In a blog post on Saturday night, Warp Finance — the latest decentralized finance (DeFi) protocol to suffer a smart contract exploit — announced promising strides towards recompensating users following a nearly $8 million flash loan attack.
As Cointelegraph reported on Friday, the DeFi protocol, which offers stablecoin loans on liquidity pool token collateral, lost $7.7 million in USDC and DAI when an attacker used multiple flash loans to create liquidity pool tokens, manipulate Warp’s price oracles, and drain Warp’s stablecoin coffers.
Following the attack, a group of whitehack hackers convened to assist the protocol in assessing the damage and creating a fix for the exploit — and, in this case, recovering a portion of the lost funds.
In a post titled, “Exploit Summary & Recovery of Funds,” the Warp team notes that they could not liquidate the attacker’s loan due to the manipulated oracle, but with the help of the whitehat team managed to reclaim the liquidity pool token loan collateral.
“The loan collateral has since been secured by the warp finance team and will allow us to return approximately 75% of users’ deposited funds, thanks to support from the Ethereum and white hat community,” said the team.
The post said that the team will disburse funds to affected users on Dec 21st, 2020, and invited users to independently confirm that the snapshot they took of addresses is correct.
The team also doubled down on a complete compensation plan, promising the distribution of IOU tokens that will have some future utility to cover the remaining 25% loss:
“While we are relieved that lost funds have been partially recovered, we see this only as a first step to making Warp Finance users whole. For this reason we will issue Portal IOU tokens to every affected user. The end goal of the IOU token is to fully refund users, and potentially even giving them a profit on what they initially deposited.”
The Warp team’s devotion to completely covering user losses is part of what may be becoming a promising trend across exploited DeFi protocols.
In a previous interview with Cointelegraph, Alan, a semi-anonymous core developer for Cover — a project offering ‘cover,’ and insurance-like product for DeFi users — said that developers taking responsibility for losses will ultimately push the space forward:
“I believe protocols (and their auditors) need to start taking responsibility for the code they push out,” he said. “Whether it is through they themselves providing coverage, or reimbursing funds, this type of behavior sets a strong precedent and allows users to feel more confident in the platforms they use, which helps boost TVL, so a win-win.”