OptiFi Accidental Shutdown Command

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

OptiFi Branding

OptiFi was a decentralized exchange service which sought to process more transactions, optimize the liquidation process, and enable more liquidity in markets. On August 29th, the developers made a mistake and permanently closed down their smart contract, with the entire market coming to an end and a reported $661k worth of funds being locked in the smart contract.

About OptiFi

TBD - Add information about launch timeline. Add information about team. Add information about headquarters.

OptiFi was a derivatives-focused[1] Solana-based decentralized exchange which offered new innovation in trading[2]. Users could interact with the smart contract through their website[3][4].

"OptiFi is the first derivative DEX utilizing "Portfolio Margin" across all financial instruments with the same underlying asset.

We see there are three main problems with derivative DEXes: Lack of high performance blockchain infrastructure; Inefficient margining and collateral system designs; Not enough liquidity on the order book.

To combat these problems, OptiFi is built on Solana and Serum to offer low cost and high-speed execution.

Utilizes portfolio margin and partial liquidation to enhance capital efficiency, and offers the first ever on-chain options AMM with delta-neutral strategy to ensure continuous liquidity across all financial instruments on OptiFi.

Unlike typical margin requirements that set margins independent from each instrument, Portfolio Margin takes all instruments with the same underlying asset into account, and nets them against one another, creating lower margin requirements and offsets risks for the user."

Programs (equivalent to smart contracts) on Solana can be designed to be updatable, which allows for new functionality to be added or security flaws to be corrected[5].

The Reality

As a decentralized system that relies on the internet, blockchains can experience latency[5]. When operations are aborted in the middle, funds can be sent to a buffer address[5].

While the close program command can be used to recover solana sent to a buffer address, this command is intended to permanently close a program[5]. It does not recover other "program derived" assets (PDAs) such as USDC[5], and cannot be reverted[5]. The program can only be relaunched on a new program ID[5].

TBD - add information about Solana documentation.

TBD - add information about the smart contract getting audits prior.

TBD - add any information about past developer experience.

What Happened

On August 29, 2022, an incident occurred with the OptiFi program on Solana mainnet, resulting in its closure and the locking of all user funds totaling 661K USDC[1][5][6]. The incident was caused by mistakenly using the 'solana program close' command during an upgrade attempt[6]. The funds, including AMM vaults and user accounts, were not recoverable at the time[6]. The company says one of its developers was trying to update the program on the Solana blockchain and accidentally used a command that permanently shut the smart contract down[6].

