IDEX LP — Critical Fix & Smart Contract Upgrade
- Late on Wednesday, December 15th, we were alerted to a potential bug in the IDEX LP contracts
- The team investigated and confirmed that LPs on ETH denominated markets were sometimes credited with additional ETH ($0.10-$100 worth) upon withdrawal
- The team released a patch to our off-chain system overnight on Thursday, December 16th that addressed the issue while continuing to develop a full smart contract solution
- The smart contract changes were deployed on Thursday, December 23rd, and incorporated into the production version of the exchange on Sunday, December 26th, after the 72 hour contract upgrade period elapsed
- The impact to LPs was minimal, primarily those in the IDEX-ETH pool; the total impact was 16.28 ETH, and LPs have already been reimbursed with ETH sent directly to their wallet
When withdrawing from liquidity pools, IDEX LP tokens are redeemed for a proportional share of the assets in the pool.
- Like other AMM protocols, IDEX uses the ratio of redeemed LP tokens to total LP tokens to determine the amount of base (IDEX, MATIC, etc.) tokens to redeem.
- Unlike other AMM protocols, the amount of quote (e.g. ETH) tokens to redeem are calculated using the redeemed base tokens and the existing pool price. This difference in methodology is necessary to maintain pool-price stability.
Due to precision constraints in the pool price, and a small rounding error, LPs in ETH denominated pools were sometimes credited additional ETH upon withdrawal. The amount of additional ETH is higher for assets with a low ETH price, and therefore most heavily impacted the IDEX-ETH pool.
A more detailed write-up of both the constraints and the issue is available here.
The team was alerted to the issue late on Wednesday, December 15th. After confirming the issue, the team spent Thursday developing and deploying a mitigation strategy which was released into production overnight on Thursday, December 16th.
The patch works by automatically adding liquidity to ETH denominated pools to re-balance them at the rounded pool price. It does so by adding the precise amount of base currency to decrease the price (quote/base) so that the full precision pool price is equal to the rounded pool price. This ensures that all LP withdrawals result in distributing the correct amount of both base and quote currency.
The funds for these liquidity additions came from the IDEX treasury, and there was no LP token compensation in return. In total ~$25,000 of base tokens was added to the pools, value which accrued to the IDEX LPs.
This intermediary fix was deployed as soon as possible and was successful in protecting liquidity providers while the team worked on a permanent solution.
On Thursday, December 23rd, the team deployed the smart contract changes to production to address the root cause of the issue. The full details of the fix are captured here.
The governance process for v3 upgrades has a 72 hour delay before contract changes can be finalized. Due to the nature of the bug, and the fact that our off-chain patch protected users at the cost of the company treasury, we were unable to disclose the existence and full details of the contract upgrade.
The contract change took effect on Sunday, December 26th, permanently fixing the issue.
This upgrade has fully addressed the issue at the contract level.
Prior to the deployment of the patch on December 16th, withdrawals from ETH denominated pools were occasionally receiving small amounts of additional ETH. This came at the expense of the remaining LPs. The magnitude of the loss was directly related to the price of the pool, and is greater for low price assets. As a result, the issue primarily impacted the IDEX-ETH pool.
The team has taken the time to precisely calculate the impact to each LP, and has reimbursed them with the appropriate amount of ETH by sending it directly to their wallet. This calculation was done by analyzing each withdrawal from the pool, calculating any extra ETH that was removed, and allocating that ETH proportionally to the LPs in the pool at the time of the withdrawal. The results of this can be seen here.
First we’d like to apologize to all affected users. Fund security is our number one priority, which is why we take such steps as a professional 3rd party audit from Quantstamp, 100% smart contract test coverage, team-wide internal testing, and a generous bug bounty program via Immunefi.
This was the first critical bug in the history of IDEX, and we’re grateful that the damage was limited. A special thanks to the Immunefi community for alerting us to this issue allowing us to take steps to address it before any significant damage was done.
We thank you for your continued support in our vision to build the next generation DEX.