Over $1 million permanently locked in DeFi smart contract

In the latest DeFi debacle, $1 million in user funds has been permanently locked in a smart contract. Perfect Finance, “an 100% community-owned fork of Compound (the DeFi platform that allows users to lend and borrow),” had an error in their smart contract that locked 446,000 USDC, 28 WBTC, and 313 ETH. 

As a result, Perfect Finance users can no longer lend, borrow, repay their loans, or withdraw within its USDC, WBTC, and ETH markets. Although Perfect Finance’s other money markets are fully operational and were unaffected, Perfect Finance is encouraging its users not to borrow from any of its other markets until they resolve the issue created by the faulty smart contract.

How it happened

“The three old style CTokens were updated to use a new style interest rate model. This causes the CToken to fail when trying to accrue interest, which it does as part of every user operation,” said Perfect Finance. “The getBorrowRate() function returns two values in the old style and one value in the new style, causing accrueInterest() to revert. The interest rate model cannot be updated a second time (replacing it with a compatible one), because the first step of the upgrade process is to accrue interest using the old model.”

The carelessness of the Perfect Finance team shows. Instead of having their own developers parse through the smart contract and make the respective updates, the team tried to copy and paste the work of another project–Compound–without having a complete understanding of how it worked. This is a common trend in the DeFi ecosystem, where instead of new projects being built from the ground up, development teams use Frankenstein code, piecing together bits and pieces of code from existing projects and hoping that they work. 

As we have seen from past projects, and now, in the Perfect Finance smart contract, there is a high probability that it will not work, or that the team does not understand their smart contract as well as they think they do.

No solution in sight

The Perfect Finance team has reached out to Centre–the company behind USDC–as well as digital currency custodian BitGo in an effort to get the locked funds returned to users; the Perfect Finance team has not heard back from either entity. However, Centre made a public statement saying that they will only interfere with a transaction if “a valid, binding court-order from a competent U.S. court that has authority over Centre.” With that in mind, the chances of Perfect Finance users getting their money back look slim.

That being said, when it comes to DeFi platforms, proceed with caution, because there’s a good chance that it could be you ending up with your money permanently locked in a smart contract with no chance of getting it back.

Source: Read Full Article