$0 USD

APRIL 2022




"Adding Dimension to DeFi Earn predictable returns Earn a boosted yield Profit from interest rate movements"


"Sense operate[d] as decentralized, permissionless infrastructure, where teams [could] build and develop new yield primitives for DeFi, such as bond-like assets, yield tokens, and tranche-like instruments. Yield-stripping [was] the first application built on Sense, where users [could] lend at a fixed rate and make capital-efficient long/short bets on the future yields of existing yield-bearing assets."


"Sense is decentralized permissionless infrastructure, where teams can build and develop new yield primitives for DeFi, such as fixed income tokens, yield tokens, and other custom re-divisions of existing tokens' exposures."


"Stripping is the first application built atop Sense, where users can 1) access fixed rate versions of existing variable yield tokens or 2) make directional long/short bets on the future yields of existing yield-bearing assets."


"Sense works by breaking down a variable yield-bearing asset (a "Target") into two fixed term assets: a Principal Token (PT) and a Yield Token (YT). PTs & YTs trade on Sense Space, a high-yielding custom AMM."


"Security is our highest priority at Sense. The Sense Protocol has undergone various forms of quality assurance, such as unit/integration/manual testing, fuzz testing, and multiple 3rd party audits."


"On April 22, whitehat Violet Vienhage submitted a critical vulnerability in Sense Finance via Immunefi."


"We immediately paused the Sense Fuse Pool, the main consumer of the oracle, and followed up with an announcement of the bug on our discord." "Users can continue to safely earn fixed rates, go long/short future yields, and provide liquidity on Sense Space. Borrowing & Lending on the Sense Fuse Pool has been halted until further notice."


"A user could manipulate the oracle data at the most recent timestamp for a given Space pool by sending dummy swaps, incurring only the gas costs associated with the transaction. An attacker could do this every x minutes and drive the TWAP of the Space pool in whichever direction they’d like."


"Prior to adding the oracle to our Balancer Pool, the onSwap (Space.sol#L325) the function did not mutate any storage slots. As a result, the onlyVault (Space.sol#L807) modifier we use for the joins and exits — which makes it so that only the Balancer Vault can call those functions — was not used for our swap function. This was a deliberate omission since we were using onSwap as a preview function elsewhere in our codebase. ie, we were using it to check how much out we’d get for a given amount in, or vice versa, before actually executing the swap.


Unfortunately, we didn’t catch that when we added the oracle component later in our dev cycle for v1, there was now a storage slot mutation that shouldn’t have been accessible without actually performing a swap. Namely, updating the Space oracle price buffer should only happen when there’s a valid swap involving transferred tokens, but because an actual swap only actually takes place if onSwap is called through the Balancer V2 Vault, one could corrupt the oracle date by calling it directly as a “preview” function with garbage swap data."


"Sense Finance has paid the full $50,000 bounty listed on our ImmuneFi Bug Bounty Program and has already deployed a fix to mainnet."


"After 18 months of operation, we’ve made the decision to sunset the Sense Protocol and open-source the UI for community use."


"The Sense Core team will cease contributions to the current and future versions of the Sense Protocol. Despite our enduring belief in fixed income, the current DeFi market landscape lacks the consistent demand for fixed rates essential for robust market development."

Sense Finance offers investors the ability to earn a small predictable return on their investments. Unfortunately, a vulnerability was introduced into the protocol during development, which could have allowed an attacker to take funds from the smart contract. Violet Vienhage, the whitehack who found and reported the vulnerability, was rewarded with a $50k bounty.

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.