1/ When I first came up with the idea for this mechanic (that of virtual balances for introducing assets), I hesitated for a long time to actually use it because I feared it might be vulnerable to just this kind of attack.
2
0
1
48
2/ I sought feedback from the best eth devs I knew and tested everything I could think of trying to find a way to exploit it, because it just *felt* like it was vulnerable, but I couldn't actually see how.
2
0
0
47
3/ After a fairly long time of this, and after assessing a number of other options for rebalancing, I decided that it was the optimal solution for the protocol and that it was in fact safe; that I had been right to worry about it, but wrong about it actually being insecure.
1
0
0
39
4/ The thing is, I was *correct* about the basic mechanism- it works spectacularly well for removing external market dependencies - but I was so, so wrong to have confidence in the implementation.
1
0
0
42
5/ Looking at the aftermath, I feel it should have been incredibly obvious to me that extrapolating from one token was a disaster in waiting, but it wasn't, and the contract was in production handling tens of millions of dollars for nearly a year before it got hit.
1
1
0
48
6/ When working on large projects like this, it's easy to get tunnel vision and bore down on some optimization problem, trying to make something the best and most efficient version of itself without giving adequate consideration to best practices.
2
0
0
50
7/ In the future I will seek out as much feedback as I possibly can on core components like this before putting them out in the wild, and I certainly learned today that something being on mainnet for a long time doesn't make it secure.
2
1
1
63
8/ I'm extremely sorry to everyone who lost money because of a mistake I made 363 days ago. I haven't thought of this function more than a handful of times this entire year, and now people have lost about $16m because of it.
5
2
1
61
9/ I'll do my best to make this right, and I am incredibly grateful for all the support people have sent my way, especially @cleanunicorn and @andreiashu who stayed up late helping me analyze the transactions
9
1
0
109
Replying to @d1ll0nk
Maybe ante.finance might be a good tool to insure against areas in a contract where u feel might be vulnerable It's impossible to know all vectors in hindsight Pinging @AnteBear
1
0
0
10
agree, hard 2 kno possibl vulnerabilities ahead o time but @AnteFinance is useful if there r assumptions abt live behavior for ur code u believe in ahead of time then in gud faith, considr making and staking an Ante Test docs.ante.finance
0
0
0
5