LP did not lose but made a small profit, remembering a blessing in disguise for a security breach attack.
Written by: LeftOfCenter
The two-day fixed-interest encrypted lending agreement 88mph, which has just started liquidity mining for two days, was urgently shut down due to contract loopholes. Fortunately, the project party responded quickly to transfer funds safely and completed the vulnerability repair in less than 24 hours. , And announced that it will restart the second round of liquidity mining at 4 a.m. Beijing time on November 21. The newly launched liquidity mining will also last for 14 days, and 88,000 MPH tokens will be distributed to participating users.
What’s quite dramatic is that because the team frozen the attacker’s $100,000 worth of assets in the MPH bond contract and decided to allocate these additional proceeds to the liquidity provider, this attack not only did not cause users to suffer losses. Instead, the first batch of participants won an unexpected “reward . “ The application interface is currently online, 88mph liquidity providers can apply for ETH here .
In this head-on confrontation with hackers, the 88mph development team effectively protected the user’s property security through timely responses, and completed the vulnerability repairs in a short period of time, which instead won the project’s reputation . However, this security incident has once again sounded the alarm for the market. High-profit DeFi games also breed high risks . Even experienced developers and approved contracts cannot guarantee 100% security.
The beginning and end of the 88mph attack
On November 16, the fixed-interest encrypted lending agreement 88mph started liquidity mining.
According to the official announcement, the liquidity mining will last for 14 days . Users can obtain their native token MPH by depositing and purchasing floating-rate bonds, and earn more native token MPH by providing liquidity for MPH/ETH trading pairs on Uniswap , 88mph will allocate a total of 88,000 MPH through this mining plan , with a daily allocation of approximately 6285 MPH.
Just two days after the start of mining liquidity, a attacker utilization MPHMinter contract loophole trying to steal all ETH in Uniswap liquidity pool, the results of the project were found and notified the parties famous white hat samczsun.
The developer immediately suspended the liquidity mining, transferred the funds in the ETH/MPH pool to the governance multi-signature wallet to keep the funds safe, and permanently fixed the loopholes in less than 24 hours.
At the same time, because the development team frozen the attacker ’s assets worth $100,000 in the MPH bond contract and decided to allocate these additional proceeds to the liquidity provider, the ETH was airdropped to the liquidity provider. Including the principal and part of the attacker’s ETH. In other words, this time the attack on the user’s property not only caused no loss, but also made a small profit.
As of now, 88mph has announced that it will restart the second round of liquidity mining at 4 a.m. Beijing time on November 21. The newly launched liquidity mining will also last for 14 days and will distribute 88,000 MPH tokens to participating users.
It is worth mentioning that the developer of 88mph, Zefram Lou, has a solid background and is involved in the core development of multiple blockchain applications including Betoken . He is good at Ethereum dApp development, proficient in Python, Java, and Web and iOS development. In blockchain, machine learning, virtual/augmented/mixed reality, etc., the projects involved include anti-whale DAO organization WhalerDAO , non-destructive donation agreement PoolDAI and DAO platform Fantastic12.
In fact, 88mph earlier on already Quantstamp safety approval. According to the security audit report issued by Quantstamp, 88mph’s deposit and bond smart contracts have passed Quantstamp’s audit, and its liquidity mining and pledge contracts are forked from Synthetix. The ownership of all contracts has been transferred to the Timelock contract. (Timelock contract address: 0x4027d912A19E3Cd540FB580aF6A9088eAC738566#code)
The safety audit, Quantstamp found a total of 16 questions, of which, there are two high-risk issues (resolved), there is a risk (resolved), low-risk issues 8 (resolved), information There are 3 risk issues ( solved ).
It can be seen that only the deposit and bond smart contracts have passed the Quantstamp security audit, and the attack is caused by the MPHMinter contract vulnerability .
This reminds us once again that when participating in a high-return DeFi mining strategy game, security should be regarded as the top priority. Even if the team has rich development experience and the contract has been reviewed, it cannot guarantee 100% security.
However, the project called “88mph” is still worth noting in terms of security risks. The following briefly introduces the unique features of 88mph, the realization principle, the unique economic model, and the elimination of security risks. This project Is liquidity mining worth participating in?
What exactly is 88mph?
88mph is a new fixed-interest crypto lending protocol that allows users to deposit a variety of crypto assets to earn fixed-rate interest. At this time, depositors can obtain an NFT voucher representing their deposited funds while maintaining unlimited liquidity. This is different from most floating interest encryption protocols. The currently supported encrypted tokens are aUSDC, cUSDC, cUNI, yUSD and ycrvSBTC.