Key Event Timeline - OptiFi Accidental Shutdown Command
Date Event Description
June 8th, 2022 8:00:00 AM OptiFi Job Interviews OptiFi is building up their team. Reddit user sgtslaughterTV reports having an in-person interview with the OptiFi team in June 2022[7][8]. The interview is scheduled for 9:00 AM over Google Meet with no timezone mentioned[8].
August 20th, 2022 DefiLlama Tracking Started The OptiFi protocol has $438.49k of liquidity, according to DefiLlama[9].
August 28th, 2022 Gradual Liquidity Increase The OptiFi protocol liquidity has steadily grown and now reached $453.13k according to DefiLlama[9].
August 29th, 2022 12:03:02 AM MDT Smart Contract Upgrade Operation A transaction was run which is intended to update the OptiFi smart contract program[10][11]. This transaction appears to take longer than usual, which is assumed to be because of "congested network status"[11]. The command was aborted before it returned a "msg"[12]. This left the smart contract in a state where a new "buffer account" had been created but wasn't being used[12].
August 29th, 2022 12:07:39 AM MDT Smart Contract Close Operation A transaction was performed which permanently shut down the OptiFi smart contract[13][14]. This command was run without knowing the full impact of what it would do[14]. The intended action was simply to close the "buffer account" to retrieve the balance it contained[12]. The developers did not realize that they would not be able to relaunch the smart contract.
August 29th, 2022 3:40:00 PM MDT OptiFi Twitter Post OptiFi posts on Twitter about the incident[15][16]. "We accidentally closed the OptiFi mainnet program and it's not recoverable." We will compensate for all users’ funds" (TBD - Check for other relevant posts on Twitter.)
August 29th, 2022 5:17:23 PM MDT OptiFi Incident Report OptiFi publishes their incident report to Medium[17]. They "sincerely apologize for a program incident leading to the sudden closure of the OptiFi mainnet program"[6]. The original version states that the program closure incident cannot be recovered[17].
August 30th, 2022 5:08:59 AM MDT OptiFi Revisions OptiFi's incident report has been revised[17][18]. The revised version adds a statement expressing sincere apologies for the incident[18]. Both versions promise to compensate all users' funds, but the revised version adds that the settlement will be done manually according to Pyth oracle at a specific time[18]. The revised version clarifies that the deployment process was aborted due to the deployment transaction taking longer than usual and mentions the amount of SOL transferred into a new buffer account[18]. The original version states that the deployer did not understand the impact and risk of closing the program[17], while the revised version emphasizes that the program closure is irrecoverable and cannot be redeployed[18]. The original version mentions the need for a rigorous deployment process and suggests adopting a peer-surveillance approach[17], while the revised version focuses on preventing reckless deployment and suggests adding warnings and double confirmation for closing a program[18]. The revised version removes the proposals related to Solana officials and instead shares an open question to all devs and protocols about managing deployment risks and whether closed programs should be allowed to be recovered or redeployed[18]. The revised version adds more clarity and emphasis on the irrecoverable nature of the program closure, includes compensation details, and removes some proposals while introducing open questions for discussion[18].
August 30th, 2022 6:26:00 AM MDT CoinDesk Article CoinDesk releases an article on the situation, which references the original blog post[1][19]. The article states "OptiFi accidentally closed its mainnet platform in a programming blunder"[1]. The article reports the issue happened when the protocol accidentally closed its mainnet platform while attempting to update its program code, resulting in the permanent closure of the platform and the loss of $661,000 in user funds[1]. The platform has pledged to reimburse all users' deposits and settle positions manually on Friday, although the estimated process time will be two weeks[1]. This is one of the first cases where a programming error has resulted in the complete loss of customer assets in the DeFi space[1].
August 30th, 2022 7:25:00 AM MDT CoinDesk Article Revision CoinDesk revised their article. They determined that OptiFi was a "platform" instead of a "protocol", that it was Solana blockchain-powered instead of merely Solana-powered, and removed the text stating that rug pulls and frauds were "erroneous behaviour"[20][21].
September 1st, 2022 5:36:37 PM MDT Reddit Comedy Show The situation is shared on Reddit, where the community finds it very entertaining[22]. The situation was compared to a game of Russian roulette or hitting Alt + F4[22]. It was suggested that the developer was on vacation in Cancun or enjoying a day off after the mistake[22]. Fun was poked at the developer's mistake by referencing the "Leslie, I tried to make ramen in the coffee maker and I broke everything" meme[22]. The lack of testing and quality assurance was mocked by saying, "Who needs QA when you can just execute {DELETE}?" It was humorously suggested that the developer should have hired QA to keep the process in order[22]. The incident was compared to a "resume generating event" or a "Daisy chain" of mistakes[22].
September 3rd, 2022 Halborn Article Explanation Blockchain security company Halborn publishes a summary of the failure on their website. They report that the OptiFi team encountered a glitch while deploying an update to their program on Solana, resulting in the permanent lock of 661,000 USDC held in the contract. The majority of the locked funds, 95%, belonged to team members. During the update process, network latency caused delays, leading the team to terminate the update and transfer the USDC to a buffer address. However, attempts to recover the transferred assets using the solana program close command resulted in an error. The team later discovered that this command is meant to permanently close a program, making the assets inaccessible with a new program ID. According to their opinion, the incident highlights the need for a thorough understanding of the workings of blockchain programs and commands, as well as the importance of developing robust processes for handling unforeseen events when dealing with high-risk activities like program updates on blockchains[5].
September 5th, 2022 2:01:26 PM MDT Largest Reimbursement Transaction The first and largest reimbursement transaction for 4,808.08 USDC was completed on the Solana blockchain[23][24].
September 5th, 2022 2:22:31 PM MDT Final Reimbursement Transaction The final and smallest reimbursement transaction for 0.000298 USDC was completed on the Solana blockchain[25][24].
September 5th, 2022 9:42:00 PM MDT Reimbursement Completed OptiFi Labs reported the reimbursement completion to all affected users[26].
September 6th, 2022 10:06:00 PM MDT Solana Program Recovery Proposal Support on program recovery proposal[27].
September 8th, 2022 4:54:00 AM MDT Mention In CoinBerry Article The OptiFi situation receives a mention in an article on the CoinBerry platform exploit and resulting lawsuit[28]. "Last week, a Solana-based decentralized finance (DeFi) protocol lost $660,000 worth of crypto when it made a programming blunder."
September 19th, 2022 7:19:47 PM MDT Unknown Transaction From Reimburse Wallet The reimbursement wallet gives a final transaction, likely just emptying the last Solana from the wallet[29].
October 11th, 2022 10:56:00 PM MDT Mango Markets Comment OptiFi comments on the Mango Markets exploit[30].
October 20th, 2022 9:18:00 PM MDT Separated Capital Pool Program OptiFi implemented a program of separated capital pool[31].
October 25th, 2022 11:37:00 PM MDT Multi-Signature Deployment Infrastructure OptiFi begins implementation of multisignature on the program deployment[32][33].
November 11th, 2022 5:46:00 PM MST OptiFi Still Working On V2 OptiFi posts on Twitter to announce they are still building their v2[34].

