Platypus Finance Unchecked Stablecoin Collateral

Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Platypus Finance

Platypus has introduced a new kind of AMM for stableswap that manages risk autonomously based on the coverage ratio. The new design is intended to solve the problem of liquidity fragmentation and to simplify pool compositions, leading to a better user experience. Platypus recently launched its own stablecoin, USP, but the mechanism was attacked, depegging USP and leaving it heavily undercollateralized. The hack was due to a flaw in USP's solvency check mechanism that allowed the attacker to withdraw the supplied collateral while keeping the borrowed USP. The stolen $8.5M remain in the hacker's contract, of which, $1.5M of stolen USDT has been blacklisted. The culprit has been identified, and the Platypus team is setting up a bounty and encouraging the hacker to reach out to them.

About Platypus Finance

Platypus Finance has launched a new stablecoin AMM platform on Avalanche which features an asset liability management model. The platform uses a single-variant slippage function instead of invariant curves, allowing it to better manage liquidity fragmentation and increasing capital efficiency. The platform also allows for open liquidity single-sided AMM managing risk autonomously based on the coverage ratio. Other stableswaps can have complicated pool compositions which can result in higher slippage and bad user experiences, whereas Platypus' new design addresses this. The new AMM platform is a major improvement over first generation stableswaps. Platypus Finance describes their protocol on their website^[1].

"This Changes Everything. A whole new kind of AMM for stableswap. Lower Slippage. Simpler UX."

"One of the major problems found in the first generation stableswaps’ Closed liquidity pools is liquidity fragmentation, where the liquidity of different pools cannot be shared with one another, resulting in higher slippage."

"The design of other stableswaps requires multiple tokens of equal value within a pool, often complicating its pool compositions (pairing up LP token with new tokens). It significantly hinders the scalability of the protocol and leads to bad user experience."

"Platypus invents a whole new AMM on Avalanche - Open liquidity single-sided AMM managing risk autonomously based on the coverage ratio, allowing maximal capital efficiency."

"The key concept underpinning Platypus’ design is asset liability management (ALM). Platypus is the first of its kind to use a single-variant slippage function instead of invariant curves."

The Reality

"A highly-specialised creature may be well suited to its own habitat, but Platypus’ attempts to adapt have ended up dead in the water.

Adding to its existing stableswap AMM platform, Platypus recently launched its own stablecoin, USP. However, just 10 days after launch, the new mechanism was attacked, depegging USP and leaving it heavily undercollateralised."

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

• When the service was actually started (if different than the "official story").
• Who actually ran a service and their own personal history.
• How the service was structured behind the scenes. (For example, there was no "trading bot".)
• Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Technical Details

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

Exploiter contract: https://snowtrace.io/address/0x67afdd6489d40a01dae65f709367e1b1d18a5322/

Exploit: https://snowtrace.io/tx/0x1266a937c2ccd970e5d7929021eed3ec593a95c68a99b4920c2efa226679b430

Exploiter: 0xeff003d64046a6f521ba31f39405cb720e953958

"The attacker first took a flash loan of 44M USDC which was deposited into Platypus. The resulting LP tokens were then used as collateral to borrow 41.7M USP.

The emergencyWithdraw() function only checks whether the user’s position is currently solvent, but neglects to first check against any the effect of any borrowed funds. This allows the attacker to withdraw the supplied collateral while keeping the borrowed USP.

The collateral was then withdrawn to repay the flash loan, and the USP was swapped via Platypus pools, draining the existing liquidity of other stables (USDC, USDT, DAI, BUSD, etc.)."

Tokens Mistakenly Sent To Aave Smart Contract

^[19]

In one of the three attacks, the attacker mistakenly implemented a logic in the exploit contract such that around $381k worth of stablecoins were directly transferred to Aave V3’s Pool contract deployed on Avalanche.

Total Amount Lost

The total amount lost has been estimated at $8,500,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Platypus Finance Twitter Announcement

Platypus Finance posted about the incident on Twitter shortly after it happened^[3].

Dear Community,

We regret to inform you that our protocol was hacked recently, and the attacker took advantage of a flaw in our USP solvency check mechanism. They used a flashloan to exploit a logic error in the USP solvency check mechanism in the contract holding the collateral.

Exploiter contract: 0x67afdd6489d40a01dae65f709367e1b1d18a5322/

Exploit: 0x1266a937c2ccd970e5d7929021eed3ec593a95c68a99b4920c2efa226679b430

Exploiter: 0xeff003d64046a6f521ba31f39405cb720e953958

3/ There were losses totaling 8.5M from the main pool. Right now deposits from users are covered up to 35% of their deposits. Funds in other pool are unaffected. The hacker has been contacted to negotiate a bounty in exchange for return of the funds.

