Loading...

Lifinity Faces $700,000 Drainage in LFNTY-USDC Pool

Lifinity Faces $700,000 Drainage in LFNTY-USDC Pool

Most read

Loading Most Ready posts..

TL;DR

  • Lifinity’s LFNTY-USDC pool experienced a $700,000 drainage on December 8, resulting from an arbitrage bot exploiting a bug in the protocol. The bug was linked to an unexpected response to an Immediate-or-Cancel order, allowing the bot to manipulate prices and drain funds.
  • The incident highlights the vulnerability of decentralized exchanges like Lifinity and underscores the importance of robust error-handling mechanisms. Lifinity is actively working to recover funds, emphasizing the need for continuous code scrutiny and security enhancements to fortify decentralized finance platforms against potential exploits.

In a recent setback for decentralized exchange (DEX) Lifinity, an arbitrage bot drained approximately $700,000 from Lifinity’s LFNTY-USDC pool on December 8. 

The incident unfolded due to a bug associated with an Immediate-or-Cancel (IOC) order, resulting in an unexpected response that led to a loss of $699,090, as disclosed in the company’s Discord channel. The exploit involved the bot attempting an arbitrage trade through the route USDC > xLFNTY > LFNTY > USDC, aiming to capitalize on price discrepancies between different trading pairs.

Unexpected consequences of an immediate-or-cancel order

According to Durden, a key member of Lifinity, the exploit unfolded when the arbitrage bot initiated an Immediate-or-Cancel (IOC) market order on Serum v3, a specific order type requiring immediate execution at the prevailing market price if filled. The anomaly occurred when, instead of signaling an error for a failed trade, the system responded to 0 amount out. Subsequently, the pools processed both the 0 amount in and out, leading the program to update the last transaction price to 0. The unexpected behavior influenced the next starting price, presenting a vulnerability that the arbitrage bot capitalized on by exploiting the extremely low price offered by the pool. Consequently, the exploitation resulted in the drainage of funds from Lifinity’s LFNTY-USDC pool.

The intricacies of the bug reveal the delicate nature of smart contract-based decentralized exchanges, emphasizing the critical need for robust error-handling mechanisms to prevent unintended consequences. Lifinity’s experience underscores the importance of continuously monitoring and refining the code to identify and promptly address such vulnerabilities, safeguarding the integrity of decentralized finance platforms in an increasingly sophisticated landscape.

Lifinity v1 operates as an automated market maker (AMM), utilizing algorithms to generate liquidity in trading pairs. Durden highlighted that Lifinity relies on a constant product market maker (CPMM) model to maintain equilibrium between two token quantities in a liquidity pool. The model is shared by other decentralized exchanges like Uniswap and Bancor. Lifinity v1, while not supporting a standard constant product (CP) curve used in traditional CPMMs, replicates its function. However, the bug’s unexpected return of a 0 price enabled the arbitrage bot to exploit the discrepancy, resulting in the drainage of funds.

Response from Lifinity and efforts to recover funds

Following the incident, Lifinity’s team is actively working on reintroducing liquidity to the pool. The team is reviewing the protocol code and implementing measures to recover the lost funds. Notably, Lifinity has updated its system to reject trades resulting in 0 amounts, aiming to prevent similar exploits in the future. Despite the severity of the drain, community members on platforms like X (formerly Twitter) emphasized that the incident was not a result of a deliberate attack.

As Lifinity addresses the aftermath of the exploit, the incident underscores the challenges and vulnerabilities associated with automated market makers and decentralized exchanges. The vigilance required to identify and rectify such bugs becomes crucial as these platforms continue to play a pivotal role in the evolving landscape of decentralized finance. As Lifinity works towards recovery, the broader community observes how the incident may influence the ongoing development and security practices within decentralized exchanges.

Conclusion 

Lifinity’s recent encounter with an arbitrage bot exploiting a bug in its protocol highlights the intricate challenges and potential pitfalls faced by decentralized exchanges. The incident underscores the critical importance of stringent error-handling mechanisms and continuous code scrutiny in maintaining the security and reliability of these platforms. As Lifinity diligently works to recover the drained funds and fortify its system against future exploits, the broader decentralized finance community remains vigilant, drawing valuable lessons from the episode to fortify the resilience of automated market makers and decentralized exchanges in an ever-evolving financial landscape.

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

Share link:

Haseeb Shaheen

As a Web Researcher and Internet Marketer, Haseeb Shaheen delivers relevant valuable content for audiences. He focuses on financial and crypto market analysis, as well as technology-related areas that help people change their lives.

Stay on top of crypto news, get daily updates in your inbox

Related News

Cryptopolitan
Subscribe to CryptoPolitan