In the world of DeFi, resilience and adaptability are key. Inverse Finance found itself in the crucible of these ideals following a flash loan attack on Euler Finance, in which Inverse Finance DAO had DOLA exposure. Today, we're looking back at the critical steps taken by our team, in collaboration with several entities across the DeFi ecosystem, that led to the successful recovery of the entirety of our “at-risk” funds.
A Shake-Up in the DeFi World
The storm hit on March 13th, 2023. Euler, a non-custodial protocol on Ethereum that allows users to lend and borrow almost any crypto asset, was exploited for nearly $200M of digital assets including DAI, wBTC, sETH, and USDC. A well-known and respected project that had amassed over $300MM in TVL wiped out quasi-instantly, the exploit having been carried out using a mechanism known as a flash loan. These have proven to be a popular vector for exploits on decentralized systems, and one we at Inverse Finance are particularly familiar with as we suffered a similar event in the past.
The culprit’s actions impacted the DOLA-bb-e-USD pool on Balancer, where Inverse Finance had exposure through its AuraEuler Fed. Swift and decisive action taken by our Fed Chair multisig managed to mitigate 90% of the potential impact, but the DOLA Fed for this pool still incurred a loss of 863,157.88 DOLA. Immediately, our team collaborated with Balancer to pause the LP and devise a strategy for the recovery of the remaining funds.
The Path to Recovery Begins
In the immediate aftermath of the exploit, the road to recovery appeared challenging. Then, several weeks later, the tide began to turn. Facing exposure after the Euler team successfully doxxed him, the exploiter started to return funds in small tranches. By April 3rd, the majority of the seized funds had been returned.
With a significant part of the stolen assets returned, the stage was set for a recovery plan to be put into action. The Euler Foundation announced that it would be unveiling a plan to restore user deposits in the protocol's forum.
This unusual act provided some relief, yet the hard work of recovery was far from over. Our team understood that the journey to full recovery would require more than just the exploiter's remorse. Given our indirect exposure (via Balancer rather than directly from Euler) and somewhat complex Fed contract architecture, it was immediately clear that our recovery would require a multi-faceted approach, combining strategic collaboration between several projects, diligent tracking, and the innovative use of the smart contract environment.
Reward Credits Claimed, Funds Begin to Return
By mid-April, the recovery effort had already started to bear fruit. At this point, Euler had set up a redemption UI in the aftermath of the funds being returned by the exploiter. Through this UI, they made available a substantial amount of funds claimable by Inverse Finance. This consisted of 248.85 ETH, 114,771.68 DAI, and 8,846.51 USDC. This development was a significant step in the right direction towards recouping the losses incurred.
Simultaneously, we turned our attention to the pending rewards from the DOLA Fed linked to the LP. As the liquidity pool tokens had been collecting rewards during the time since the exploit, these "reward credits" had accrued and now amounted to 6,330.05 BAL and 21,864.00 AURA. By claiming these rewards, we were able to add another significant chunk to our recovery amount. To ensure the stability of the DOLA economy and protect its value, all of these returned funds, including the ETH, DAI, USDC, BAL, and AURA, were converted to DOLA.
This multi-pronged recovery strategy helped us secure a significant amount of the initial loss. The successful claim of these reward credits and funds demonstrated the efficiency and resilience of our recovery operations. The Etherscan transactions for these recoveries can be found here:
Despite the hurdles, the progress made thus far was encouraging. Yet, the journey was not over. The remaining funds, still frozen and at risk of being sniped by external arbitrageurs, presented a new challenge - a challenge that required the collective effort of the DeFi community. The final and crucial steps towards complete recovery would indeed test our resolve and the collaborative spirit of the DeFi space.
Balancer Steps In
As we progressed in our recovery journey, we found ourselves facing another significant hurdle. Inverse Finance held bb-e-USD tokens representing approximately $300,000 of the around $320,000 in liquid value still held in the bb-e-USD pool and rightfully owned by remaining bb-e-USD holders. However, our bb-e-USD was in a contract that didn't allow us to withdraw using the methods available at the time.
As the grace period for the pause window, first initiated the day of the exploit, was coming to an end on June 8th, this would potentially allow arbitrageurs to drain the remaining value from the pool. It was clear that action was needed to prevent this.
