Synthetix Ether Collateral Bug

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' and 'General Prevention' sections to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Synthetix

A bug existed in the Synthetix smart contract which would have prevented the liquidation method from being activated, a serious fatal issue.

The problem was detected and resolved before the updated contract was launched.

This is a global/international case not involving a specific country.^[1][2][3][4]

About Synthetix

"Synthetix is the backbone for derivatives trading in DeFi, allowing anyone, anywhere to gain on-chain exposure to a vast range of assets."

"[S]ynthetic assets are collateralized by the Synthetix Network Token (SNX) which when locked in the contract enables the issuance of synthetic assets (Synths). This pooled collateral model enables users to perform conversions between Synths directly with the smart contract, avoiding the need for counterparties. This mechanism solves the liquidity and slippage issues experienced by DEX’s. Synthetix currently supports synthetic fiat currencies, cryptocurrencies (long and short) and commodities. SNX holders are incentivised to stake their tokens as they are paid a pro-rata portion of the fees generated through activity on Synthetix.Exchange, based on their contribution to the network. It is the right to participate in the network and capture fees generated from Synth exchanges, from which the value of the SNX token is derived. Trading on Synthetix.Exchange does not require the trader to hold SNX."

"After the 3 month trial is complete we wanted all loans to be closed to prepare for the full implementation of Ether Collateral. The loanLiquidationOpen flag can be turned on by the protocolDAO which would allow anyone with sETH to close any remaining unclosed loans and receive the borrowers ETH. This is expected to be sufficient incentive for borrowers to close all loans. If there were abandoned loans because a borrower had potentially lost all of their borrowed funds then there was still a mechanism to allow the sETH to be removed from the system and close the trial."

"However since line 345 is set to account which is the loan creators address it would both require the liquidator to have the total sETH borrowed in their wallet address [and] require the borrower to still have the sETH in their wallet address."

"Only if both these conditions are met after the 3 month trial has ended and the ProtocolDAO has enabled loan liquidations then it would burn all of the borrowers sETH and send the ETH to the liquidator instead of burning the liquidators sETH."

"This has rendered the liquidation mechanism defective and it can not be activated."

"We are very thankful to Sam (@samczsun) for reviewing the Synthetix contracts and finding and a bug in our Ether Collateral contract yesterday. The code is deployed to mainnet but is not yet active, so no funds are at risk."

"While the Ether Collateral contract upgrades were audited by Sigma Prime there was a misunderstanding as to the intent of the liquidation process specced in the SIP. In addition this was put through code review internally unfortunately this issue was missed and was not covered by our internal tests, this lack of test coverage is something we will address moving forward to ensure we increase test coverage from 95%+ to 100%."

"We will be working closely with our audit partners Sigma Prime and Iosiro in the future to ensure we minimise the possibility for future incidents such as this through clearer communication."

This is a global/international case not involving a specific country.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

• Known history of when and how the service was started.
• What problems does the company or service claim to solve?
• What marketing materials were used by the firm or business?
• Audits performed, and excerpts that may have been included.
• Business registration documents shown (fake or legitimate).
• How were people recruited to participate?
• Public warnings and announcements prior to the event.

Don't Include:

• Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
• Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

• When the service was actually started (if different than the "official story").
• Who actually ran a service and their own personal history.
• How the service was structured behind the scenes. (For example, there was no "trading bot".)
• Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Technical Details

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

Total Amount Lost

No funds were lost.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

General Prevention Policies

No user funds were lost.

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References