In an unexpected twist, Levana, the perpetuals trading protocol, finds itself in the crosshairs of a recent oracle attack, resulting in a substantial loss of $1.14 million. This unsettling breach unfolded between December 13th and December 26th, shaking the foundations of Levana's liquidity pools. Dive with us into the intricacies of the attack, where assailants exploited vulnerabilities on the Osmosis chain, creating disruptions for Levana users in market engagement.
The assailants capitalized on a congestion attack on the Osmosis chain, leveraging a flaw in its fee market code and the presence of "price staleness" in Levana's integration with the Pyth oracle. These vulnerabilities became the linchpin for manipulating prices and draining the liquidity pools, showcasing the intricate dance between protocol intricacies and malicious intent.
Levana's revelation pointed to a flaw in Osmosis' fee market code, causing insufficient gas prices during congestion. Simultaneously, the presence of "price staleness" in the Pyth oracle became a pivotal factor for the attackers. It's crucial to note that, despite the attack, the Levana team affirmed no known vulnerabilities in the Pyth oracle. The hackers strategically manipulated the external data source, deceiving smart contracts and disrupting blockchain protocols in an attempt to yield financial gains.
Remarkably, Levana's resilience shone through. Despite the breach, the perpetual swap mechanism, fortified with robust guarantees of protocol and trader solvency, thwarted more substantial losses. The attackers, though able to manipulate oracle price updates, found their impact limited, unable to disrupt existing trade positions, profits, or the locked sections of liquidity pools.
In response to the attack, Levana is actively crafting a solution, set to be implemented across chains where Levana operates – Osmosis, Sei, and Injective. Reassuring users that existing positions and profits remain unscathed, Levana has temporarily suspended the creation of new positions and modifications to existing ones until the scheduled update next week.
Moreover, Levana has laid out a comprehensive plan to compensate affected liquidity providers. Through an airdrop and the distribution of collected protocol fees from the attack period, the company aims to alleviate the impact on those affected, showcasing a commitment to the community and the resilience of Levana's protocol.
As Levana navigates the aftermath of this oracle attack, the saga exemplifies the delicate dance between innovation and risk in the dynamic world of blockchain. The swift response, robust mechanisms, and commitment to user compensation underscore the resilience of Levana in the face of unforeseen challenges, reaffirming its dedication to a secure and resilient trading environment.