$116 000 USD

NOVEMBER 2021

GLOBAL

MOAR FINANCE

DESCRIPTION OF EVENTS

"MOAR is a derivative-aware, cross-chain, and operationally safe lending protocol embedded with accessible financial tooling and derivatives primitives. MOAR is built on the latest version of Solidity, can handle ERC-721 (the token for NFTs and frequently used for derivatives), and fully supports UNION Finance’s C-OP instrument (a decentralized Put) for collateral optimization natively. Built on Ethereum, MOAR will emphasize a user-friendly front-end replete with features like one-click capital optimized borrowing and yield strategy access, a proprietary liquidation program, embedded derivative support, DEX integration, structured credit products, interest rate swaps, term deposits, and cross-chain connections to BSC and Polkadot — with more L1’s planned for the future."

 

"Utilize derivatives to increase borrow power, hedge liquidation risk, and provide fixed rate yield curves." "Provide sophisticated, easy-to-use portfolio management tools; user-set liquidation controls, DEX, and advanced yield instruments." "Limitless financial and technology composability by building on interoperable protocols: Polkadot, BSC, more." "Minimize transaction and risk management costs through a mix of Layer 2, gas protection contracts, and Layer 1 bridging."

 

On June 21st, 2021, "MOAR’s first closed Beta was completed with great success!" "Peckshield, the tier 1 auditor whom we locked in Mid May for auditing MOAR started their work as agreed on June 14th. Their estimate to complete the first round of audit is 5 weeks, and we have planned an additional 1–2 weeks to address their findings. While we have seen other projects charge into Mainnet without audits or mid-audit, we continue to prioritize security when it comes to user funds."

 

On July 31st, the project launched "in Guarded Phase with conservative measures around our innovative features to vet stability in Mainnet." "The integration work for Polygon was completed in August and the team is developing our No-Interest Loan (NIL) using the Curve pools combined with Beefy aggregator for automatic interest pay down." "Our work with taking Ribbon’s covered Bitcoin pool and ETH pool has passed final testing!" "As shared in the last product update, the work on Polygon has already been completed. We have continued evaluating the gas situation in Ethereum and recognize the challenge of most users to operate on this layer."

 

On November 10th, 2021 "[a]t 7:32 PM UTC MOAR lending platform suffered a flash loan attack leaving $116k of bad debt." "Do not deposit into platform until further notice."

 

"Borrows have been disabled. All borrows will be rejected. Repay still works." "UNN / MOAR borrow factors are set to 35% again." "This allows legitimate borrowers who borrowed against UNN / MOAR to repay and not be liquidated."

 

"MOAR / UNN borrow factors reduced from 35% to 0%. Deposit rates temporarily set to 0 as all assets were 100% utilized and paying out high rates. We are evaluating ways to pay down attacker's 116k bad debt. This would free up depositor collateral for withdrawal. Borrowers are still responsible for paying their legitimate borrows. Do not deposit new funds until further updates."

 

"Funds to pay down the $116k bad debt has been set aside." "No MOAR tokens were sold to obtain these funds." "Existing holdings of ETH, USDC, and USDT were utilized." "25% of ETH / MOAR Uni liquidity was removed. ETH will be used as part of payment. MOAR will be kept in Treasury." " To prevent further attacks, paydown and next steps will be announced after paydown is completed." "You are still responsible to pay down your own borrows." "If you borrowed against UNN or MOAR, you are strongly advised to pay down the borrow after we pay down the bad debt."

 

"In the coming weeks UNN / MOAR borrow factor will be set to 0 until oracles feeds are available."

 

"We have confirmation from @AscendEx_global that UNION accounts and positions are unaffected by the hack. Deposits and withdrawals have been temporarily suspended. We pledge support to the AscendEx team during this difficult time."

 

"Team is evaluating compensation." "Diamond analysis completed. A total of 344,578 MOAR will be distributed! Link to check reward will be shared early next week."

 

"At this time, all bad debt has been repaid. Any outstanding debt is the responsibility of the borrowers themselves to repay."

 

"Starting the year off the right way! Telegram is here for everyone. We ask previouly banned users to rejoin with our most sincere apologies. This community deserved and will get better! Appreciate your continued support and patience."

 

"Next steps to re-enable borrows are to set MOAR and UNN to 0 borrow factor the week of Dec. 6th, until Oracle solution found. Please manage your liquidity!" "That means, they will not contribute any collateral value to your borrows. If you have borrows relying on MOAR and UNN, you may fall into negative liquidity and be considered for liquidation. We are giving plenty of advance warning (along with our tweets last week) so you have time to manage liquidity."

Moar Finance is a decentralized lending protocol. The protocol suffered from a Flash Loan attack on November 10th, which saw the attacker make off with $116k worth of funds. This left a bad debt in the protocol, which the team subsequently repaid. There does not appear to be any loss to affected users.

HOW COULD THIS HAVE BEEN PREVENTED?

This was a minor loss which happened in an audited smart contract hot wallet. Security could have been improved through the use of a better price oracle and getting audits from multiple firms. While it is certainly possible to have more funds in an offline mlti-sig cold storage, the loss was relatively small, and can easily be recovered by a treasury self-insurance or industry insurance fund.

 

Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.