Technical Analysis

The incident unfolded when the deployment of the program took longer than expected, leading to the interruption of the process[6]. During the deployment, SOL tokens were transferred to a new buffer account, and in an attempt to retrieve these tokens, the 'solana program close' command was executed without the required arguments, resulting in the closure of the OptiFi program[6].

The OptiFi smart contract was accidentally closed through the use of the "solana program close" command. In particular, a command was run which terminated the project[6].

$ solana program close -u mainnet-beta --recipient DpLY9ZAomC35AXfWQmJvu7kVJgaSYyUVyCm9miZ6tj4M -k ~/solana-keys/DpLY9ZAomC35AXfWQmJvu7kVJgaSYyUVyCm9miZ6tj4M.json --authority~/solana-keys/DpLY9ZAomC35AXfWQmJvu7kVJgaSYyUVyCm9miZ6tj4M.jsonerror: The following required arguments were not provided:
—-buffers

Realizing the irreversible nature of the closure, the team attempted to redeploy the program using the same program ID but encountered an error indicating permanent closure[6]. Seeking assistance from the Solana community, they learned that re-deployment was no longer possible with the previous program ID[6].

Total Amount Lost

The amount lost has been consistently reported as $661,000 USD[1][9][15][5]. As the amount was lost in the USDC stablecoin[15], there is no volatile exchange rate to consider. 95% of the lost funds were owned by the OptiFi team[5].

Therefore, the total amount lost has been estimated at $661,000 USD.

Immediate Reactions

OptiFi Twitter Post

OptiFi first reported the situation on Twitter 15 hours later[15].

OptiFi's program has been closed by mistakes we made.

TL;DR

1. We accidentally closed the OptiFi mainnet program and it's not recoverable

2. 661k USDC is locked in the PDAs, luckily 95% of the fund is from our team member

3. We will compensate for all users’ funds

In their Twitter post, they explained the full timeline of what happened[11][12][14] and offered some self reflection of what they did wrong[35].

1. Strictly execute peer-surveillance approach that requires at least 3 peers to engage in the deployment

2. Separate capital pools (AMM) from Main program, minimize the impact of such mistakes.

3. DON'T RUSH

Their Tweet also included the public suggestion that the Solana developers should add warnings to the documentation and a two-step confirmation for closing a program[36].