4/ We understand that this news may be alarming and unsettling, and we want to assure you that we are treating this matter with the utmost seriousness. We are currently working with several parties,

5/ including Binance, Tether, and Circle, to freeze the funds of the hacker and prevent further losses.  Right now, the USDT has been frozen. We are also exploring options for compensation and reimbursement for affected investors.

6/ We understand that this is a difficult time for our community, and we appreciate your patience and understanding. We want to assure you that we are taking this matter seriously and will keep you informed as we make progress. Thank you for your continued support.

ZachXbt Tracing The Funds

ZachXbt reportedly traced the funds to Twitter user retlqw^[4].

Hi @retlqw since you deactivated your account after I messaged you.

I've traced addresses back to your account from the @Platypusdefi exploit and I am in touch with their team and exchanges.

We’d like to negotiate returning of the funds before we engage with law enforcement.

Update Announcement From Platypus Finance

Platypus updated the community with their status in tracing the funds and identifying the attacked, and that they had contacted the stablecoin issuers to freeze the stolen funds^[6][7].

With the assistance of various parties, especially @zachxbt, we're beginning to identify the hacker of this attack.

We're in the process of setting up a bounty & encourage the hacker to reach out to us. We also welcome anyone with useful information to come forward to us.

We appreciate everyone's support & assistance during this difficult time. We are in contact with all stablecoin issuers to freeze any stolen stablecoins & working on a recovery plan internally. Will keep the community updated.

Thank you for your ongoing support and patience.

Community Reactions on Twitter

There were various mixed reactions from the Platypus Fiance community on Twitter^{[67][68][69][70][71]}.

You'll get through this. I saw zach's work, he's the best. If we join as a community, i'm sure that we'll be fine eventually.

"The funds seems blocked in the attacker's contract, I strongly doubt you will get it back"

The work you're doing to find solutions to this is amazing. Keep it up, guys!

Stay strong guys. I'm sure you will be in contact with the attacker soon

Walter - We appreciate you doing the right thing. France is may perhaps be not as safe as you think.

Ultimate Outcome

Recover of $2.4m From Attack Contract

The attacker funds were locked in a smart contract on Avalanche where they could not access them. The BlockSecTeam had been able to perform a reverse hack to recover the funds^[8][10][11].

In a dazzling reverse hack, a substantial chunk of the Playtpus hack stolen funds have been recovered.

Here's how it worked: (1/4)

The attacker forgot to code any way collect the funds after stealing them, so the funds were locked in the attack contract.

They also neglected Flash Loan 101 and allowed anyone to call the flash loan callback code. No check that they had started the flash loan.

This allowed @BlockSecTeam and the project to retrigger the hack, but with one major twist - the project contracts had been upgraded to steal back from the attacker during the hack.

The attack sequence involved taking flash loaned USDC, approving it, and depositing into the project.

But during the retrigger, the attack code used its own stolen USDC to approve and deposit instead.

The new project code simply took the attacker's USDC and ran with it.

More information on the recovery: ^[72]

February 18th Update

Platypus Finance posted another update for their community on February 18th^[16][17].

Thanks everyone who supported us over the last few days! We’ve been trying our best to recover the losses and would like to give everyone a quick update:

We are working on a plan to compensate the losses, please DO NOT repay your USP and realize the losses. It would be easier for us to manage the damage. Also, you don’t have to worry about liquidation as liquidation is paused, stability fee after the attack will not be counted

Part of the fund is trapped in AAVE and we’re exploring a method that can potentially recover the fund. That would require us to propose and pass a recovery proposal on AAVE’s governance forum.

We have also been working with different parties to recover the damage but we would need more time to confirm the result. Legal enforcement is something we’re also working on, we’ll make further announcement once these are confirmed.

Vector Finance Recovery

^[44].

Great news! @Platypusdefi has transferred our share of the recovered funds.

We're building out a page where users can see what they are owed

That page will be available early next week

Affected users will be able to claim their share soon afterward

More to come!

First Round of Payouts

^[48][43]

LPs of old main pool You can now claim the first round of compensation... At this time, approximately 52% of your funds are available for claiming. We'll keep you informed of any updates on the retrieval of more tokens or future rounds of compensation.

Aave Fund Recovery

^[41].

Dear @AaveAave community,

I'm writing to you today with a heavy heart. Our DeFi protocol, @Platypusdefi, has recently been the victim of an exploit that has resulted in the loss of a significant amount of funds.

