If you were around during this past summer’s decentralized finance (DeFi) boom, you likely remember the countless “food forks.”
After Yam Finance (YAM) launched in August, every project tried to copy it by making cryptocurrencies that were based on foods. The most famous of these Yam-inspired projects is SushiSwap, which has become its own ecosystem since it launched in September.
There were many forks, though, that dropped rapidly.
One such fork was Grap Finance. Not Grape Finance, Grap Finance.
The project launched as a fork of Yam Finance, though expanded beyond this with non-fungible tokens (NFTs). These NFTs saw limited success, so GRAP fell in value over time.
But today, GRAP is up by over 5,000 percent as per CoinGecko data. But it is not because Grap released a revolutionary product, it is because the project’s pseudonymous founder helped to patch or at least mitigate the hack of a Yearn-affiliated protocol.
Grap Finance deployer saves the day
Leading decentralized insurance provider Cover Protocol began to see a strong drop on Sunday evening.
The cryptocurrency, which reached as high as $950 on Sunday, began to plunge toward $700, then fell further and further.
It soon became apparent that something bad had happened. On-chain analysts quickly noticed that a small number of addresses were dumping COVER en-masse. The thing is, the COVER had come from 0x000…, a “burn” address through which Ethereum tokens are issued.
Many quickly ascertained that this meant there were users falsely minting, then selling COVER tokens, depressing the market price as there were too many coins in circulation.
Band Protocol CTO Sorawit Suiryakarn broke down the exploit in the thread seen below.
He wrote that what had happened is users could deposit liquidity provider tokens into Cover’s “Blacksmith” contract, withdraw almost all tokens from the contract, deposit tokens again, then claim the rewards pertaining to the deposits. This systematic approach purportedly caused a basically infinite amount of COVER to be minted.
Spent sometime looking into the recent exploit of @CoverProtocol $COVER. While not confirmed yet, here's my understanding of the attack in case someone is wondering. Hint: it involves using `storage` and `memory` incorrectly.
Small thread ?. Need someone to help verify. https://t.co/PDFcT89slu
— Sorawit Suriyakarn | BAND ? ?? (@nomorebear) December 28, 2020
One of these exploiters was the deployer/owner of Grap Finance, who minted over 40 quintillion COVER through this system. The other exploiters are unknown.
While many first thought Grap Finance’s attempts to exploit this bug were malicious, they later shocked the DeFi space when they returned all the funds they exploited, writing to Cover “next time, take care of your own shit.”
In that transaction, the individual sent $3.2 million worth of Ethereum to the Cover founders to redistribute to its users.
Next time, take care of your own shit.@CoverProtocol @chefcoverage https://t.co/ks94ucdoRQ
1. No gains.
2. The Obtained Funds from LP has been returned to COVER.
— Grap.finance (@GrapFinance) December 28, 2020
COVER is down 65 percent in the past 24 hours and is now trading at multi-month lows.
COVER fell as low as $50 earlier today, though now trades for $320.
GRAP is now up 5,000 percent in the past 24 hours as many see this as validation of the developer behind the project. It is unclear if the deployer has any plans to continue development of the project.
While his attempts to save COVER were appreciated, there were hundreds of thousands or even millions of dollars worth of capital in COVER stolen by other exploiters.