The Ethereum DeFi space is scrambling this Sunday morning as this space has faced a series of bugs.
Fortunately, it appears that all three are going to be solved without too many issues.
Still, these bugs once again show how nascent this space is, and the importance of managing risk when dealing with these new and sometimes unaudited protocols.
Let’s break down what happened.#1: Saffron Finance bug
Saffron Finance is a complex derivatives product launched by anonymous developers and that was mostly unaudited.
Even still, it took the industry by storm when it launched on November 1st. Users deposited in tens of millions of dollars worth of DAI while prominent investors in the space mentioned it in a positive light. Of course, they caveated their comments with the statement that these contracts were unaudited.
Still, at the peak yesterday, there was around $60 million worth of value locked in the protocol.
Also, the project’s native token, SFI, had surged to a market capitalization above $10 million.
On Sunday morning, though, it became clear that something happened.
Saffron works on an epoch-based system, where funds are distributed every two weeks.
When the epoch was supposed to switch just hours ago, users began to notice they couldn’t withdraw their funds. The money was in the Saffron contract, it’s just that users could not call the redeem function.
Main developer “Psykeeper” explained that someone had deployed a “malicious” array that somehow disabled the withdrawal function.
SFI proceeded to dive by 50 percent.
Psykeeper noted that there is an emergency withdrawal function that will allow the funds to be recovered in eight weeks.
January 24th is the date to be watching for.
There may be an alternative withdrawal mechanism that may release the funds as early as today, though some think this is a risky play.#2: Rari withdrawal bug
Around the sa...