DeFi | Cover Protocol token issued in excess, quickly understand this decentralized insurance platform
Cover Protocol (COVER) was reportedly exploited on the evening of the 28th, with Twitter users claiming that it was manipulated, resulting in a loss of two million US dollars. The token price plummeted significantly from the $800 level. This article will review the hacking incident and provide a brief overview of what COVER is doing.
Table of Contents
Cover Protocol COVER Attacked
At nearly 7 PM, Twitter user @DeFi_LATAM reported that Cover Protocol COVER was exploited due to a mechanism flaw, resulting in a $2 million arbitrage. Twitter user @Luciano_vPEPO also mentioned that Cover Protocol's protocol was manipulated by pledging > unlocking pledge + claiming Claim > re-pledging, repeating the process. Officially, it was explained that hackers were able to mint COVER tokens limitlessly through a vulnerability in the reward contract to profit from it.
$COVER exploited:
tl;dr infinite minting bug on their incentives contract
stake > unstake + claim > re-stake > repeat https://t.co/EM33wPoJR7 pic.twitter.com/UxomHAdHrM
— PEPO (@0xPEPO) December 28, 2020
However, it was emphasized that this only affects the price of COVER and does not harm the protocol itself. Due to the increased issuance and subsequent price drop of COVER, the exchange Binance quickly suspended trading of COVER.
White-Hat Hacker Assists in Returning 4,350 ETH
Nearing 10 PM, the address labeled as Grape Finance, after minting a large amount of COVER tokens, proceeded to burn most of them. After selling some tokens, they ultimately returned 4,350 ETH.
They posted on Twitter:
"Take care of your mess next time. We didn't make anything, and all the funds obtained were returned."
Cover Protocol's Official Response, Thanks to Taiwanese White-Hat Hackers
At 10 PM, Cover Protocol responded: "The team is currently investigating the incident, and the vulnerability is no longer effective. Please do not buy COVER tokens and withdraw liquidity from the COVER/ETH pool on SushiSwap. CLAIM and NOCLAIM tokens on Balancer are not affected." The official statement also mentioned that new COVER tokens will be provided through a snapshot taken before the attack, and the amount returned by the hackers will be given back to liquidity providers.
The team is still investigating the current incident. The exploit is no longer possible.
The exploit is no longer possible. Please do NOT buy $COVER tokens, and remove your liquidity from the COVER/ETH pool on sushiswap.
CLAIM/NOCLAIM balancer pools are unaffected
— Cover Protocol (@CoverProtocol) December 28, 2020
After resolving the situation, Cover Protocol expressed gratitude to many individuals. They particularly thanked Leo Cheng, MachiX CEO and co-founder of CREAM in Taiwan, for his assistance. It is rumored that this incident was halted after white-hat hackers exploited the vulnerability to drain the funds before stopping the losses.
Interestingly, the DeFi project Grape Finance GRAP also gained attention, with GRAP quickly being listed on exchanges and surging over 20 times. Leo Cheng mentioned on Twitter that this was a classic case of white-hat hackers simultaneously engaging in DeFi marketing.
Other Hackers Inflict Partial Damage
According to analysts at The Block, the hacker with the address starting with 0x5d8d9f, who first exploited the vulnerability, may have minted 11,700 COVER tokens, then swapped them on 1inch for 83.46 WBTC, 866,300 DAI, and 15,000 ETH, totaling $4.4 million, which has been transferred to a new address. Another hacker with the address starting with 0x8fba30 minted 55,000 COVER tokens, then exchanged them on 1inch, Matcha, and Sushiswap for 464,000 DAI, and 18,000 ETH, dispersing the profits to three wallets. These are just two examples listed.
4/7 The little discussed today address (0x8fba30), in turn, was able to mint 5.5k tokens.
Everything was successfully swapped via 1Inch, Matcha, and Sushiswap to 464k DAI, 1.8k ETH.
The funds are now split between three wallets. pic.twitter.com/fi2wKl0xDh
— Igor Igamberdiev (@FrankResearcher) December 29, 2020
What is Cover Protocol COVER?
It allows DeFi users to obtain financial insurance when facing smart contract risks. The platform believes this model can increase trust between protocols, enabling more investors to enter DeFi.
Who are the Creators of Cover Protocol COVER?
The core developer is Alan, Twitter account @chefinsurance. Cover Protocol's precursor was called Safe, and after a core developer Azeem left due to controversy, with support from developers like Andre Cronje from Yearn, Safe was improved into the current Cover Protocol.
What are the DeFi Insurance Claim Scenarios?
During the coverage period, if a designated smart contract or smart contract system is hacked, exploited, or manipulated economically, resulting in substantial losses of funds stored in the smart contract or irreversible transfer of funds from the owner, covered users can claim compensation within three days of the event.
Who Determines Eligibility for Claims?
The Claim Validity Committee (CVC) is responsible for verifying claims. Under the normal procedure, a claim application must first be submitted, and after approval by COVER holders' vote, it will be reviewed by the CVC, who will decide on the claim and the amount. Current members include cybersecurity companies Packshield, The Arcadia Group, etc.
How Does Cover Protocol COVER Operate?
Cover Protocol provides P2P insurance claims through fungible tokens, with token prices determined by a bonding curve. Different roles in this system offer various benefits, forming an economic circle.
To understand its operation, it starts with who provides the insurance funds. The liquidity provider Maker, MM, is responsible for depositing collateral assets and providing insurance funds. After depositing funds, they receive two types of fungible tokens, CLAIM tokens and NOCLAIM tokens, meaning for every DAI deposited, they receive one CLAIM token and one NOCLAIM token.
If a claim event occurs during the coverage period, a holder of a CLAIM token will receive one DAI, with the NOCLAIM token having no value; conversely, if no claim event occurs, a holder of a NOCLAIM token will receive one DAI, with the CLAIM token having no value.
For the liquidity provider, they can choose to sell the two tokens on hand to earn rewards or provide liquidity for the two tokens in the Balancer liquidity pool to earn transaction fees.
For the Coverage Seeker seeking DeFi insurance, they can search for assets they want to insure in the Marketplace and purchase CLAIM tokens, with each token redeemable for up to 1 DAI.
Cover Protocol COVER Shield Mining
Shield mining is a product that allows mining with COVER tokens, where individuals can join any COVER-related liquidity pool in Balancer, add LP Tokens to provide liquidity, earn transaction fees, and help with liquidity. Participants can earn COVER tokens.
Additionally, there is a COVER/ETH liquidity pool in SushiSwap.
Related
- TON lockup value plunges by 53%, Telegram DeFi protocol assets hemorrhage, TON staking decreases
- Asian communication giants join forces to create the fastest L1! Kakao and LINE's Kaia mainnet is now live
- Vitalik Not So Fond of DeFi? Developers Question Contradictory Attitude, Vitalik Reveals DeFi Preferences