UNKNOWN

FEBRUARY 2021

GLOBAL

TELLOR

DESCRIPTION OF EVENTS

Tellor is "[a] decentralized oracle network." "A decentralized oracle on Ethereum enabling censorship-resistant access to off-chain data." "Tellor is a permissionless community of token holders, data providers, and validators. Together, we cryptographically secure putting real world data on-chain."

 

"Frederick-based Tellor started in March 2019, founded by Nicholas Fett, Brenda Loya, and Michael Zemrose. Fett's background as a former federal regulator with the Commodity Futures Trading Commission (CFTC) has given him a unique perspective: "The entire field is so dynamic and still relatively new. Most people are only beginning to understand its potential.""

 

"What attracted Fett was the ability to create financial solutions that are "community based, decentralized, and have the potential to be unstoppable.""

 

"On February 15, 2021, the Tellor system experienced a major error while deploying the upgrade to v2.6.1." "All current token balances are saved, however Tellor and TRB transfers are currently frozen."

 

"To allow a method for Tellor to upgrade without forking the entire system, we utilize a proxy contract that holds the functionality and then can switch/upgrade this contract through a token weighted vote. The upgrade to v2.6.1 contained a transition to an invalid proxy address, which had no functionality. This error was not caught in the proposal process and consequently was voted in favor for. Once the upgrade was deployed it essentially froze our system, the oracle, and our native token, TRB."

 

"The danger here should be palpable. A bad actor could add a function that lets them mint tokens or steal any ETH you send to the contract. It’s basically full control of any funds or data in the system and whoever owns this functionality (usually called an “admin key”) owns the system."

 

"The freezing of Tellor didn’t just break Tellor, it broke quite a lot of other contracts. The main ones being other defi contracts like Uniswap and Balancer. Since the original Tellor token can’t be transferred, all of the TRB AND ETH is locked for good. This means that the guaranteed APY of your pool is now zero. Luckily for those holders, the Tellor team is compensating them, but I don’t think many LP’s are aware how dependent they are on the projects whose tokens they provide liquidity for. A more malicious attack could lead to much more disastrous consequences."

 

"We are working diligently to resolve this issue quickly. As of this moment, our most likely course of action will be involving a redeployment of the Tellor contract, requiring a token swap. We will keep you guys up to date on the process as it happens."

 

"All the balances are saved so when we redeploy, you will be able to call a function (from the current address you hold your TRB) to get your tokens."

 

"Yesterday we deployed on Rinkeby, and will continue testing throughout today. Once finished, we’ll announce the next steps for the migration process."

 

"We have completed our mainnet testing and everything looks great! We are currently finalizing our updates to Tellor's tools (website, migrations, disputes, price feed, etc...)"

 

"All systems are go! White heavy check markWhite heavy check markWhite heavy check mark We are very happy to announce that the Tellor Oracle is back online and TRB migrations are ready to begin." "If you have custody of your TRB then all you have to do is visit https://tellorscan.com/migrate and follow the instructions."

When upgrading the smart contract, Tellor had a failure which brought down their entire system.

 

It appears that everything is brought back online and recovered to a new smart contract, assuming the ETH pools on third parties became unstuck.

HOW COULD THIS HAVE BEEN PREVENTED?

No user funds appear to have been lost in this case.

 

Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.