OptiFi Incident Report

OptiFi published an incident report in a Medium post[6]. The OptiFi team took full responsibility for the incident and assures users that all deposits will be returned and user positions will be settled manually according to the Pyth oracle[6]. The estimated process time for compensation was two weeks, and users were encouraged to stay updated through the OptiFi discord channel[6].

"We sincerely apologize for a program incident leading to the sudden closure of the OptiFi mainnet program and we could not recover it," the company's blog post on the blunder reads. "We will compensate all users’ funds and prevent it from happening again."

"We promise that we will return all users’ deposits and settle all user positions manually according to Pyth oracle at 8 AM Sep 2nd UTC. All transactions and deposits will be based on Solscan. The estimated process time will be two weeks."

"In a tweet, OptiFi said that 95% of total value locked is from one of its team members, meaning that customer asset may equate to only $33,000."

"We didn’t realize that the program was closed permanently until the error above showed up. It’s basically saying that our deployed program has been closed and cannot be re-deployed, unless a new program id is used."

"Here it turned out that we didn’t really understand the impact and risk of this closing program command line. ‘solana program close’ is actually for closing the program permanently and sending the SOL tokens in the buffer account used by the program back to the recipient wallet."

"ALL the users’ margin accounts USDC tokens, option tokens, and AMMs USDC vaults are locked in where they are, because they are using PDAs, which are bound to optFiKjQpoQ3PvacwnFWaPUAqXCETMJSz2sz8HwPe9B."

"We suggest Solana officials add the warning regarding the irrecoverable result of closing a program in Solana Docs and Command-Line Interface (CLI) to help Solana devs understand the function."

The OptiFi incident report was later revised[17][18]. The key differences between the original and revised versions of the post are as follows:

  1. TL;DR: The revised version adds a statement expressing sincere apologies for the incident.
  2. Recovery: The original version states that the program closure incident cannot be recovered, while the revised version mentions that the closure incident resulted in the program being closed permanently and not recoverable at the time of writing.
  3. Compensation: Both versions promise to compensate all users' funds, but the revised version adds that the settlement will be done manually according to Pyth oracle at a specific time.
  4. Deployment process: The revised version clarifies that the deployment process was aborted due to the deployment transaction taking longer than usual and mentions the amount of SOL transferred into a new buffer account.
  5. Understanding the impact: The original version states that the deployer did not understand the impact and risk of closing the program, while the revised version emphasizes that the program closure is irrecoverable and cannot be redeployed.
  6. Lessons learned: The original version mentions the need for a rigorous deployment process and suggests adopting a peer-surveillance approach, while the revised version focuses on preventing reckless deployment and suggests adding warnings and double confirmation for closing a program.
  7. Solana proposals: The revised version removes the proposals related to Solana officials and instead shares an open question to all devs and protocols about managing deployment risks and whether closed programs should be allowed to be recovered or redeployed.
  8. Closing remarks: The revised version adds a closing statement encouraging comments and suggestions and provides links to OptiFi's website, Twitter, Discord, and GitBook.

Overall, the revised version added more clarity and emphasis on the irrecoverable nature of the program closure, includes compensation details, and removed some proposals while introducing an open question for discussion.

Reactions on Twitter

Reactions on Twitter appeared to be largely constructive and supportive of the team[37][38][39][40][41].

"Oh man, I feel for you guys. But thorough explanation of what happened, clear communication. You’ll get there. Wish you all the best. This is something that can happen to anyone, painful lesson but keep up the good work."

have you reached out to circle for help with this? they could potentially blacklist those funds and re-issue

Would indeed be good if the underlying Solana protocol or Anchor framework had some sort of a warning. I don’t believe that in a traditional blockchain, one can “close” a blockchain address and lose access to funds without losing a private key.

sorry that happened to you, and kudoz for reimbursing your community

Good job owning mistakes and being accountable for them. Don’t see alot of negative replies shows community has your back if you have ours.

However, there was some criticism of the project for having limited external adoption, as well as of smart contracts/blockchain in general.[42][43][44]

It's not decentralized if a single mistake by one developer can brick the entire system. There is an old saying in AI, 'if you have to call something smart, it's because it isn't.' Smart contracts are stupid. Always were and always will be.