We are committed to doing everything we can to make things right. As part of our efforts to recover from this incident, we have created a governance proposal that we are submitting to the @AaveAave community for a vote...

We believe that our communities share a common interest in the success of DeFi, and we are asking for your support in this challenging time to helping our affected LPs to recover parts of their funds.

We ask that you please take a moment to review our proposal and consider voting in favor of it. Your support would be a significant step towards helping us recover from this incident and regain the trust of our users and the broader DeFi community.

Thank you for your consideration, and we look forward to working with the Aave community to overcome this challenge and build a stronger, more resilient DeFi ecosystem.

^[49][50]

Greetings @AaveAave  community!

We would appreciate your support in helping us recover lost funds for our LP by voting in favor of our proposal before the voting deadline of March 14, 2023, at 8 PM UTC.

Please take a moment to cast your vote

Thank you for considering our proposal.

Together, let's demonstrate the power of community and showcase how we can support one another in times of need.

^[55]

Part of the recovery came from an Aave governance proposal which was submitted to the smart contract's governance^[18][19].

Update: We have submitted a post on the @AaveAave governance forum to gather feedback from the community on the recovery of the exploited assets that are stuck in the Aave v3 contract.

Next step: In a minimum of 5 days, our proposal will move forward to the voting stage for the Aave community to vote on in order to recover the 380k tokens currently stuck in the Aave contract.

We will share more updates with the community in coming days and that includes the recovery plan and further actions. Thank you for your patience.

In one of the three attacks, the attacker mistakenly implemented a logic in the exploit contract such that around $381k worth of stablecoins were directly transferred to Aave V3’s Pool contract deployed on Avalanche.

Currently, the Pool contract has implemented a rescueTokens() function, which will allow the function caller, who must be granted the Pool_Admin role in Aave V3’s access control system, to transfer any stuck ERC-20 tokens to designated addresses, including the stablecoins transferred to the Pool contract by the attacker.

This ARC is inspired by the previous discussions between Aave contributors, the Platypus team & its community, and various blockchain security organizations and individuals on the possible recovery of the funds sent to the Pool contract.

This ARC’s objective is to gather community sentiment and consensus to form and publish a formal AIP proposal vote for a community vote to approve the recovery actions on the stolen user assets stuck in the Pool contract.

February 23rd Update

Platypus Finance shared a further update with their community on February 23rd^[20].

Since the attack, we've been working with security experts & stakeholders to recover lost funds, trace the hacker, and explore potential solutions to retrieve trapped funds.

Before we move forward, we want to assure you that our stableswap's operation hasn't & won't be impacted.

There is a loss of 9.1m from 3 attacks, but 2.4m USDC has been retrieved and 1.5m USDT has been frozen.We are now proposing to retrieve 380k tokens from Aave contract.

A Summary of Our Compensation Plan: We will refund the these funds to LPs initially: The remaining fund in the main pool, surplus that we kept in the main pool, and the recovered 2.4m USDC.

If any stablecoin is retrieved, we'll distribute those tokens to LPs on a pro-rata basis. We'll set aside the 1.4m treasury for 6 months. If the situation doesn't improve as we anticipate, the 1.4m will be distributed to all affected LPs.

This plan ensures that a minimum of 63% of the funds will be refunded to users. If our proposal submitted to Aave is approved and Tether confirms the reminting of the frozen USDT, we will be able to recover approximately 78% of the users' funds.

Token Recovery Status: We're in active discussions with all parties. After receiving legal opinion, it appears that it's possible to remint those tokens. The decision & duration for it depend on the involved parties. We'll work closely with them to explore all possible results.

uture Actions: Take legal actions against the exploiter. Relaunch the main pool without USP after we refund the recovery funds to LPs. We are targeting to relaunch the main pool next week. Move towards decentralization (see next tweet)

Governance is our top priority, and we plan to create a forum for submitting proposals. We'll then deploy on-chain voting to ensure inclusivity in decision-making.  Moving forward, we'll propose new ideas for the community's collective decision-making on new features.

The recent security breach has caused concern among our community. We would like to reassure you that our foundational mechanism, the stableswap, is robust and has been functioning effectively.

Thank you for your ongoing support & patience during this difficult time.

March 14th Proposal Approved

The Platypus Finance team shares a gracious announcement in response to their proposal to have funds returned^[53].

We would like to express our heartfelt gratitude to the incredible @AaveAave community! Thanks to your overwhelming support and votes on snapshot, we have achieved an impressive 324k votes!

As we move forward, our next step is to enter the AIP phase and collaborate closely with the Aave team to develop a recovery contract that will undergo community review.

