropriately, this allowed the attacker to continuously withdraw USDB equivalent amounts of accrued yield on their positions over and over again."
"The UpdateMargin method was the entry point of the attack, and upon discovering the cause, the Bloom team proceeded to make an upgrade to remove the functionality from the smart contracts. The feature was effectively disabled to avoid further damage."
"We couldn’t have done this without the help of key onchain sleuths like ZachXBT and security firms like Hexagate. Bloom recovered funds in record time for our users by negotiating a 10% bounty for the exploiter. We prioritize our user safety and will do our best to always communicate in a timely and transparent manner."
"Out of the total exploited funds ($540K), we've recovered $486K (net of a 10% bug bounty), all of which will be re-distributed to LPs. We have agreed to a 10% bug bounty, in return for not pursuing legal charges against the exploiter.
The team's been working around the clock to ensure we get LPs their funds back. We could not have done this without the help of @zachxbt, @RiverRunnner, @PacmanBlur and of course our incredible community's patience and support."
Bloom allows users on the Blast blockchain to make leveraged bets on the future price of different assets, which are called perpetuals. These require margin collateral to be held in the smart contract. There was an issue involving the timestamps of withdrawals on accrued yield for positions that have have a pnl below 0. This issue allowed the accrued yield to be withdrawn repeatedly, draining the protocol. It was resolved by disabling an UpdateMargin method. The team was able to negotiate with the attacker to get a return of 90% of the funds, with the attacker keeping a 10% bounty.
SlowMist Hacked - SlowMist Zone (May 30)
@BloomOnBlast Twitter (May 30)
@BloomOnBlast Twitter (May 30)
@BloomOnBlast Twitter (May 30)
Bloom Exploit Post-Mortem: 05.09.2024 — Bloom (May 30)
Blastscan Transaction Hash (Txhash) Details | BLAST
(May 30)
Blastscan Transaction Hash (Txhash) Details | BLAST
(May 30)
@BloomOnBlast Twitter (May 30)
Bloom (May 30)
Welcome | Bloom (May 30)
