Unfortunately yesterday the team of the Fulcrum project reported that they had the same problem several months ago with several iTokens, which forced the team to pause the protocol.
⚠️ 📢 UPDATE:
1/ At 3:28 AM EST we began investigating a drop in the protocol TVL. By 6:18 AM EST we confirmed that a duplication incident had occurred with several of the iTokens.
— bZx (@bZxHQ) September 13, 2020
Fortunately, funds are not at risk, even if the duplication of tokens has caused the debt to accumulate through the insurance fund.
It seems that the liquidity problem has been mitigated, as the system was designed to overcome this type of bug.
In practice, the “_from and _to” function was also used to invoke the “_internalTransferFrom” function so that users could open a new function and artificially increase their balance.
A patch that changes the order of the functions was applied to this problem, and so the “_To” function is placed after the ” _from” function is executed.
The change to the smart contact has received approval from both Peckshield and Certik’s team, so these are secure fixes.
On the other hand, the debts that have formed have been added to the insurance fund, to be precise:
Over 219 thousand LINK;
– Over 4,500 ETH
– Over 1.7 million USDT;
– Over 1.4 million USD;
– 667 thousand DAI.
Fulcrum, DeFi and various problems
As the Fulcrum team pointed out, even though several audits were carried out by different companies, this did not prevent the discovery of another bug in the code, which could have caused the project to fail.
The problem has therefore been solved, but the mistrust of users in using the Fulcrum protocol remains, as it doesn’t seem so secure.
DeFi, being a very new sector, is facing several bug-related problems every day, which in some cases make users lose thousands of dollars. For instance, the case of Chick Finance.
And it is precisely because of cases like these that Messari’s founder has declared that the DeFi bubble is ready to burst.