wBTC Collateral Redemption Post-Mortem

On October 7th, Shade Protocol contributors reduced SILK allowances and performed testing on the stability mechanism called Collateral Redemptions. This testing window occurred between blocks 10,993,707 and 10,994,406 (699 blocks) which spanned approximately 1 hour. During this time period, the redemption mechanism was enabled on current vaults in order to allow for the protocol to test the functionality and accuracy of the mechanism from both the redeemer and borrower perspective. During this time period, Shade Protocol contributors confirmed that collateral redemptions work as intended and all fees and funds related to this process were accurately distributed by testing a very small redemption against the USDC vault.

At the same time as the contributors were testing, another programmatic actor (via bot) was able to successfully interact with the redemption mechanism, specifically redeeming collateral from the wBTC vault. While this collateral redemption mechanism is permissionless in nature and technically the actor did not do anything “malicious”, it still was not expected by either the contributor set or the community of borrowers as this programmatic action happened within a very small time window during a testing phase.

As a result of the privacy preservation of secret smart contract interactions, our ability to conclusively determine the offending wallet address is difficult, however we have been able to narrow the list of suspected actors down to a list of 4 suspect wallet addresses (3 of which are confirmed bots), as well as confirm the evidence of the event matches that of the user story for collateral redemptions.

This actor redeemed all debt from the wBTC vault (~11,451 SILK) for approximately 0.3733 wBTC ($10,400). This resulted in approximately 29.8% of deposited wBTC being redeemed from vaults. All borrowers in the wBTC vault are still “in the green” as the debt removed from positions + the redemption fee is greater than the reduction in collateral deposit value.

In response to the programmatic collateral redemption, redemptions will be introduced as a permissioned stability mechanism for SILK. This ensures that redemptions only occur in desired vaults (USDC/USDT vaults) and remove potential attack vectors. Before this stability mechanism is to be enabled and used, SILK allowances for all vaults will be raised to previous caps to allow users to fully manage their positions including closing and opening new borrowing positions.

Thank you all for your patience and understanding
-Shade Protocol Contributors

I’d say that we shouldn’t test things directly on mainnet and take all the precautions needed from now on even if it’s “a small time window”