A mistake by the developer of Defy Percent Finance led to the freezing of crypto assets for $1 million

A mistake by the developer of Defy Percent Finance led to the freezing of crypto assets for $1 million

Due to an error by the developer of the DeFi PercentFinance application, a fork of Compound Finance, 446,000 USDC, 28 WBTC and 313 ETH were frozen, the total value of which exceeds $1 million

The team of the DeFi PercentFinance platform wrote in a blog post that “there is a problem in some money markets that can lead to the permanent blocking of users’ assets.” The team froze the money markets for USDC, ETH, and WBTC.

A total of 446,000 USDC, 28 WBTC, and 313 ETH, equivalent to approximately $1 million, were frozen. According to a blog post, half of these assets are owned by the” community development team ” of PercentFinance. The withdrawal of money from other markets is open, but the team encourages users not to take out loans in any of the PercentFinance markets.

In a discussion of this vulnerability in Discord, the developer of Ethereum and PercentFinance Vfat, said that another developer who conducted the PercentFinance fork from Compound Finance “used old Compound contracts instead… newer, much better versions.”

Vfat has started updating some of these smart contracts, in particular regulating the interest rates on the platform’s loans. After Vfat completed the changes and deployed them, it realized that the signatures for the old and new contracts are incompatible, so transactions cannot be signed with them.

“The old and new interest rate models have different signatures for all these important features,” he said in a Discord chat. “Essentially, the token contract is trying to find an interest rate function that doesn’t work, so it fails on every interaction.”

According to Vfat, ” the Compound team has confirmed that this means a contract lock.” He noted that it is still too early to talk about a plan for asset recovery, since the protocol developers have not yet communicated with Centre or BitGo-issuers of USDC and WBTC, respectively.

In theory, USDC and WBTC issuers can blacklist addresses with blocked assets. After being blacklisted, BitGo and Centre could reissue the new tokens to the old owners, which Tether did
for a trader who mistakenly transferred 1 million USDT to the wrong address.

A spokesperson for Centre said the company can only interfere with USDC transactions if it obtains “a valid, binding court order from a competent US court that has authority over Centre.”

As for other recovery efforts, Vfat said one proposal at an early stage involves launching new contracts for USDC credit markets. Although 27% of the loans are fixed in the old contracts, the new contracts will allow borrowers to pay off the remainder of their loans, thus obtaining their collateral and paying lenders $0.73 cents per $1. At the same time, there are no opportunities to return the ETH blocked in the contract.

“Regardless of further actions, I take responsibility for the lost assets and will do everything in my power to recover the losses,” Vfat said.

Recall that recently a user mistakenly sent
AAVE tokens worth $1.1 million to the address of the token smart contract. Now these tokens are blocked and cannot be returned.