Loans Incident Post-Mortem
On June 11th, a human error in the EXFI implementation of the FLRLoans Price Feed oracle permitted an adversary to artificially inflate the price of EXFI and mint ~6.785 million CAND of ‘bad’ debt. Once our incident response concluded, the Common Prefix team composed a post-mortem report outlining the details of the attack here.
At the time of the incident, the FLRLoans protocol had one large, undercollateralized open nest with ~7.6 million EXFI of collateral and ~3.5 million CAND of debt, so a collateral ratio of ~80%. The total collateral ratio of the protocol was thus ~80%, and its stability pool had a limited capital of ~$150,000 CAND.
As the protocol only had one big undercollateralized nest, any new nest would immediately ‘absorb’ the existing one. In other words, all the collateral and debt of this existing nest would be added automatically to the new one.
To exit recovery mode, the price of EXFI had to exceed ~$0.7. The oracle implementation error permitted the adversary to manipulate the price of EXFI to a high of ~$2.0 from the oracle’s perspective. This action not only took the protocol out of recovery mode but also allowed the adversary to mint ~6.785 million CAND of ‘bad’ debt without forcing the system back into recovery mode.
5.5 million CAND tokens were returned by the adversary and have been repaid, leaving a total of ~1,284,988.95 (~1.3 million) CAND worth of unhealthy debt. Therefore, all new positions will automatically absorb this debt until it has been fully repaid.