Thank you once again for your unwavering support!

March 31st Update

The Platypus Finance team provides a further update^[56] to their community to announce that $380k worth of funds trapped in the Aave smart contract were rescued^[57]. They are arranging a second compensation round to prevent legal conflicts. Efforts are being made to recover unrecovered funds through negotiations with related parties. In terms of upcoming plans, Platypus aims to become a fully decentralized protocol in Q2 and will launch a discussion forum for the community, introducing off-chain voting for vePTP holders. They emphasize the importance of community participation and believe it will contribute to the success and growth of Platypus.

It is with great pleasure that we provide the recent updates of Platypus and our plan for the upcoming months.

Recent update 1: 380k worth of funds that trapped in the Aave contract were previously rescued. We've consulted our legal partner to ensure that we follow the appropriate procedures & will arrange for a 2nd compensation round later to prevent any potential legal conflicts.

For the unrecovered funds, we're actively communicating with all the related parties & are in the middle of negotiations. We can't disclose the details of these discussions atm due to legal restrictions. We wanna assure you that we're making every effort to recover those funds

Recent update 2: Thanks to the support of Joe community, our PTP-AVAX liquidity book pool is available on @traderjoe_xyz! PTP-AVAX LPs, you can now compare the APR of both pools to decide your best farming strategy!

We want to stress that our efforts to transform Platypus into a fully decentralized protocol continue will not stop. Our dedicated team is relentlessly working towards achieving this objective in Q2.

Moving forward, we will be launching a discussion forum for the whole community and introducing off-chain voting for vePTP holders. Our vision is to move the decision-making power to the community, which we believe will be healthy for the growth of Platypus.

We encourage everyone to participate in the discussion forum and exercise their voting rights. We believe that the collective wisdom of our community will help guide Platypus towards greater success.

Going fully decentralized won't limit our innovation at Platypus! We're committed to building and have lots of exciting plans in the pipeline. Stay tuned as we will submit our creative ideas to the forum and discuss with the community.

We appreciate your continued support and trust in our team as we navigate through this challenging situation. We will keep you updated on our progress towards fund recovery and the development of Platypus as a fully decentralized protocol!

Refunds For YieldYak Liquidity Pool Holders

On April 1st, refunds were provided for users of the Platypus Finance, Echidna Finance, and Vector Finance liquidity pools^[62].

Refunds for depositors in @Platypusdefi, @echidna_finance and @vector_fi. Pools impacted by the Platypus exploit have been delivered via airdrop.

Affected depositors have been distributed their share in the asset they originally deposited. Refunds are worth ~52% of the value of their initial deposit.

Yield Yak has covered gas and slippage costs to facilitate distributing refunds in the original asset deposited. Note that the alternative would have been to give user refunds in various stablecoins uncorrelated to their deposited asset, putting the gas and slippage cost burden on users to consolidate into their desired stablecoin.

As a small goodwill gesture acknowledging delays on our side, users have also been airdropped 1 $yyAVAX.

Any future refunds from the three protocols will be redistributed to users.

Technical Explanation

A technical explanation was also provided.

YY keeps its on-chain accounting using YRT balances which are 'shares' of a given pool. These pools lost the underlying deposit assets due to an exploit of Platypus' protocol, meaning each YRT 'share' became unbacked. The issue affected three sets of pools, Platypus, Echidna, and Vector (16 pools in total).

We received refunds from all three platforms, and may receive additional refunds in the future pending Platypus' recovery attempts.

Because YRT are transferable, we have taken a historical snapshot for each affected pool. Affected YRT are no longer worth anything and can be burned or transferred without affecting future refunds.

In order to compensate each group of users, we had to make two conversions:

1. Convert YRT 'Shares' to 'Deposit Tokens' (i.e. Stablecoins). For this we use the ratio of 'Deposit Tokens' per 'Share' at the time of snapshot

2. Convert 'Deposit Tokens' to 'Refunds'. For this we use a 1:1 conversion between Stablecoins for simplicity.

All three protocols provided approx. 52% of user deposits in different stablecoins. Yield Yak depositors typically deposit one asset to earn more of that asset. In keeping with that expectation (and because it is feasible with stablecoin), we’re refunding the same asset which was deposited.

April 12th Update

Platypus Finance was pursuing decentralized governance at the same time as apparently still working on a compensation package^{[63][64][73][74][65]}.

We've received questions from the community about our decision to decentralize the protocol before compensating our LPs for the previous incident. We understand your concerns, and we want to assure you that we will proceed with both efforts in parallel.

