BendDAO founder has proposed emergency changes to the protocol
? BendDAO founder has proposed emergency changes to the protocol ?
If the vote passes theres a high likelihood of 600+ liquidation auctions of BAYC, MAYC, Clone X, Azuki, and Doodles over the next month
A quick thread to dumb it down + how you can capitalize… pic.twitter.com/HczbLeQuW8
— Cirrus (@CirrusNFT) August 22, 2022
First off if you don't know WTF any of this means you'll want to run through this latest update on the BendDAO situation from my good friend and NFT numbers savant @punk9059 https://t.co/WWX2fH83nV
— Cirrus (@CirrusNFT) August 22, 2022
1. Liquidation threshold changes
By far the most crucial change here is the gradual drop in the liquidation threshold
The proposal suggests a 5% weekly decrease in the threshold from the current 90% starting next week until a 70% baseline is reached
— Cirrus (@CirrusNFT) August 22, 2022
2. So whats that mean?
For simplicities sake lets assume floors remain semi-constant until Sept 20th.
If we account for interest accrued from now until then, we can assume that everything with a ~1.39 health rating today will be gradually put up for auction by Sept 20th
— Cirrus (@CirrusNFT) August 22, 2022
As of writing there are around 600(!!!) combined BAYC MAYC Doodles Clone X and Azuki with a health rating of 1.39 or below
You can view them all here: https://t.co/0qGDxiWW0j
— Cirrus (@CirrusNFT) August 22, 2022
3. DAMN thats a lot of auctions!
Yep. But theyre improving said auctions quite a bit
They will only last for 4 hours instead of 48
Plus Instead of having the minimum starting bid set to 95% of floor like before itll be set to the total debt on the NFT (Amazing for liquidators)
— Cirrus (@CirrusNFT) August 22, 2022
What this means is that the gap between the floor, and the starting bid price will be much wider than it was before – up to 20%
The prior setup didn't incentivize liquidators nearly enough at a 5% spread from starting price and floor
This led to a stockpile of inactive auctions
— Cirrus (@CirrusNFT) August 22, 2022
4. What does this mean for me?
The proposal passing means there will inevitably be some great deals over the next month
If you're like me and plan on taking part in these liquidations, you'll want to check in here pretty frequently for ongoing auctions:https://t.co/YxJNQOTyUx
— Cirrus (@CirrusNFT) August 22, 2022
There's a separate page for NFTs that have reached the liquidation threshold but haven't had a bid on them yet.
If you want to be the bidder to set off an auction, you'll want to watch this page daily:https://t.co/YxJNQOTyUx
— Cirrus (@CirrusNFT) August 22, 2022
5. Why are they doing this?
BendDAO needs to do whatever it can to limit the amount of bad debt it accrues
By lowering the liquidation threshold, they can be assured that under-collateralized NFTs will be auctioned off before the floor drops enough to enter bad debt territory
— Cirrus (@CirrusNFT) August 22, 2022
Its also not great that their lending wallet has gone from 18k ETH to 0 in a matter of days
They still owe ~13k ETH to lenders, these changes will speed up the process of adding liquidity back into the lending pool and reclaiming depositors sanities
— Cirrus (@CirrusNFT) August 22, 2022
Rainbow bridge attack
? on the Rainbow Bridge attack during the weekend
TL; DR: similar to May attack; no user funds lost; attack was mitigated automatically within 31 seconds; attacker lost 5 ETH. pic.twitter.com/clnE2l8Vgz— Alex Shevchenko ?? (@AlexAuroraDev) August 22, 2022
1/15 The rainbow bridge is based on trustless assumptions with no selected middleman to transfer messages or assets between chains. Because of this, anyone can interact with its' smart contracts, including the NEAR light client: https://t.co/fkhHEJkBVg
— Alex Shevchenko ?? (@AlexAuroraDev) August 22, 2022
2/15 Usually, it's Rainbow bridge relayers, who submit the info on NEAR blocks to Ethereum. However, sometimes others are doing this. Unfortunately, usually with bad intentions.
— Alex Shevchenko ?? (@AlexAuroraDev) August 22, 2022
3/15 The incorrectly submitted information to the NEAR Light Client may result in the loss of all funds on the bridge. That's why this step is secured with the most solid thing: a consensus of NEAR validators.
— Alex Shevchenko ?? (@AlexAuroraDev) August 22, 2022
4/15 And if someone tries to submit incorrect info, then it would be challenged by independent watchdogs, who also observe NEAR blockchain.
You may want to read more on how Rainbow Bridge works, check out this article: https://t.co/98ppjduHzQ— Alex Shevchenko ?? (@AlexAuroraDev) August 22, 2022
5/15 Over the weekend an attacker submitted a fabricated NEAR block to the Rainbow Bridge contract: https://t.co/EtZkeewOzT
During a transaction, a safe deposit of 5 ETH was required.— Alex Shevchenko ?? (@AlexAuroraDev) August 22, 2022
6/15 The transaction was successfully submitted in the Ethereum blockchain in the block 15378741 on Aug-20-2022 04:49:19 PM +UTC.
Note the time of attack: an attacker was hoping that it would be complicated to react on the attack early Saturday morning.— Alex Shevchenko ?? (@AlexAuroraDev) August 22, 2022
7/15 However, no reaction from humans was required. Automated watchdogs were challenging the malicious transaction, which resulted in an attacker loosing his safe deposit:https://t.co/a9I14YJ8Mu
— Alex Shevchenko ?? (@AlexAuroraDev) August 22, 2022
8/15 And the reaction was taking only 31 seconds (4 Ethereum blocks)
— Alex Shevchenko ?? (@AlexAuroraDev) August 22, 2022
9/15 This attack was absolutely similar to an attack on May 1st. Read more about it here:https://t.co/ZEVDT9JaQq
— Alex Shevchenko ?? (@AlexAuroraDev) August 22, 2022
10/15 And though attacker was hoping that our security team won't be available, in fact it was. After notifications on strange activities, within 1h the team was checking that everything is OK and was going back to sleep without disturbing myself or the users.
— Alex Shevchenko ?? (@AlexAuroraDev) August 22, 2022
11/15 There are still several important things to mention:
First, we have been thinking of increasing the safe deposit (to reduce the number of attacks), but discarded this idea. The reason — it would make the bridge more permissioned and we fight for decentralization.— Alex Shevchenko ?? (@AlexAuroraDev) August 22, 2022
12/15 Second, the security is in the hearts of Aurora Labs team and that's the reason why we have alerts, automatic systems, audits and bug bounties.
In fact we payed out the second largest bug bounty in the world to secure our users!https://t.co/hmErTlreGW— Alex Shevchenko ?? (@AlexAuroraDev) August 22, 2022
13/15 Third, to all the builders in web3, there's no way you can omit attack attempts. Please, make sure that you have enough systems in place to mitigate these attacks.
My heart is bleeding when I see great builders unfortunately failing because of these.— Alex Shevchenko ?? (@AlexAuroraDev) August 22, 2022
14/15 And forth, dear attacker, it's great to see the activity from your end, but if you actually want to make something good, instead of stealing users money and having lots of hard time trying to launder it; you have an alternative — the bug bounty:https://t.co/w67Y5AhRoH
— Alex Shevchenko ?? (@AlexAuroraDev) August 22, 2022
Source: https://www.cryptopolitan.com/best-twitter-threads-of-the-day-august-22nd/