So you had a team member prop up your TVL and only 5% was from actual users? Fitting...

Financial system of the future everybody...

Reactions on Reddit Community

The OptiFi situation generated considerable discussion on Reddit[22][45][46][47].

"I don't always test my code, but when I do, I test it in production." - Most interesting man in the world. “I don’t always get fired from my job, but when I do, it’s because I deleted the whole company.”

"Annnnnnnnnnd... it's gone."

"Why don't they simply ctrl + z? /s"

Ultimate Outcome

The incident has resulted in the permanent closure of the OptiFi program, leaving users' margin accounts, option tokens, and AMM USDC vaults locked[6]. However, participants in the AMM contest will not be affected, and winners will be announced separately[6].

As a lesson learned, the OptiFi team emphasizes the need for a rigorous deployment process and proposes the adoption of a peer-surveillance approach involving at least three peers to minimize single-point failures[6]. They also recommend stricter documentation and warnings in Solana's official resources regarding the risks and consequences of closing a program[6]. The team urges caution and patience in future deployments, particularly for DeFi projects[6].

Implementation of Multi-Signature Deployment Infrastructure

The OptiFi team has worked to implement a multi-signature deployment infrastructure through the Squads protocol[32][33]. TBD fill in more.

Total Amount Recovered

The OptiFi platform stated that it would reimburse user's funds[1] and reported that all users were reimbursed on September 5th, 2022[26].

In total, roughly 11,000 USDC was paid out[48], with the largest settlement being for 4,808.08 USDC[23].

The remainder of the funds reportedly belonged to the OptiFi team themselves[48]. It is unclear if there have been any other funds recovered in this case.

Ongoing Developments

TBD - What changes have been made to Solana documentation? Are there any changes recommended? Has the protocol changed?

Individual Prevention Policies

Avoid the use of smart contracts unless necessary. Minimize the level of exposure by removing or withdrawing assets whenever possible. Aim to choose smart contracts which have obtained third party security audits, preferably having been audited by at least three separate reputable firms. Pay attention to the audit reports, which smart contracts are covered, and whether the smart contract has been upgraded or modified since the report. Ensure that any administrative functions with the ability to remove funds from the smart contract are under the authority of a multi-signature wallet which is controlled by at least three separate and reputable entities.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

The best prevention strategy surrounds the usage of multi-signature on all key decision points such as smart contract closure. Having a greater review of the action would likely have identified that funds could be locked up permanently in the event of the protocol closing down.

All wallets, minting functions, and critical infrastructure should be implemented with a multi-signature requirement, with a recommended minimum of 3 signatures required. This means that making important changes or approving spending will require the keys held by at least 3 separate individuals within the organization to approve. The multi-signature should be implemented at the lowest layer possible, all key holders should have security training, and all key holders should be empowered and encouraged to exercise diligence.

According to Halborn, the incident highlights the need for a thorough understanding of the workings of blockchain programs and commands, as well as the importance of developing robust processes for handling unforeseen events when dealing with high-risk activities like program updates on blockchains.

All aspects of any platform should undergo a regular validation/inspection by experts. This validation should include a security audit of any smart contracts, reporting any risks to the backing (of any customer assets, ensuring treasuries or minting functions are properly secured under the control of a multi-signature wallet, and finding any inadequacies in the level of training or integrity of the team. The recommended interval is twice prior to launch or significant system upgrade, once after 3 months, and every 6 months thereafter. It is recommended that the third party performing the inspection not be repeated within a 14 month period.

The platform could also set aside some funds in a treasury or as part of an insurance multi-sig.

Work with other industry platforms to set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

Solana is a centralized enough blockchain that there may be a pathway to modify the software and enable a future recovery of funds.

In general, blockchain-level exploits can be resolved by reverting the blockchain to a prior state, which restores all funds to their prior ownership and limits potential losses to those who are transacting between the time of the exploit and the time of the revert. Effort should be undertaken by node operators to switch to a branch that eliminates the exploit as soon as possible to minimize losses. Any remaining losses would be resolved through the industry insurance fund.