Currently, we are actively communicating with third parties & negotiating for compensation. However, negotiations take time, and we believe that continuing the protocol's operation is beneficial to all stakeholders.

So, we are working towards full decentralization to share decision-making power with the community.

It's important to note that going fully decentralized will not impact the compensation plan we have previously shared in our Medium article

We understand that many of you are concerned about updates on compensation, and we assure you that once the negotiation results are finalized, we will make a further announcement.

We appreciate your continued support and patience as we diligently work to resolve the situation and make our users whole. Please know that we are committed to transparency and will keep you updated on our progress!

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

"The hack has left USP depegged by over 50% as the attacker swapped the USP for other stables. The stolen $8.5M remain in the hacker’s contract, of which, $1.5M of stolen USDT has been blacklisted."

"The rather simple vulnerability, combined with the loot being left (or possibly trapped) as freezable, centralised stables suggests this heist may have been pulled off by a relatively inexperienced amateur."

"After just a few hours, fellow platypus ZachXBT managed to identify the culprit via their ENS address, linked to the exploiter’s transaction history. The same alias was used for now-deleted Twitter and Instagram accounts. The Platypus team have since appealed to the doxxed exploiter:

We're in the process of setting up a bounty & encourage the hacker to reach out to us. We also welcome anyone with useful information to come forward to us."

Echidna Finance - March 7th Update

Echidna Finance shared an update on March 7th^[37]. They've listed a new Main Pool from @Platypusdefi on their decentralized application (dApp), offering boosted Annual Percentage Rates (APR) from their $vePTP treasury. The stablecoin pools now offer attractive APRs averaging around 27%. The old Main Pool is currently hidden from the user interface, but users affected by the $USP incident will have their stake automatically displayed in a pool with an "old/paused" description. The team has been actively communicating with the @Platypusdefi team and other relevant parties to finalize the LP (liquidity provider) refund/airdrop arrangement.

Dear Echidnas,

We would like to provide an update regarding the recent incident involving $USP. Our team understands the gravity of the situation & its impact on our community.

As always, we strive to maintain transparency & ensure the safety of our users.

We have listed @Platypusdefi new Main Pool on our dApp, with boosted APR from our $vePTP treasury.

Single-sided stablecoin pools are now offering two-digit APR at an average of ~27%.

The old Main Pool is currently hidden from the user interface, but users affected by the $USP incident will have their stake automatically displayed in the pool with an "old/paused" description.

Finally, we have been in active communication with the @Platypusdefi team and other relevant parties to finalize the LP refund/airdrop arrangement.

Stay tuned for further updates on how our affected LPs can claim their portion of funds.

We appreciate your unwavering support and understanding during these challenging times!

Total Amount Recovered

Funds were partially recovered through a series of actions undertaken:

• A reverse hack on the liquidity pool which the attackers set up, to take back the funds.
• Retrieving the portion of user funds that were stuck in the Aave smart contract through a governance proposal (ARC).

TBD - The reverse hack recovered 52% according to YieldYak?^[47]

Ongoing Developments

The Platypus Finance protocol continues to operate.

TBD - Justice/sentencing on the culprits?

What happened to the remainder of the funds?

Individual Prevention Policies

Avoid the use of smart contracts unless necessary. Minimize the level of exposure by removing or withdrawing assets whenever possible. Aim to choose smart contracts which have obtained third party security audits, preferably having been audited by at least three separate reputable firms. Pay attention to the audit reports, which smart contracts are covered, and whether the smart contract has been upgraded or modified since the report. Ensure that any administrative functions with the ability to remove funds from the smart contract are under the authority of a multi-signature wallet which is controlled by at least three separate and reputable entities.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

All aspects of any platform should undergo a regular validation/inspection by experts. This validation should include a security audit of any smart contracts, reporting any risks to the backing (of any customer assets, ensuring treasuries or minting functions are properly secured under the control of a multi-signature wallet, and finding any inadequacies in the level of training or integrity of the team. The recommended interval is twice prior to launch or significant system upgrade, once after 3 months, and every 6 months thereafter. It is recommended that the third party performing the inspection not be repeated within a 14 month period.

Work with other industry platforms to set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

All platforms should undergo published security and risk assessments by independent third parties. Two assessments are required at founding or major upgrade, one after 3 months, and one every 6 months thereafter. The third parties must not repeat within the past 14 months. A risk assessment needs to include what assets back customer deposits and the risk of default from any third parties being lent to. The security assessment must include ensuring a proper multi-signature wallet, and that all signatories are properly trained. Assessments must be performed on social media, databases, and DNS security.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References