DeFi protocol Gamma strategy shows vulnerability after preliminary investigation

Gamma Strategies – The DeFi protocol built on the Ethereum blockchain has fallen victim to an exploit, resulting in a loss of nearly $3.4 million. In response to the attack, the protocol quickly implemented measures to prevent further losses, temporarily disabling deposits to all public DeFi repositories and reactivating them for users who need access to their funds.

The exploit was initially identified by blockchain investigator PeckShield on January 4, which was confirmed by Gamma Strategies. The platform announced that it has identified the cause of the problem.

The cause is revealed

Gamma warehouses include four main defenses against flash loans. These include forcing the ratio of Token0 to Token1 to match the pool ratio, setting a price change limit when the price change exceeds a specified amount, enforcing a deposit rate, and prohibiting unilateral deposits.

The main issue with the protocol stems from the settings on the price swing limit, which is set very high, allowing for up to 50-200% price swings on certain LST and stable coin vaults. This allowed the attacker to control the price up to the ceiling and generate an unusually high number of LP tokens.

Gamma Strategies defined the action plan, which included setting all price volatility limits to a safe baseline. It also plans to rope in a third-party code review to ensure that this attack is effectively mitigated before deposits are reopened.

A comprehensive post-mortem analysis will also be released soon. However, Gamma Strategies has yet to confirm whether it intends to compensate the victims in addition to “maximizing recovery for all affected users”.

“The last note is that although the deposits are closed, our balances and the management of the positions are not affected by the exploit, so they are still active.”

Another hack in 2024

In the year In the first four days of 2024, the cryptocurrency market experienced two security breaches.

Orbit Chain, the project that facilitates Chain Bridge, was hacked earlier this week, destroying more than $80 million in assets. The attacker was able to find seven of the ten multisig signatories, resulting in a total loss of $81.5 million.

Most of the stolen funds consisted of stablecoins, with $30 million in USDT, $10 million in USDC, and $10 million in DAI. Additionally, about 231 WBTC ($10 million) and 9,500 ETH ($21.5 million) were also compromised.