Acala Network: Misconfiguration of iBTC/aUSD liquidity pool — incorrect parameter in newly launched pool triggered unbounded aUSD minting
Acala's newly launched iBTC/aUSD pool had a misconfiguration that allowed ~$1.3B in unbacked aUSD to be minted — Polkadot's governance freeze mechanism contained most of the damage to just $1.6M stolen.
Summary #
Acala Network suffered a Algorithmic Stablecoin / DeFi Hub on 2022-08-14, resulting in a loss of approximately $2M.
What happened #
Acala's newly launched iBTC/aUSD pool had a misconfiguration that allowed ~$1.3B in unbacked aUSD to be minted — Polkadot's governance freeze mechanism contained most of the damage to just $1.6M stolen.
Linked factors #
- RD-F-006 — causal : Audit-deploy gap — alternate field name [via dashboard_risk_factors/Code newly deployed/upgraded?: Yes — iBTC/aUSD pool launched same day as exploit]
- RD-F-101 — illustrative : Large governance proposal queued — RT signal would have fired [via realtime_signals/Governance/admin action (Y/N): Y — emergency governance freeze activated rapidly (arguably this is the response, not a pre-signal)]