In other words, if you deposit 100 DAI in 88mph at a fixed annualized APY of 10%, the storage period is 1 year, and after 1 year expires, you can get 110 DAI.
For such volatile crypto assets, how does 88mph always provide fixed interest rates? Does 88mph always guarantee the acceptance of fixed interest rates for depositors? Is there a risk?
To clarify these problems, you need to understand the operating principle of 88mph.
Realization principle
In fact, when users deposit encrypted assets ( USDC/UNI/yCRV/crvSBTC ), 88mph will invest these funds into various DeFi income agreements such as Compound, Aave, and yEarn to earn floating income, thereby providing a fixed amount of storage for users. Interest provides a source of funding.
You may ask, the interest of these DeFi income agreements are all floating. What if the income generated is less than the fixed interest payable to storage users?
88mph solves this problem by aggregating all deposits in one fund pool, which means that 88mph puts all stored funds into a separate pool, and once the deposit period is over, users can withdraw deposits from it.
What are the benefits of putting all deposit funds in a separate pool?
The first benefit is to balance risks . Since there are many different protocol tokens in the pool, when the floating interest rate APY of one protocol falls, it is possible that the floating interest rate APY of another protocol is rising. At this time, the debt caused by the fall of the former can be caused by the floating rate of the latter. APY rose to make up for it. Thereby reducing the risk of bankruptcy and improving the stability of the interest rate of various encrypted assets in the 88mph system.
The second benefit is to maintain the solvency of 88mph. The maturity date of each deposit in a pool overlaps in time, that is, when an earlier maturity deposit has an income deficit, another deposit with a later maturity date can be used to pay the former’s income difference. Although this alone cannot directly solve the debt problem, the combination of risk balance and the volatility of floating interest rates can help maintain 88mph’s solvency.
What if something worse happens? That is, if the floating interest rate APY drops to a very low level and maintains this value for a long time, then the fixed interest rate value generated based on the higher floating interest rate will generate a deficit at the beginning, and it may not be possible to accept the interest income of the depositor on the maturity date, and time In the long term, it may even lead to bankruptcy of the entire pool.
To this end, 88mph also provides a mechanism “floating rate bonds” . After purchasing floating-rate bonds, the debts generated by one or more deposits in the pool can be filled, in exchange, and bond buyers get the income generated by these deposits.
For example, if Kevin’s one-year deposit interest is not generated enough, it brings a 5 tokens interest debt deficit (5% fixed interest rate) to 88mph. At this time, Chad purchases the debt’s floating rate bond and fills it up. Debt.
At this time, the risk return that Chad can obtain is the floating interest rate return generated by these 105 tokens. Since 88mph’s fixed interest rate income is equal to 75% of the initial floating interest rate, as long as the average floating interest rate falls within the validity period of Kevin’s deposit by no more than 25%, Chad will always make a profit, and if the floating interest rate rises, its profit will be increase. Chad is essentially going long on floating interest rates .
Of course, in order to ensure the security of the system and encourage the purchase of “floating rate bonds”, 88mph also adopted the MPH token reward program, which means buying “floating rate bonds” to earn MPH tokens.
What is the use of MPH tokens?
88mph’s core business is to provide fixed-interest crypto lending services , allowing users to lend a variety of crypto assets to obtain stable interest income, which is calculated based on the floating interest of the token at the time of deposit (it is 75%). It meets the needs of DeFi users who want to find stable annual returns . On the other hand, ” floating interest rate bonds” provide a certain degree of insurance mechanism to provide more stable security for the system. In fact, this is relatively risky. Stratification allows users with higher risk appetites the opportunity to obtain higher returns while taking certain risks.
The above two functions are the key points for 88mph to generate long-term value. That is to say, only the more its core business is used, the greater the value it generates, thus generating a positive cycle based on the entire ecosystem.
In order to incentivize more people to use these core businesses, 88mph launched the liquidity mining program (initial token distribution). As long as the two core businesses of the platform (fixed interest deposits and purchase of floating rate bonds) are used, you can Receive MPH token rewards. Fixed deposits are awarded MPH tokens based on the proportion of interest income generated by deposits , while floating rate bond purchases are rewarded based on the proportion of the purchase amount .
88mph currently supports aUSDC, cUSDC, cUNI, yUSD and ycrvSBTC. There are 7 options for a fixed storage period ranging from the shortest 7 days to the longest 1 year.
However, and most of the mining project is different, holding MPH token is not permanent, but only valid within the business validity, once expired, depositors can get back the principal and fixed interest income at this time The equity certificate NFT is destroyed, and 90% of MPH reward tokens must be returned to the governance vault.
