![MetalSwap R&D [BLOG]](https://blog.metalswap.finance/hs-fs/hubfs/MetalSwap%20R%26D%20%5BBLOG%5D.png?width=1800&height=900&name=MetalSwap%20R%26D%20%5BBLOG%5D.png)
In the ever-evolving world of DeFi, challenges arise, and solutions are sought. At MetalSwap, we prioritize transparency, security, and innovation. Today, we address a recent challenge involving our liquidator system and outline the steps we're taking to enhance our platform's resilience.
A Brief Overview
Recently, our system faced an unexpected issue involving the single liquidator that was running on the MetalSwap system. For a brief period, the liquidation and execution of open positions were temporarily halted. The issue was caused by an external security breach affecting the address of a third party acting as a liquidator.
Understanding the Liquidator System
The liquidator system is an integral part of MetalSwap's infrastructure. It ensures the timely execution and liquidation of open positions, safeguarding the interests of our users. Evidence from this article highlights the need to evolve the liquidation system. The initial protocol idea of decentralizing the liquidator role has been complicated by the MEV incident as explained in the article. Although we incentivized the creation of multiple liquidators during the testnet phase, we didn't have the same incentive in the mainnet. The advantage of liquidators had diminished to the point of being reduced to zero. As a result, the incentive to create new liquidators has dwindled. In a situation where a liquidator is not operational, the liquidation system comes to a standstill, waiting for a resolution
The Challenge
On 15-10-2023, from 02:30 AM to 5:30 AM GMT, MetalSwap’s Liquidator faced an operational halt due to a lack of ETH to facilitate transactions. Upon investigation, it was discovered that a third-party address acting as an independent liquidator had been compromised. Furthermore, two non-critical MetalSwap-related addresses were affected: the Minter of Alphaclub NFTs and an address used on the Ethereum mainchain for promotional activities. The breach resulted in the unauthorized transfer of a small amount of ETH and other tokens from these addresses. The main result of the attack was a temporary disruption in the liquidation process on both Ethereum Mainnet and Optimism Mainnet. Following a thorough investigation into the causes of the attack, the liquidation system was promptly restored.
Here's a brief breakdown of the affected addresses attacked and the assets stolen by the attacker:
- Third party Address: 0xbE5e8a3A7bC2542BbbE3b43d6071C35E195932f2
- MetalSwap Alphaclub NFT Minter: 0x83473544150082a0265cB95EeFFB54E9EAf35995
- Metalswap Activities: 0x0B51F4A8Dd0f2C334BDf48759469Ca4D3eaB7724
0.09500519 ETH
- Liquidator: 0xa5761b21b87ee5A8c51c2cfE479963e8317abc9C
0.3677754 ETH
284.88 USDT
1.73896 ETH
Immediate Actions Taken
The MetalSwap development team acted swiftly upon identifying the breach:
- New Liquidator Deployment: A new liquidator was promptly set up with a different private key to ensure the Liquidator system's uninterrupted functioning and suddenly all the pending Hedging Contracts were liquidated.
- Security Enhancements: Immediate steps were taken to bolster the security of our systems and prevent similar incidents in the future.
- Investigation: We are actively collaborating with cybersecurity experts to trace the unauthorized transfers and understand the breach's full extent.
Addressing the Liquidator Issue
As previously discussed at the "Spaghetti ETH" bootcamp live event in Naples and in our articles, the liquidator system presents challenges in the DeFi landscape. MEV can lead to inefficiencies and potential losses for liquidators. In order to mitigate the risks associated with a single liquidator losing their keys, we have explored the possibility of integrating Chainlink Automation into our platform. By doing so, we could proactively safeguard our platform from potential issues that may arise in the event of such an occurrence
Chainlink Automation: A Potential Solution
Chainlink Automation could be the solution for automating and securing liquidation processes. We are testing this service in collaboration with Chainlink's development team. To strengthen the system, we are considering adding more emergency liquidators, technological improvements, and community involvement to find innovative solutions. We invite our community to share ideas and suggestions on our Governance Forum to improve MetalSwap's resilience.
-The DeFi Foundation
✎ What is MetalSwap?
MetalSwap is a decentralized platform that brings Hedging Contracts on financial markets with the aim of providing coverage to those who work with Digital Asset and an investment opportunity for those who contribute to increase the shared liquidity of the project. Allowing the protection for an increasing number of operators.
With MetalSwap we enable Hedging Contracts on the DeFi field, AMM style.