Exchange Outage Incident & Smart Contract Bug
Drift Official Statement — 12 May 2022
An update was promised yesterday for today at 1:30 pm PT / 8:30 PM UTC. Below is the latest on the outage and the next steps that are being taken to remedy it.
At approximately 4:30PM UTC yesterday, the core developers observed unusual withdrawal behaviour on Drift. After further investigation, the core developers discovered an accounting bug in the smart contract program that was exposed by the extreme volatility of the LUNA market. The bug inaccurately calculated traders’ P&Ls and allowed them to withdraw more assets than their profits from the protocol. It’s important to emphasise that the DAMM mechanism is sound; the bug was not related to any issues with the DAMM construction itself. This was a smart contract bug.
Upon further investigation, the core developers also discovered a growing shortfall in the collateral vault. They responded swiftly by suspending trading, which occurred at 7:37 PM UTC on May 11, 2022. The decision to suspend trading — a means of last resort — was necessary to protect the remaining traders with open positions and to prevent further incorrect withdrawals from draining the entire vault. The investigation did not reveal any malicious exploitation of the bug; however, trading suspension was immediately necessary to ensure that this would remain the case.
Since then, the core developers have been focused on three core objectives: 1) a holistic settlement plan that will close out traders’ open positions across the exchange, 2) a resolution plan to reimburse traders impacted by this event, and 3) a security patch to remove the bug and bring the exchange back online in a safe but timely manner.
Settlement & Refund Plans
As an immediate next step, all open positions will be settled and all open orders will be canceled prior to resuming operations of the protocol. The methodology for settlement will be on-chain and open-sourced, and will be shared no later than Monday, May 16th at 7:30 PM UTC.
Once the comprehensive settlement plan is formalised, it will be implemented through a dashboard where traders can access their accounts and withdraw funds. We appreciate the urgency of the situation and are working day and night to enact this plan as the first course of action.
Detailed instructions and further updates about the on-chain settlement methodology and resolution plan will be shared on or before Monday as stated above.
In tandem with the settlement and resolution plans, the core developers are also working on a patch to fix the bug and resume trading.
A detailed explanation of the patch will be shared no later than one week from today on Thursday, May 19th at 4:00 pm UTC. Once the resolution plan is passed, the proposed code will be peer-reviewed and audited by an independent third party. Then, once the audit has completed and the integrity of the platform has been restored, the protocol will be brought back online and trading will resume.
We acknowledge that this is an extremely difficult time for the community.
We’re deeply sorry for the acute stress, fear, and inconvenience this incident unquestionably caused during one of the most turbulent times in market history. We’re committed to a resolution for everyone who was impacted by this incident, and to communicating clearly through it.
We’re grateful for those who have reached out in support. If we have not gotten back to you yet it’s because we’re singularly focused on shipping the settlement plan to help traders adjust positions as fast as humanly possible.
More to come.