On Wednesday, June 8, a user notified the ever-alert crypto twitter that a critical bug had been discovered on the Osmosis DeFi protocol, a proof of stake blockchain and an AMM for the cross-chain Cosmos ecosystem.
His source was a Redditor who raised an alarm that a dangerous bug existed in the DeFi protocol’s code and could potentially drain the protocol’s liquidity.
As a quick response from developers, Osmosis was halted to prevent further impairment.
The DeFi community was first notified of the blip by a Redditor who claimed that a 50 percent gain could be made if anyone added liquidity to the pool and withdrew it. His post has since been deleted.
Initially, the error was dismissed until people began trying it out. When most confirmed it to be accurate, they took advantage of the vulnerability.
For example, mintscan.io reveals a user who repeatedly executed the bug for close to an hour. The address revealed that the user exploited these lapses and transferred approximately $75k worth of ATOM from Osmosis.
Due to this exploit, Osmosis lost $5 million before developers intervened.
What Caused the Osmosis Bug?
According to Osmosis’ developers, the bug was a simple error in calculation.
The oversight has caused the network $5 million, which they promised would be reimbursed to victims as soon as the network is back and running.
This unfortunate event has called for tighter security, and thorough code audits for the active DeFi protocols with millions of assets tied as Total Value Locked (TVL).
The team has also reassured the community that they will implement a more robust assessment before pushing future updates. This way, they added, they will ensure the protocol remains active and secure, increasing users’ trust.
At the time of press, a testing process is ongoing before the release of Osmosis v10 code-bases. This update will serve as a restarter for the chain. Addressing the aspect of ETAs, the team said it would be tentative. They will need at least two days before they release new updates.
Their current focus, the team reassured, is solely on recovering exploited funds, fortifying security, and restarting the chain.
- defi general image: Photo by Shubham Dhage on Unsplash