Security Review And Opening of Deposits

We have completed our security review of the incident that occurred on January 4th. Since that time we have engaged OpenZeppelin for a security review of the incident and stress testing of the mitigations applied. We’ve also implemented real-time blockchain monitoring that will further buttress security.

We are happy to announce that starting today, we will be reopening deposits on our vaults on a rolling basis, and is expected to be fully completed by the end of the week. We will start from our highest TVL integrations first.

Security Summary

Gamma’s most recent liquidity manager contracts have undergone three security audits and reviews since 2022. The first was a two-week audit by Arbitrary Execution and the second was a cumulative 4-week audit by ConsenSys Diligence.

These roughly finished in early 2022, and the contracts have been in production since then until halting deposits on January 4th, 2024.

After the incident, we conducted our own security review which included consultations with friends and partners. Initially, we concluded that this was due to user error in setting the price threshold. While this is true, we discovered that the root cause was due to an exception in the ratio checker function that allowed a deposit in any ratio so long as our vaults were single-sided. This exception was first introduced as part of the mitigations repositories in both of the aforementioned audits as a “fix” to a divide-by-zero error when initially depositing into the vaults, and eventually this exception made its way into production.

On January 9th, we engaged OpenZeppelin to analyze the root cause of the attack that occurred on January 4th as well as our mitigations. We also briefly talked with our former auditor, ConsenSys Diligence, who also agreed that taking out the exception would be beneficial.

The Attack

The root cause of the attack was due to a dangerous exception in the ratio checker function. It erroneously allowed for deposits in any ratio so long as the contents within the vault were single-sided. While initially, we thought this was due to user error in setting deposit configurations, this exception in the ratio checker function made this attack possible.

The attacker organized a complex attack on the system which used a combination of all the following issues:

• Manipulation of Pool Prices: The attacker was able to manipulate the price of the pool, and bypassed both the price ratio check to the max amount of TWAP price deviation limitation allowed, which led to an extremely inflated price for token0.
• Depositing at Inflated Prices: Taking advantage of the inflated token0 price and the dangerous ratio check exception, the attacker was able to disproportionately deposit large amounts of token0 and mint more than their fair share of vault shares.
• Profiting from Redeemed Shares: After redeeming the minted shares, the attacker made a profit at the vault shareholder’s loss.
• Repeated Arbitrage and Attack Cycle: The attacker arbitraged the pool composition back and repeated the attack again, after doing all this process multiple times, it led to a loss of a significant amount of liquidity from multiple Gamma vaults.

Smart Contract Mitigations

The mitigations focused on the ClearingV2.sol contract. The adjustments to the contract included the following safety configurations:

1. Removal of the conditional statement in the getDepositAmount() function that allows for the depositing of any ratio of assets so long as our vault is single-sided,
2. Disallowing deposits when the pool price is out of the base range of liquidity → While this could lead to more reverts, the vast majority of times our liquidity would be in range and it would provide much more security to our stable and LST vaults.
3. Increasing precision on price change thresholds and deposit ratios. All stable and LST vaults will now have much stricter ratio enforcements and price change thresholds.

Testing Summary

Both OpenZeppelin and Gamma conducted numerous fuzz tests simulations on different deposit configurations. To utilize the fuzzer and test the system to a greater extent and find potential attack vectors, OpenZeppelin configured the system settings to allow for a certain variance of the appropriate settings that was provided to them by the Gamma team. Such fuzzing was done for 3 different pairs of volatile, stable and LST pairs.

Each of the pair tests does the same sequence of transactions of swaps, deposits, and withdraws within the range of settings to determine whether there was profitability.

After all these steps, all key details were logged into a markdown file, and the tests checked if the process was profitable. Additionally, the tests verified that when a user calls UniProxy.deposit() and it reverts, that it is failing properly and is logging information about why it reverted.

When testing the simulations, there were no profitable attack simulations that involved price manipulation after the mitigations were applied.

Safety Monitoring Going Forward

While we are satisfied with the analysis by OpenZeppelin and our own stress test simulations, we will be implementing additional safeguards to further bolster security.

We are implementing real-time blockchain monitoring and reactive security measures. Additionally, we will be regularly running simulations in real-time on all our active vaults to ensure that any user error does not go undetected.

As a final note, we want to thank all our loyal partners and community for their support during this difficult and complex time. We believe the mitigations and monitoring procedures we have implemented make for much more robust security than before. As we roll out the opening of the deposits, please contact us in Discord if you run into any issues.