Proposal: Partial Liquidity Restoration for wUSDM on Venus ZKsync

Summary

Vanguard proposes the transfer of 400,000 USDT from the Venus Risk Fund to the Vanguard treasury multisig to restore partial liquidity to the wUSDM market on Venus ZKsync.

Details

According to the Chaos Labs post-mortem report, on February 27, 2024, a donation attack was executed on Mountain Protocol’s wUSDM Exchange Rate Oracle, impacting Venus and other protocols on zkSync. As a result, the Venus ZKsync market suffered $902K in bad debt. Of this amount, $185K has been successfully recovered, leaving a remaining deficit of $716K.

The exploit stemmed from Mountain Protocol implementation of the convertToAssets function from the ERC-4626 standard, which was susceptible to manipulation via external donations. Despite the vulnerability being disclosed to Mountain Protocol beforehand, it was not communicated during due diligence before Venus listed the asset.

Ongoing Efforts

Since the attack, Chaos Labs and the Venus team have actively monitored the attacker’s funds, engaged with Chainalysis, and contacted relevant authorities to freeze and recover assets where possible. Recovery efforts are ongoing.

Proposal Actions

While legal actions and fund recovery efforts continue, we believe this proposal is necessary to restore wUSDM liquidity and support users most affected by the incident, allowing them to unwind leveraged positions.

This proposal will execute the following steps:

Normal VIP on ZKSync, to execute the plan defined on an Auxiliary contract (WUSDMLiquidator). This VIP will include the following commands:

  1. Temporary upgrade of the Comptroller, to allow Close Factors equal to 100% (that would allow the Auxiliary contract to liquidate 100% of the debts)
  2. Grant special permissions to the Auxiliary contract, to temporarily:
    1. resume the wUSDM market
    2. set the Close Factor to 100%
    3. set the Collateral Factor of vwUSDM equal to the Liquidation Threshold
    4. set to 0% the liquidation bonus for the protocol in the Core pool
  3. Execute the plan embedded in the Auxiliary contract:
    1. inject wUSDM liquidity into the Venus market ($400K)
    2. borrow WETH, USDT and USDC.e
    3. liquidate wallets using wUSDM as collateral (”Accounts 2-5”)
    4. repay the pending bad debt on behalf of Accounts 2-5
  4. Remove permissions from the Auxiliary contract granted in step 2, restore the original values in the parameters updated in step 2, and restore the original implementation of the Comptroller

This contract won’t repay the bad debt of the Account 1. That would require more funds

Pre-requirements

  • The Auxiliary contract must be deployed and owned by Governance on ZKsync Era
  • The Auxiliary contract must be funded with $400K in wUSDM

Auxiliary contract

Steps to be performed by that contract (in the VIP transaction):

  1. configuration steps:
    1. Increase Close Factor to 100% in the Core pool - to allow liquidations of 100% of the debt with one operation
    2. Increase Collateral Factor of the wUSDM market - to increase the borrowing power of the Auxiliary contract
    3. Set to 0% the liquidation bonus for the protocol in the Core pool - to receive as many vwUSDM tokens as possible in the Auxiliary contracts on each liquidation
  2. supply wUSDM to the Venus market, and enable it as collateral
  3. for Account 2:
    1. borrow WETH, and liquidate Account 2
    2. repay the pending WETH debt on behalf of Account 2
    3. seize vwUSDM, this will increase the borrowing power of the Auxiliary contract
  4. for USDC.e:
    1. borrow USDC.e and liquidate Accounts 3, 4 and 5
    2. repay the pending USDC.e debt on behalf of these accounts
    3. seize vwUSDM, this will increase the borrowing power of the Auxiliary contract
  5. for USDT:
    1. borrow USDT and liquidate Accounts 3, 4 and 5
    2. repay the pending USDT debt on behalf of these accounts
    3. seize vwUSDM, this will increase the borrowing power of the Auxiliary contract
  6. restore original values:
    1. Restore the liquidation bonus for the protocol to 50% in the Core pool
    2. Restore Collateral Factor of the wUSDM market
    3. Restore Close Factor in the Core pool

The following diagram shows the sequence of changes in the debts and collaterals of the involved wallets during the execution of the plan. All these changes will occur in the same transaction, when the VIP is executed. The USD amounts are approximations, for the sake of clarity. The contract will use exact amounts taking into account the balances when it’s executed.


Sequence of changes in the debts and liquidity of the relevant markets and accounts during the execution of the plan embedded in the Auxiliary contract

Extra considerations

  • the Auxiliary contract can be executed only by Governance, and the relevant accounts are hardcoded. So, no one else will be able to take advantage of this operation.
  • at the end of the process, the Auxiliary contract will have a debt of WETH, USDC.e and USDT, collateralized with wUSDM. An EOA could be approved as a valid delegate of this wallet. This EOA would mange this debt (reducing it as soon as there are enough wUSDM on chain). To be decided

Summary

  • Inject $400K to the wUSDM market
  • Liquidate around $352K debt in WETH, USDC.e and USDT, on Accounts 2-5.
  • Collect a liquidation fee of around $35K
  • Repay around $64K on behalf of the Accounts 2-5
  • The Auxiliary contract will have a total debt of around $420K, defined in WETH, USDC.e and USDT, and a total collateral of around $788K in wUSDM. The health factor would be around 1.45

Conclusion

This proposal seeks to responsibly reintroduce wUSDM liquidity to Venus ZKsync, strengthen the protocol’s capital base, and establish a precedent for secure asset management following the February 2024 exploit, which was a direct result of Mountain Protocol’s flawed oracle and exchange rate implementation.

By executing this plan, we aim to support affected users, enhance market stability, and reinforce Venus Protocol’s resilience against similar vulnerabilities in the future.

6 Likes

I absolutely support this proposal. the reserve fund is designed to deal with just such situations. i am sure that we are on the right track and will gradually increase the fund’s reserves.

I fully support the proposal to allocate 200,000 USDT from the Venus Risk Fund to restore partial liquidity to the wUSDM market on Venus ZKsync. This initiative is crucial for assisting affected users in unwinding leveraged positions and stabilizing the market.
Additionally, I am eager to receive updates on Mountain Protocol’s plans for compensating the bad debt resulting from the recent bad debt. Clarification on this matter would greatly enhance community confidence and demonstrate a commitment to collaborative resolution.

This incident shows how much the Venus team values ​​the security of user assets. We also hope to reach an agreement with Mountain as soon as possible to obtain the compensation we deserve.