BendDAO founder has proposed emergency changes to the protocol
? BendDAO founder has proposed emergency changes to the protocol ?
— Cirrus (@CirrusNFT) August 22, 2022
If the vote passes theres a high likelihood of 600+ liquidation auctions of BAYC, MAYC, Clone X, Azuki, and Doodles over the next month
A quick thread to dumb it down + how you can capitalize… pic.twitter.com/HczbLeQuW8
First off if you don't know WTF any of this means you'll want to run through this latest update on the BendDAO situation from my good friend and NFT numbers savant @punk9059 https://t.co/WWX2fH83nV
— Cirrus (@CirrusNFT) August 22, 2022
1. Liquidation threshold changes
— Cirrus (@CirrusNFT) August 22, 2022
By far the most crucial change here is the gradual drop in the liquidation threshold
The proposal suggests a 5% weekly decrease in the threshold from the current 90% starting next week until a 70% baseline is reached
2. So whats that mean?
— Cirrus (@CirrusNFT) August 22, 2022
For simplicities sake lets assume floors remain semi-constant until Sept 20th.
If we account for interest accrued from now until then, we can assume that everything with a ~1.39 health rating today will be gradually put up for auction by Sept 20th
As of writing there are around 600(!!!) combined BAYC MAYC Doodles Clone X and Azuki with a health rating of 1.39 or below
— Cirrus (@CirrusNFT) August 22, 2022
You can view them all here: https://t.co/0qGDxiWW0j
3. DAMN thats a lot of auctions!
— Cirrus (@CirrusNFT) August 22, 2022
Yep. But theyre improving said auctions quite a bit
They will only last for 4 hours instead of 48
Plus Instead of having the minimum starting bid set to 95% of floor like before itll be set to the total debt on the NFT (Amazing for liquidators)
What this means is that the gap between the floor, and the starting bid price will be much wider than it was before – up to 20%
— Cirrus (@CirrusNFT) August 22, 2022
The prior setup didn't incentivize liquidators nearly enough at a 5% spread from starting price and floor
This led to a stockpile of inactive auctions
4. What does this mean for me?
— Cirrus (@CirrusNFT) August 22, 2022
The proposal passing means there will inevitably be some great deals over the next month
If you're like me and plan on taking part in these liquidations, you'll want to check in here pretty frequently for ongoing auctions:https://t.co/YxJNQOTyUx
There's a separate page for NFTs that have reached the liquidation threshold but haven't had a bid on them yet.
— Cirrus (@CirrusNFT) August 22, 2022
If you want to be the bidder to set off an auction, you'll want to watch this page daily:https://t.co/YxJNQOTyUx
5. Why are they doing this?
— Cirrus (@CirrusNFT) August 22, 2022
BendDAO needs to do whatever it can to limit the amount of bad debt it accrues
By lowering the liquidation threshold, they can be assured that under-collateralized NFTs will be auctioned off before the floor drops enough to enter bad debt territory
Its also not great that their lending wallet has gone from 18k ETH to 0 in a matter of days
— Cirrus (@CirrusNFT) August 22, 2022
They still owe ~13k ETH to lenders, these changes will speed up the process of adding liquidity back into the lending pool and reclaiming depositors sanities
Rainbow bridge attack
? on the Rainbow Bridge attack during the weekend
— Alex Shevchenko ?? (@AlexAuroraDev) August 22, 2022
TL; DR: similar to May attack; no user funds lost; attack was mitigated automatically within 31 seconds; attacker lost 5 ETH. pic.twitter.com/clnE2l8Vgz
1/15 The rainbow bridge is based on trustless assumptions with no selected middleman to transfer messages or assets between chains. Because of this, anyone can interact with its' smart contracts, including the NEAR light client: https://t.co/fkhHEJkBVg
— Alex Shevchenko ?? (@AlexAuroraDev) August 22, 2022
2/15 Usually, it's Rainbow bridge relayers, who submit the info on NEAR blocks to Ethereum. However, sometimes others are doing this. Unfortunately, usually with bad intentions.
— Alex Shevchenko ?? (@AlexAuroraDev) August 22, 2022
3/15 The incorrectly submitted information to the NEAR Light Client may result in the loss of all funds on the bridge. That's why this step is secured with the most solid thing: a consensus of NEAR validators.
— Alex Shevchenko ?? (@AlexAuroraDev) August 22, 2022
4/15 And if someone tries to submit incorrect info, then it would be challenged by independent watchdogs, who also observe NEAR blockchain.
— Alex Shevchenko ?? (@AlexAuroraDev) August 22, 2022
You may want to read more on how Rainbow Bridge works, check out this article: https://t.co/98ppjduHzQ
5/15 Over the weekend an attacker submitted a fabricated NEAR block to the Rainbow Bridge contract: https://t.co/EtZkeewOzT
— Alex Shevchenko ?? (@AlexAuroraDev) August 22, 2022
During a transaction, a safe deposit of 5 ETH was required.
6/15 The transaction was successfully submitted in the Ethereum blockchain in the block 15378741 on Aug-20-2022 04:49:19 PM +UTC.
— Alex Shevchenko ?? (@AlexAuroraDev) August 22, 2022
Note the time of attack: an attacker was hoping that it would be complicated to react on the attack early Saturday morning.
7/15 However, no reaction from humans was required. Automated watchdogs were challenging the malicious transaction, which resulted in an attacker loosing his safe deposit:https://t.co/a9I14YJ8Mu
— Alex Shevchenko ?? (@AlexAuroraDev) August 22, 2022
8/15 And the reaction was taking only 31 seconds (4 Ethereum blocks)
— Alex Shevchenko ?? (@AlexAuroraDev) August 22, 2022
9/15 This attack was absolutely similar to an attack on May 1st. Read more about it here:https://t.co/ZEVDT9JaQq
— Alex Shevchenko ?? (@AlexAuroraDev) August 22, 2022
10/15 And though attacker was hoping that our security team won't be available, in fact it was. After notifications on strange activities, within 1h the team was checking that everything is OK and was going back to sleep without disturbing myself or the users.
— Alex Shevchenko ?? (@AlexAuroraDev) August 22, 2022
11/15 There are still several important things to mention:
— Alex Shevchenko ?? (@AlexAuroraDev) August 22, 2022
First, we have been thinking of increasing the safe deposit (to reduce the number of attacks), but discarded this idea. The reason — it would make the bridge more permissioned and we fight for decentralization.
12/15 Second, the security is in the hearts of Aurora Labs team and that's the reason why we have alerts, automatic systems, audits and bug bounties.
— Alex Shevchenko ?? (@AlexAuroraDev) August 22, 2022
In fact we payed out the second largest bug bounty in the world to secure our users!https://t.co/hmErTlreGW
13/15 Third, to all the builders in web3, there's no way you can omit attack attempts. Please, make sure that you have enough systems in place to mitigate these attacks.
— Alex Shevchenko ?? (@AlexAuroraDev) August 22, 2022
My heart is bleeding when I see great builders unfortunately failing because of these.
14/15 And forth, dear attacker, it's great to see the activity from your end, but if you actually want to make something good, instead of stealing users money and having lots of hard time trying to launder it; you have an alternative — the bug bounty:https://t.co/w67Y5AhRoH
— Alex Shevchenko ?? (@AlexAuroraDev) August 22, 2022