April 8th, 2021
On April 6, 2021, the team behind the Fei protocol announced that it had a vulnerability that caused purchase of Fei tokens from its incentivized pool to be blocked. This fact, combined with how the Fei protocol works, resulted in the pool becoming unusable for a time with high value locked inside.
The Fei protocol is designed to be an algorithmically-controlled stablecoin. What this means is that the protocol’s FEI token attempts to match the value of the US dollar as closely as possible.
It accomplishes this by attempting to match the value of the USDC stablecoin via protocol controlled value.
What protocol controlled value does is impose certain rewards and penalties on trades with the FEI-ETH Uniswap pool. This can be broken up into three types of incentives:
These incentives help to push the value of FEI as close to $1 as possible in every buy and sell.
However, they are not a perfect measure, and the system can be fragile.
As mentioned above, the FEI researchers shut down the rebate program in their protocol due to a discovered vulnerability. This means that it is effectively impossible to purchase FEI from the FEI-ETH Uniswap pool.
At the same time, the value of FEI fell below $.9 where transactions start failing due to the inability to burn FEI tokens to rebalance the value of the token. As a result, it is effectively impossible to buy or sell FEI tokens using the Uniswap pool.
However, this is not a permanent problem. The Fei team plans to reopen incentivized purchases after the potential minting vulnerability is resolved. Additionally, it is still possible to buy and sell FEI tokens on the MXC centralized exchange at a value of $.70 or on a FEI-DAI Uniswap pool at $.76.
The vulnerability in the Fei protocol was discovered and reported via the project’s bug bounty program. This gave the team the opportunity to take action to block potential exploitation and work to fix the issue before the protocol could be attacked.
This incident demonstrates the value of a bug bounty program. While FEI token holders are inconvenienced by their current inability to trade with the incentivized pool and the depressed value of their tokens, this is a temporary problem and much worse than the devaluing of the token through a minting attack.
However, this incident also underscores the value of comprehensive security audits before launching a blockchain-based platform. If the vulnerability had been discovered and corrected pre-launch, there would have been no need to take down part of the system for repairs.
Get in touch with Halborn today to learn more about our security audits for blockchain companies: firstname.lastname@example.org.