After news broke of this incident, rates of corresponding stablecoins fluctuated as Curve.fi’s rate balance was broken by a flash loan attack.
As you would expect, some aggregators, especially stablecoin yield farms, are linked to curve. Therefore, these events may result in an instant rate deviation in those aggregators’ business logic.
At present, there is about a 17% loss of fUSDT and fUSDC in Harvest (fUSDC share price is 0.83). Notably, whilst this is a bug resulting from Harvest’s strategy, ultimately all Harvest users will need to suffer the loss together.
Since their debut in the first half of the year 2020, flash loans have become a “heavy weapon”. Theoretically, they can use all the assets stored on Ethereum. Furthermore, as long as a transaction is finally completed, all of the included logic (process) will be executed and potentially result in a zero-risk use of capital to seek profits from bugs.
Since the emergence of liquidity mining, the stablecoin AMM represented by Curve has become the most important stablecoin in the wealth management field. It is also the first time that the blockchain has employed the use of the “stablecoin deposits and interest generation” mode, which is closer to that of modern banking and finance.
DeFi is gradually moving towards rationality. Many sophisticated and institutional investors that hold stablecoins have gravitated to a new world of financial management that is increasingly more reassuring to them than centralized exchanges.
However, the benefits must always co-exist with their corresponding risks. The biggest risk of a project like Curve lies in the “super attack”. This may involve black swan incidents involving the issuers of stablecoins, its own mathematical vulnerabilities, or a hacker project represented by flash loans.
Unfortunately, after Uniswap was exploited by various flash loan attacks in the first half of the year 2020, such as BzX and other project, Curve also implemented flash loan utilization room and logic. This led to the emergence of wealth management agreements such as Harvest that relied heavily on the Curve liquidity pool for pricing.
In the arbitrage space, hackers needed to only use the unreasonable exchange rate change caused by the change in the Curve exchange rate to recharge a certain stablecoin on Harvest at a very low cost. This allowed them to grab a large proportion of Harvest’s own liquidity pool.
One usually must occupy the same pool share and compete fairly with other users with funds, but because only hackers saw and took advantage of this huge exchange rate change, it required very little principal to seize the power of the liquidity pool.
Subsequent to this, the hacker restored the Curve exchange rate to normal. However, at this time, the principal corresponding to the Harvest fUSDT and fUSDC liquidity pools were all withdrawn by the hackers according to their own proportions, and other users bore the principal loss.
Although Curve did not directly participate in the vulnerability generation, there is no doubt that it created an extremely powerful attack vector with the flash loan. Although Curve LP may not suffer much loss this time, they are very likely to suffer from impermanent loss and slippage. Notably, we refered to the amplification factor vulnerability of Curve not long ago and this was used again by hackers to gain chain arbitrage.
MOV SuperTx V1 is a stablecoin AMM that was born in May this year for benchmarking Ethereum Curve. The core principle adopts a curve construction path similar to that of Curve, but expands Curve’s two-dimensional curve formula to a three-dimensional surface.
Through the integrated control of the amplification factor and the asset types of the pool, it can flexibly expand a variety of stablecoin assets, achieve risk isolation, and flexibly adjust the formula coefficients according to the specific business and user volume of each stablecoin, while having a more sensitive and safe slippage protection mechanism. This is the embodiment of MOV SuperTx ‘s pursuit of user safety.
In response to flash loan attacks, MOV SuperTx relies on the Bytom sidechain Vapor based on BUTXO, which cuts off the construction of flash loan attacks at the contract level.
Therefore, unlike many DeFi projects on Ethereum, the security factors to be considered are different. DeFi applications on MOV will not be affected by flash loans. Moreover, side-chain isolation will also not be affected by Ethereum’s own flash loan attacks.
MOV SuperTx also successfully completed its own liquidity mining operation in September this year, attracting more than 50 million US dollars of stablecoins (USDC, USDT, DAI) to participate in the liquidity pool. A comparison of slippage between Curve and MOV SuperTx at that moment is as follows:
For example, if we use 100,000 USDC to exchange DAI, we can get 99,055 DAI on Curve and 99,042 on Swerve, but we were about to get get 99,105 on SuperTx.
This advantage is not only because SuperTx attracts massive capital injections, but also because it builds core formulas from the ground up. For example, its formula and parameter control principles are different from Curve, as are the slippage advantage and security protection mechanisms.
(MOV SuperTx multi-dimension curve)
（Construction path of MOV SuperTx core formulas）
MOV SuperTx core formulas:
MOV SuperTx rate formulas:
MOV SuperTx is the largest stablecoin trading market beyond Ethereum and you can enjoy high speed and cheap fees on Vapor sidechain. MOV will rely on MOV ecosystem to link more scenarios such as MOV stablecoin pledge framework which will bring more profits for LP.
As for MOV SuperTx core theory, here is a reference: