December Response Report
Introduction:
Dragons, Levana recently faced a serious challenge, described as one of the most sophisticated exploits ever seen on Cosmos.
We wanted to take an opportunity to share some lessons from December’s events and update our community on how we are moving forward to mitigate the possibilities of similar events occurring in the future.
Check out our incident report blog post from December here for a detailed analysis of December’s events.
1. So, What Happened 🐉
The attackers extracted LP Funds by exploiting price differences between stale oracle prices and executed prices, which gave them the opportunity to arbitrage an inefficiency between entry and exit prices with certainty and within a matter of seconds.
Unfortunately, this vulnerability allowed the attackers to drain some funds from our LP, and we empathize fully with those affected.
Though of little compensation or consolation to those affected, Levana’s unique design and built-in emergency response mechanisms helped mitigate further financial damage to our community.
Levana’s Chief Architect getting into the deeper details of the exploit.
2. How We Responded 🆘
The attack took us by surprise and offered a poignant reminder & lesson to always expect the unexpected. Despite our commitment to security and risk mitigation, as evidenced by our comprehensive audit history, when dealing with decentralized, transparent, and open-source systems, you must be prepared for people who want to maliciously exploit these characteristics for their gain.
We have, and still do, proactively address every conceivable vulnerability and attack vector, but that doesn’t mean that we cannot sometimes be blindsided in unexpected ways.
Again, it’s of no consolation to those already affected, but we have taken significant steps to fundamentally redesign order execution to remove this particular attack vector as a possibility.
In line with these updates, we also got our platform audited before we relaunched, so feel free to check our full audit history here (including the most recent audit) and take a peek at our open-source code & smart contracts here.
3. Lessons for Levana 💡
As hard as it might be, these moments provided valuable learning opportunities and some positives to take from the situation. Our unique design with siloed markets and our fully-collateralized approach meant damage was mitigated somewhat. If LPs were all combined into one pool of liquidity for the platform as opposed to segmental liquidity for each market, it is almost certain the damage would have been far greater.
There was roughly $1 million exploited and drained from LP providers out of a potential ~$12M in LP deposits and ~$2M in active traders collateral at the time of the exploit.
We empathize fully with those affected and have plans to compensate affected users via an LVN airdrop in the months ahead.
We learned that Levana’s fundamental design & security features helped us avoid total catastrophe. We also learned that having protocol mechanisms that act quickly and decisively in these situations is essential.
4. How We Fixed It 🛠️
Looking ahead, we’ve redesigned our order system to ensure there can be no interaction between stale price oracles and order execution.
Users won’t notice much difference — orders will just line up for execution at the next price update.
This update to a fully audited deferred execution mechanism has prevented this exploit from ever occurring again.
Notice the new ‘Pending Actions’ tab on your order management dashboard.
5. Looking Ahead 🔥
Despite this setback, we remain optimistic about the future for Levana. We’re back in action, with $117m in trading volume since relaunch — thank you to our community for continuing to place your trust and support in our platform. 🙏
We haven’t forgotten those affected by the recent events and have an upcoming LVN airdrop program planned to show our empathy with those affected and at least try to soften the blow
We’ve got plans for the LVN token, with ideas for distribution, utility, and governance in the works. Plus, we’re expanding our market offerings to include liquid staking tokens like milkTIA and stkATOM and support for commodities such as Gold. We are also close to implementing cross-collateralization, giving our users even more flexibility in their trading experience.
As we move forward, we wanted to take this opportunity to empathize fully with our community, especially those affected negatively by the events.
Stay strong, dragons; there are better days ahead. ☀️
Join us on Discord and Telegram or trade all your favorite assets such as ATOM, INJ & SEI with up to 30x leverage.
