MAAT Protocol Share Conversion Rounding Error

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Revision as of 14:50, 22 January 2025 by Azoundria (talk | contribs) (Created page with "{{Imported Case Study With About|source=https://www.quadrigainitiative.com/casestudy/maatprotocolshareconversionroundingerror.php}} {{Unattributed Sources}} thumb|MAAT Protocol BrandingMAAT Protocol was an omnichain yield aggregation platform that automatically reallocated funds to optimize returns using LayerZero V2 and Stargate V2 technologies. It emphasized security with smart contracts and transparency. The protocol faced an issue with a ro...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

MAAT Protocol Branding

MAAT Protocol was an omnichain yield aggregation platform that automatically reallocated funds to optimize returns using LayerZero V2 and Stargate V2 technologies. It emphasized security with smart contracts and transparency. The protocol faced an issue with a rounding error in its convertToShares() function, affecting share redemptions. The MAAT Protocol Twitter and website removed content, and the project’s current status is unclear, though some documentation remains online.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18]

About MAAT Protocol

MAAT Protocol was developed as an omnichain meta-yield aggregation platform with a built-in portfolio management feature, leveraging LayerZero V2 and Stargate V2 technologies. In its MVP stage, the protocol aggregated yields from various platforms, such as Yearn Finance and AAVE, to help users access the best yield sources automatically. MAAT reallocated funds to the most profitable strategies as yields change, ensuring optimal returns for users without requiring manual intervention.

The protocol emphasized security by utilizing smart contracts to protect user funds, and all deployed contracts were available for public inspection, offering transparency and assurance. Looking ahead, the roadmap for MAAT’s V1 version included improved yield aggregation, enhanced user experience, new yield strategies, and aggregator integrations. The V1 update will also feature a comprehensive dashboard, automated notifications, and streamlined management tools to provide users with an efficient and secure yield optimization experience across multiple chains.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - MAAT Protocol Share Conversion Rounding Error
Date Event Description
November 13th, 2024 9:30:00 AM MST Meetup In Bangkok Thailand According to the only post available on Twitter, there's an initial meetup about the protocol hosted in Bangkok, Thailand. "Join us at the Omnichain Frens meetup for a relaxed evening and meet with the builders shaping the future of omnichain technology. This is an event you don’t wanna miss where giga brains drop alpha."
December 6th, 2024 6:18:15 AM MST BSC Attack Transaction The protocol is attacked on the Binance Smart Chain.
December 6th, 2024 6:30:00 AM MST TenArmor Original Tweet TenArmor initially assumes that a security breach is occurring involving Stargate Finance on the Binance Smart Chain (BSC), with an estimated loss of $32.8K. The attack appears to have targeted the StargatePoolUSDT contract, draining USDT.
December 6th, 2024 7:48:00 AM MST Not Stargate After All TenArmor provides an update with additional analysis. "The issue seems to originate from the 0x090f StargateV2Strategy contract, an investment strategy contract that stakes funds in Stargate. This is not part of Stargate's core protocol."
December 6th, 2024 7:55:00 PM MST TenArmor Links Incident TenArmor manages to make the connection between the stargate exploit and the MAAT protocol. They post this publicly in a tweet.

Technical Details

"The root cause lies in a rounding error within the convertToShares() function. When a user redeems 1 share, the function calculates the burnable token amount by rounding down, resulting in a value of 0."

Total Amount Lost

The total amount lost has been estimated at $33,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

"Our system has detected multiple suspicious undergoing attack involving #Stargate @StargateFinance on #BSC, resulting in an approximately loss of $32.8K so far."

Ultimate Outcome

It appears that the MAAT Protocol Twitter account has been updated to remove all tweets, including the tweets about the incident. The MAAT Protocol website does not display any information about the project and appears to request users to connect their wallet for early access. Some documentation about the protocol was still found online.

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. @maatprotocol Twitter (Accessed Jan 22, 2025)
  2. @maatprotocol Twitter (Accessed Jan 22, 2025)
  3. Omnichain Frens · Luma (Accessed Jan 22, 2025)
  4. MAAT Finance (Accessed Jan 22, 2025)
  5. MAAT Finance (Accessed Jan 22, 2025)
  6. MAAT Finance (Accessed Jan 22, 2025)
  7. Introduction | MAAT Finance (Accessed Jan 22, 2025)
  8. MAAT | MAAT Finance (Accessed Jan 22, 2025)
  9. Introduction | MAAT Finance (Accessed Jan 22, 2025)
  10. BNB Smart Chain Transaction Hash (Txhash) Details | BscScan (Accessed Jan 22, 2025)
  11. @Hermione7812 Twitter (Accessed Jan 22, 2025)
  12. @rahulbarmann Twitter (Accessed Jan 22, 2025)
  13. @maatprotocol Twitter (Accessed Jan 22, 2025)
  14. MAAT (Accessed Jan 22, 2025)
  15. MAAT (Accessed Jan 22, 2025)
  16. MAAT (Accessed Jan 22, 2025)
  17. MAAT (Accessed Jan 22, 2025)
  18. MAAT (Accessed Jan 22, 2025)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=MAAT_Protocol_Share_Conversion_Rounding_Error&oldid=6460"