Warp Finance, a DeFi lending protocol that suffered an $ 8 million flash loan shortly after its release, is now gearing up for a relaunch that will include an integration with oracles by Chainlink.
The inclusion of Chainlink oracles reportedly serves as protection against similar exploits. Flash loan operations use a feature that allows an unlimited amount to be borrowed, as long as it is also returned within the same Ethereum block. According to the team, security experts determined that the main cause of the exploit was an exploitable price oracle.
The problem appears to have been exacerbated by Warp Finance’s use of liquidity provider tokens as collateral. This feature is one of the main selling points of the protocol, as it allows to commit yield-bearing tokens as collateral, combining both the proceeds from trading fees and from borrowers using the protocol.
According to DeFi whitehat hacker Emiliano Bonassi, the exploit is relied on on the fact that Warp Finance oracles did not correctly calculate the underlying value of the pool tokens. The new protocol will use Chainlink price feeds for all critical functions – especially the value of the LP tokens used as collateral.
Chainlink and its founder, Sergey Nazarov, have often believed that price oracles should cover as much of the market as possible. Indeed, many flash loan exploits are closer to market manipulation than outright software bugs. Even if no malice is present, incidents such as Compound’s Outrageous Liquidation Event in November could have been avoided with more market coverage. Compound relied only on prices from Coinbase and Uniswap, which temporarily published a very high price for Dai.
When asked by Cointelegraph why Warp Finance didn’t use Chainlink oracles at first, a spokesperson replied:
“Uniswap oracles have been an option for many projects seeking price feeds for different use cases. As such, we launched for the testing phase in the same way as other lending platforms, with the option to upgrade later. “
The spokesperson further noted that a significant portion of DeFi projects do not use Chainlink, and they believe the relaunch “gives our users a lot more peace of mind about the security of our protocol.”
Warp Finance too prepared a compensation plan for affected users, have already recovered 73% of the stolen money.