A comprehensive plan was actioned to unpause the pools early and run the arbitrage ourselves. The Balancer Intervention Proposal, or “BIP”, was to execute the arbitrage as soon as possible and distribute the recovered funds back to the remaining bb-e-USD holders, all within the same block. This all required the Balancer community's approval, a vital and appreciated collaboration as the DeFi protocol had to modify its mechanics for this initiative. BIP-299 was posted to snapshot, and passed with 3.7M veBAL (99.98%) voting in support. We tip our hat to the Balancer community.
The BIP was composed of a series of steps:
Grant permissions to Euler Linear Pools to unpause the DAO Multisig.
Unpause bb-e-USDC and bb-e-DAI.
Internally transfer all of the eDAI and eUSDC in the DAO Multisig to a helper contract.
Activate the arbitrage using a do_arb function on the smart contract.
Remove pause rights from the DAO multisig.
The followup BIP, BIP-319, distributed the proceeds from BIP-299 to Inverse Finance’s TWG address.
Special Thanks and the Role of Other Protocols
A special shoutout to TempleDAO for providing the eDAI and eUSDC required to run this process. Their involvement, alongside the cooperation of Euler, was vital in ensuring all required conditions were met on-chain to execute the arbitrage.
It's important to note that the payload provided was sensitive to changes in market conditions, and a dust factor was included to handle paying fees for trading the "wrong direction" in an off-balance linear pool.
Following the execution of the BIP, governance was brought forward to distribute the proceeds and internally transfer remaining eTokens back to the TempleDAO multisig.
The Final Mile: Reclaiming Remaining DOLA and Decommissioning Fed
Following the crisis mitigation efforts led by the Balancer intervention, we were left with a residue of 8,408 DOLA within the DOLA/bb-e-USD pool on Balancer. This represented the final, salvageable amount. With operations set to resume post the 'unpause' date of June 8th, we saw an opportunity to reclaim this remaining DOLA through a high-slippage Fed contraction.
To effectively execute this strategy, a modification in the maxLossWithdraw parameter was crucial, and required an escalation from the existing 5% limit to 100%. GovMills proposal 111 was put forth to the Inverse Finance governance, suggesting this strategic move, and it was promptly approved with 34.28k INV (100%) voting in favor.
The approved proposal represented a highly specialized scenario where a substantial slippage contraction could be beneficially exploited by the DAO. To substantiate the viability of this approach, Proof-of-Concept simulations were developed and executed, suggesting 8405 of the 8408 DOLA could be rescued if prompt action was taken. And low and behold… the rescue was successful.
Alongside the strategy to increase the maxLossWithdraw, the proposal also sought to remove the Aura Euler Fed as a DOLA minter. Given the pool's current state, fresh new DOLA being minted into the pool would not benefit the DAO. As such, the proposal also served to disable this function.
This strategic maneuver played an essential role in our recovery process, enabling us to reclaim the remaining DOLA from the pool and secure our financial standing. It further reinforced the importance of dynamic governance and strategic thinking in navigating the complex DeFi landscape.
At the time of this write-up, all assets recovered from the LP have been converted to DOLA and taken out of circulation by burning, a process carried out by the TWG Multisig. Our final balance stands as follows:
Reflection and Learning
The Euler exploit and our subsequent recovery journey served as stark reminders of the inherent risks associated with the DeFi space. These events pushed us to reconsider our risk management strategies relating to Fed exposures and served as a reminder that no protocol or partner is "too big to fail".
To reinforce this commitment and to provide our community with a clear and transparent view of our efforts, we are excited to debut our new "Bad Debts Dashboard" with this blog post. This live dashboard provides a comprehensive view of all bad debt accumulated and showcases our continuous efforts towards paying it down. It's our belief that such transparency will not only build trust with our community but also encourage us to hold ourselves to high standards of accountability.
The recovery journey also underlines the strength and resilience of the DeFi community. It showcased how various entities within the DeFi ecosystem can come together in times of crisis to protect and recover the interests of their users.
As we move forward, we remain committed to being a leading protocol in the DeFi space and will continue to work on improving our systems to ensure the security and trust of our community. The lessons we've learned through these experiences are invaluable and will undoubtedly shape our future actions.