Failing this, an industry insurance fund would need to step in to make whole any customers. Losses in this case are not significant against such a treasury.

Set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services within the country, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. 1.0 1.1 1.2 1.3 1.4 1.5 1.6 1.7 1.8 Solana-Based DeFi Protocol OptiFi Loses $661K in Programming Blunder - CoinDesk (Mar 27, 2023)
  2. OptiFi - a BIG leap forward in DeFi - YouTube (Mar 27, 2023)
  3. OptiFi - Portfolio Margining Derivatives DEX - August 30th, 2022 4:52:35 PM MDT (Mar 27, 2023)
  4. OptiFi Project Information - Solana "Riptide" Website (Mar 27, 2023)
  5. 5.00 5.01 5.02 5.03 5.04 5.05 5.06 5.07 5.08 5.09 5.10 Explained: The OptiFi Glitch (August 2022) (Mar 27, 2023)
  6. 6.00 6.01 6.02 6.03 6.04 6.05 6.06 6.07 6.08 6.09 6.10 6.11 6.12 6.13 6.14 6.15 6.16 6.17 OptiFi Program Incident Report — 08/29/22 - OptiFi Medium (Mar 29, 2023)
  7. sgtslaughterTV - "I had a job interview with OptiFi in June this year at their HQ" - Reddit (Mar 28, 2023)
  8. 8.0 8.1 "I'd like to schedule a call with you" - Imgur (Mar 28, 2023)
  9. 9.0 9.1 9.2 OptiFi: TVL and Stats - DefiLlama (Mar 27, 2023)
  10. Anchor Deploy Transaction To Upgrade - Solana Explorer (Mar 27, 2023)
  11. 11.0 11.1 11.2 OptifiLabs - "At around 06:00 UTC 29th Aug, our dev was trying to upgrade our program on mainnet, using `anchor deploy` to deploy" - Twitter (Mar 30, 2023)
  12. 12.0 12.1 12.2 12.3 OptifiLabs - "Later deployer found that a new buffer account was actually created but not used." - Twitter (Mar 30, 2023)
  13. Transaction that Closed the OptiFi Smart Contract - Solana Explorer (Mar 27, 2023)
  14. 14.0 14.1 14.2 OptifiLabs - "Without fully understanding the impact, we used 'solana close program'" - Twitter (Mar 30, 2023)
  15. 15.0 15.1 15.2 15.3 OptifiLabs - "OptiFi's program has been closed by mistakes we made." - Twitter (Mar 27, 2023)
  16. OptifiLabs Twitter Account (Mar 27, 2023)
  17. 17.0 17.1 17.2 17.3 17.4 17.5 OptiFi Program Incident Report — 08/29/22 - OptiFi Medium Archive August 29th, 2022 5:17:23 PM MDT (Mar 29, 2023)
  18. 18.0 18.1 18.2 18.3 18.4 18.5 18.6 18.7 18.8 OptiFi Program Incident Report — 08/29/22 - OptiFi Medium Archive August 30th, 2022 5:08:59 AM MDT (Jun 29, 2023)
  19. Solana-Based DeFi Protocol OptiFi Loses $661K in Programming Blunder - CoinDesk Archive August 30th, 2022 6:33:16 AM MDT (May 2, 2023)
  20. Solana-Based DeFi Protocol OptiFi Loses $661K in Programming Blunder - August 30th, 2022 6:33:16 AM MDT (Mar 29, 2023)
  21. Solana-Based DeFi Protocol OptiFi Loses $661K in Programming Blunder - August 30th, 2022 11:35:43 AM MDT (Mar 29, 2023)
  22. 22.0 22.1 22.2 22.3 22.4 22.5 22.6 Crypto Dev Enters Wrong Command, Destroys Entire Company - Reddit (Sep 2, 2022)
  23. 23.0 23.1 Reimbursement of 4,808.08 Solana - Solscan (Oct 10, 2023)
  24. 24.0 24.1 Reimbursement Wallet - Solscan (Oct 10, 2023)
  25. Final Reimbursement For 0.000298 USDC - Solscan (Oct 10, 2023)
  26. 26.0 26.1 OptiFi Labs - "We've already completed the fund transfer to all users as promised" - Twitter (Oct 10, 2023)
  27. OptiFi Labs - "much appreciate the support from @solana_devs on the program recovery proposal" - Twitter (Jun 5, 2023)
