Proposal: Partial Liquidity Restoration for wUSDM on Venus ZKsync

Summary

Vanguard proposes the transfer of 200,000 USDC from the Venus Risk Fund to the Vanguard treasury multisig to restore partial liquidity to the wUSDM market on Venus ZKsync.

Details

According to the Chaos Labs post-mortem report, on February 27, 2024, a donation attack was executed on Mountain Protocol’s wUSDM Exchange Rate Oracle, impacting Venus and other protocols on zkSync. As a result, the Venus ZKsync market suffered $902K in bad debt. Of this amount, $185K has been successfully recovered, leaving a remaining deficit of $716K.

The exploit stemmed from Mountain Protocol implementation of the convertToAssets function from the ERC-4626 standard, which was susceptible to manipulation via external donations. Despite the vulnerability being disclosed to Mountain Protocol beforehand, it was not communicated during due diligence before Venus listed the asset.

Ongoing Efforts

Since the attack, Chaos Labs and the Venus team have actively monitored the attacker’s funds, engaged with Chainalysis, and contacted relevant authorities to freeze and recover assets where possible. Recovery efforts are ongoing.

Proposal Actions

While legal actions and fund recovery efforts continue, we believe this proposal is necessary to restore wUSDM liquidity and support users most affected by the incident, allowing them to unwind leveraged positions.

This proposal will execute the following steps:

  1. Transfer 200,000 USDC from the Venus Risk Fund (BNB Chain) to the Vanguard Treasury multisig wallet.

  2. Bridge the USDC to Ethereum (or another network with sufficient liquidity).

  3. Swap USDC for USDM via Mountain Protocol’s official frontend: Mountain Protocol Buy Page.

  4. Wrap USDM into wUSDM via: Mountain Protocol Wrap Page.

  5. Bridge wUSDM to zkSync using the official bridge: Mountain Protocol Bridge.

  6. Supply wUSDM to the Venus Protocol on zkSync, with vTokens transferred to the Venus Treasury wallet on zkSync.

Conclusion

This proposal seeks to responsibly reintroduce wUSDM liquidity to Venus ZKsync, strengthen the protocol’s capital base, and establish a precedent for secure asset management following the February 2024 exploit, which was a direct result of Mountain Protocol’s flawed oracle and exchange rate implementation.

By executing this plan, we aim to support affected users, enhance market stability, and reinforce Venus Protocol’s resilience against similar vulnerabilities in the future.

2 Likes