Acala governance proposal submitted to burn $1.28B aUSD following investigation of exploit
Acala issues governance proposal including details of the weekend exploit which led to $1.2B aUSD being "erroneously minted" by a malicious actor.
UPDATE: This proposal has now passed.
Polkadot ecosystem’s stablecoin Acala ($aUSD) suffered an exploit over the weekend that led to a malicious actor minting $1.2 billion out of thin air. The Acala team “paused” operations via an emergency governance proposal to investigate the issue.
On August 15, a governance proposal was submitted to “effectively burn” $1.288 billion aUSD following the release of an on-chain report from the Acala Council.
$1.2 billion of aUSD printed by a hacker overnight and barely a peep in my timeline.
Things feel more bearish to me than the market is pricing at this particular moment.
We’ve got a lot of work to do. https://t.co/HE2MGlXk0d
— Mike 🌪️as (🏌️♂️, ⛳️) (@mdudas) August 14, 2022
Acala initially notified users of the issue around 3 AM BST on August 14, stating that they were working to “mitigate the issue.” The source of the exploit was publicly reported by 1 PM BST on August 14, just 10 hours later. The announcement confirmed that over 99% of the “erroneously minted aUSD [remained] on Acala parachain.”
We have identified the issue as a misconfiguration of the iBTC/aUSD liquidity pool (which went live earlier today) that resulted in error mints of a significant amount of aUSD
— Acala (@AcalaNetwork) August 14, 2022
Within the Twitter thread that identified the exploit’s cause, Acala stated that it had identified the “wallet addresses that received the erroneously minted aUSD… with on-chain activity tracing” in progress.
The misconfiguration has since been rectified and wallet addresses that received the errorneously minted aUSD have been identified, with on-chain activity tracing in respect of these addresses underway
— Acala (@AcalaNetwork) August 14, 2022
Regarding the potential impact on the broader Polkadot ecosystem, Victor Young, the Founder and Chief Architect at Analog, commented that
“I still believe that Polkadot’s infrastructure is secure by design… the same cannot be said about Acala Network, an application-specific chain customized to power liquidity, economic activity, and stable coin utility on the platform.
In my view, we’ll continue to see more of these attacks because many dApp developers don’t put in the legwork when defining their code’s security properties. Even if the smart contract is audited, the code may not be foolproof.”
Governance framework and leadership
The Acala Network is committing to a community governance proposal to decide the resolution to the incident. Currently, Acala has a Governance Council containing five addresses.
According to the Notion roadmap for Acala, “full democracy” is still in the “planning” phase. The Phase 3 roadmap, which is almost complete, states:
“Decisions of the Acala Foundation regarding the network (runtime upgrade, improvements etc) are made transparent on-chain via voting by an appointed Acala General Council.”
Acala has also enabled an element of democracy “so that anyone can propose a referendum by depositing the minimum amount of tokens for a certain period.” However, “full democracy” is scheduled for Phase 4, which will not be implemented until the below checkpoints have been met.
– All DeFi protocols are bootstrapped, running with high stability and security for a reasonable period of time (to ensure protocols are sound during extremely market volatility.)
– The network has a sufficient amount of liquidity to power the protocols, and the liquidity is sustainable.
– Sound and transparent processes have been set up for each DeFi protocol for continuous Business-as-Usual (BAU) improvements, e.g. adding new trading pairs or new collaterals.
– Expert councilors have been identified such as Risk Assessor, Technical Assessor etc. to continue ensure the security and safety of the network and protocols.
– Acala EVM is sufficiently developed with production-grade functionality and security.
Therefore, according to the current governance process, the Acala Council still appears to retain outsized network control. While this may not be great for the level of decentralized nature of the protocol, it may aid Acala in resolution management and “to resolve the error mint of aUSD & restore aUSD peg.”
Resolutions and solutions
To mitigate further risk, Acala stated that “parachain native tokens have been transfer disabled,” so stop erroneous aUSD from leaving its native parachain and spreading contagion into the broader Polkadot ecosystem.
At the time of writing, aUSD is valued at $0.88 per token after it dropped to a low of $0.09. The peg appears to be between $0.90 and $0.80, still some 10% – 20% below its desired peg.
Acala posted an update to the situation on Monday morning, confirming the value of minted aUSD as $1.288 billion. The tweet included a forum post detailing the “trace results.”
Incident trace report #1: This is the 1st published batch of trace results. The 1.288B erroneously minted aUSD have been identified and their transfers are disabled until a pending Acala community governance decision resolves the error.
— Acala (@AcalaNetwork) August 15, 2022
The Acala team confirmed that the information can now be used to “verify on-chain data, & formulate proposals to resolve the error mint of aUSD.”
The specific cause of the incident is timestamped in the forum post.
“2022-08-13 22:41 UTC – iBTC/aUSD pool was enacted with misconfiguration and erroneous mint started.”
The “misconfiguration” led to the aUST being erroneously minted, and the funds were sent to several LP providers for the pool. These funds have been effectively frozen at present, as Acala confirmed:
“The swapped digital assets that remain on the Acala parachain, has since been transfer disabled pending the Acala community’s collective governance decision on resolution of the error minting.”
Since the update was released, a “Referenda” proposal has been submitted. The proposal has no “nay” votes as of press time — aiming to “effectively burn” the erroneous aUSD by returning it to the Honzon protocol.
The proposal includes the code required to move the funds to a pseudo-burn address and lists all the addresses present in Acala’s findings.