  28. Canadian Crypto Exchange Coinberry Files Lawsuit Against 50 Users After Losing 120 BTC - CoinDesk (Dec 2, 2022)
  29. Final Transaction For 0.09778572 SOL From Reimbursement Wallet - Solscan (Oct 10, 2023)
  30. OptiFi Labs - "Mango is the best." - Twitter (Jun 5, 2023)
  31. OptiFi Labs - "optifi has implemented an opUSDC program to separate capital pool from main program logic and add on security checks and freeze function to handle extreme or suspicious event." - Twitter (Jun 5, 2023)
  32. 32.0 32.1 Optifi Labs - "Glad to share that we've implemented multisig smart contract deployment on our main program via @SquadsProtocol" - Twitter (Jun 5, 2023)
  33. 33.0 33.1 Squads - "Excited for @OptifiLabs to join numerous other teams that rely on Squads for managing program upgrades via our multisig infrastructure. It has been a pleasure working with the team in setting this up." - Twitter (Jun 5, 2023)
  34. OptiFi - "Hey , we’re still building our v2 and it’s the best time for DeFi." - Twitter (Jun 5, 2023)
  35. OptifiLabs - "Strictly execute peer-surveillance approach that requires at least 3 peers" - Twitter (Mar 30, 2023)
  36. OptifiLabs - "@solana_devs [should add] warnings in the docs and two step confirmation for closing a program in CLI" - Twitter (Mar 30, 2023)
  37. Nelis.sol - "Oh man, I feel for you guys. But thorough explanation of what happened, clear communication. You’ll get there. Wish you all the best. This is something that can happen to anyone, painful lesson but keep up the good work." - Twitter (Accessed Apr 12, 2024)
  38. thejackheavy - "have you reached out to circle for help with this? they could potentially blacklist those funds and re-issue" - Twitter (Accessed Apr 12, 2024)
  39. Ooojin482 - "Would indeed be good if the underlying Solana protocol or Anchor framework had some sort of a warning. I don’t believe that in a traditional blockchain, one can “close” a blockchain address and lose access to funds without losing a private key." - Twitter (Accessed Apr 12, 2024)
  40. JPoolSolana - "sorry that happened to you, and kudoz for reimbursing your community" - Twitter (Accessed Apr 12, 2024)
  41. TurnerNovakArt - "Good job owning mistakes and being accountable for them. Don’t see alot of negative replies shows community has your back if you have ours." - Twitter (Accessed Apr 12, 2024)
  42. Phillip Hallam-Baker - "It's not decentralized if a single mistake by one developer can brick the entire system. There is an old saying in AI, 'if you have to call something smart, it's because it isn't.' Smart contracts are stupid. Always were and always will be." - Twitter (Accessed Apr 12, 2024)
  43. mwaddip - "So you had a team member prop up your TVL and only 5% was from actual users? Fitting..." - Twitter (Accessed Apr 12, 2024)
  44. LongHairedLoser - "Financial system of the future everybody..." - Twitter (Accessed Apr 12, 2024)
  45. surrender_the_juice - “I don’t always get fired from my job, but when I do, it’s because I deleted the whole company.” - Reddit (May 2, 2023)
  46. nthgen - "Annnnnnnnnnd... it's gone." - Reddit (May 2, 2023)
  47. deathbyfish13 - "Why don't they simply ctrl + z? /s" - Reddit (May 2, 2023)
  48. 48.0 48.1 OptiFi Settlement As Of September 2nd, 2022 - Google Doc (Oct 10, 2023)

Cite error: <ref> tag with name "futurism-10623" defined in <references> is not used in prior text.