In other words, before the expiration of the deposit business, you can use these rewarded MPH tokens to do various operations to earn income. For example, you can participate in liquid mining activities to get more token rewards. According to the plan, liquidity providers can provide liquidity for the MPH/ETH trading pair on Uniswap, and at the same time pledge the LP tokens of the trading pair on 88mph to earn MPH token rewards, within 14 days of the mining validity period , 88mph distributes a total of 88,000 MPH, and the daily distribution is approximately 6285 MPH.
During the 14-day liquidity mining validity period, MPH token holders can earn more MPH tokens by participating in providing liquidity , or pledge these MPH tokens on the platform to earn more income . The sources of income include Other related agreements (such as Compound and Curve) farming income, as well as the expenses incurred on the 88mph agreement (each withdrawal of 88mph will deduct 10% from the interest as the agreement fee), the reward is issued in the form of DAI . Essentially, MPH token is a production token with a valid period, which can only be borrowed by participating in the core functions of the platform. During this period, you can use it for profit maximization operations.
In addition, 88mph uses NFT as a user’s deposit and purchase voucher . Every deposit and bond purchase will generate an NFT voucher, and the holder has the right to withdraw the principal and earn interest. The composability of Ethereum gives the NFT unlimited possibilities. For example, the NFT can be used as collateral to make loans on loan platforms such as RocketNFT and repay the loan after the deposit expires.
Extended reading: Panoramic interpretation of the next crypto investment boom NFT
It is foreseeable that after a round of liquidity mining is over, basically most of the MPH tokens obtained from mining will flow into the governance fund. At this time, there will be no MPH token rewards for the purchase of floating-rate bonds, but only deposit function rewards. Then it will restart the next round of 14-day liquidity mining.
Team, governance and product roadmap
88mph is a project in the second round of Aave’s eco-funding program and has passed Quantstamp’s safety audit.
As part of the Aave Ecological Funding Program, the protocol supported by 88mph is the first to bear the brunt of Aave, but for the time being, only one of the token assets aUSDC is supported, and the supported token assets include cUSDC, cUNI, yUSD and ycrvSBTC. The team stated that they will integrate more Aave V2 and more assets in Curve .
In addition, 88mph plans to launch a smarter fixed-rate APY strategy . In addition, 88mph plans to develop more NFT application potentials, to integrate deposit NFT as an asset certificate to sell on more Opensea or Rarible , mortgage and borrow more assets on Nftfi , etc.
Governance
Like most mining projects, 88mph encourages users to perform core operations to obtain governance token rewards. The difference is that 88mph token rewards have a time period, which is only valid during the business period, but after expiration, you have to Return 90% of the tokens to the governance fund treasury (Governance treasury, address 0x56f34826Cc63151f74FA8f701E4f73C5EAae52AD). 88mph plans to integrate Snapshot to activate community governance and integrate protocol parameters into the governance module. MPH holders will have voting rights to decide how to dispose of these funds.
In other words, after each user operation, the real tokens obtained are only 10%. If you want to obtain 100% of the tokens, you have to spend another money to buy back 90%, or spend more (10 times) more effort to mine Mine, get back the tokens, have a larger proportion of governance rights. The result of this design mechanism is that users either carry out more operations or spend more money to buy tokens in order to obtain voting tokens with a greater proportion of governance authority.
In the 88mph ecosystem, MPH tokens are endowed with governance functions. Holding MPH tokens can vote on various community proposals, including but not limited to protocol parameter changes, the return ratio of MPH tokens (currently 90%), and new incentive mechanisms , Capital efficiency strategy and growth, etc. In addition, MPH tokens are also endowed with various income-generating functions , whether it is pledge to generate interest (reward DAI) or provide liquidity to generate interest (reward MPH tokens), you can get more benefits.
It can be said that MPH token is not only a governance equity token, but also a production token, equivalent to a production tool , but the use of this production tool has a time limit. For the holders, “renting” means that time is tight, which will encourage them to do their best to produce income and maximize the income. On the other hand, if their own production income continues to grow organically for a period of time, then The income cultivation of this lease mechanism is also conducive to promoting existing users to extend their business, and to a certain extent can promote the organic growth of the platform’s core business.
Development Fund
Every time a deposit operation or bond purchase occurs, MPH will be minted. At the same time, the system will mint an additional 10% of MPH tokens based on the newly generated MPH tokens and send them to the developer fund to pay for the agreement Future development and maintenance costs.
Decentralized finance is still in its early stages. The other side of high returns is the need to bear high risks. High risks not only mean that frequent attacks may make you lose money, but also as a decentralized capital-guaranteed financial management service , There is still the risk of interest rate fluctuations, and it remains to be verified whether the asset scale of the inferior (buying floating-yield bonds) can meet the system requirements.
Source link: twitter.com
