COVER hack and YETI performance: PowerPool team analysis

COVER was hacked, but YETI is safe

DISCLAIMER: This article is written regarding rapidly changing event, so all facts are relevant only at the moment of publishing

The COVER protocol was hacked today. Long story short:

Almost an infinite amount of COVER (40 quintillion) were finally minted due to an exploit. COVER price is almost zero now.

After that, the white hat exploiter (known as Grab) returned money to the Yearn deployer.

But it didn’t change anything — COVER price is down forever. Don’t worry:

We saved YETI capital by immediate team action. Pool is safe now.

Once we found the COVER hack, we manually stopped YETI swaps/supply/withdraw options of liquidity, to protect funds of PowerPool users. It was done due to the AMM nature of YETI index — hackers could simply use it to cash-out minted COVER tokens, taking away YFI, SUSHI and other valuable assets from the pool.

But it didn’t happen due to blocking of all swaps/deposits/withdrawals

During this event YETI index worked well, as it assumed to work. Yes it is sad to lose up to 8% of capital (weight of COVER in YETI). But, this loss should be benchmarked versus anything between 8–99% loss in the case that an investor, looking for YFI ecosystem exposure chose not to invest in YETI and purchased COVER for 10–100% of his/her capital.

Analysis of hack influence on Yearn ecosystem

Once the COVER exploit became public, COVER price started to drop:

Other Yearn ecosystem tokens followed COVER (YFI, SUSHI, PICKLE, etc):

So not only did COVER drop, but also for example: KP3R and CREAM faced an almost -20% drop. Other tokens (including YFI and SUSHI) dropped from 5 to 10%.

The COVER hack influenced capitalization of the Yearn ecosystem seriously. It is why the YETI price dropped more than 8%.

The index worked well, and it clearly demonstrated why diversification matters. Immediate action saved $4.5m of users funds and probably even more — COVER protocol announced a recovery program for all legit COVER token holders.

Now YETI is valued at $0.74, while its fundamental value is $0.80 — check out the contract.

Before the hack, YETI was valued at ~$0.96, now it is around $0.80. It means that the index lost ~17% of fundamental value: 8% of it is COVER, and the remaining 9% is connected with declining prices of other tokens from the basket. As it was demonstrated in this case, Yearn ecosystem tokens have a certain correlation.

YETI index contract will get a refund from COVER (as will any other legit COVER holders), so the index probably didn’t even lose this 8%.

Note: YETI capital wasn’t drained by COVER hackers.

What could be done better?

We could manually sell as much $COVER as possible when it bounces back for a very short period of time, but:

1. there still is a chance that the COVER team will handle the issue (most likely this was the actual reason why the price bounced back)

2. on the other hand in case there is compensation from COVER/YFI ecosystem, we will be able to claim more, by having COVER tokens in our address

Now we are working on an exact set of procedures to automate the set of Power Pool protocol actions in case of index composites’ exploits in the future (see next section).

Next steps

1. We will remove COVER from the index and split its weight (8%) proportionally to other tokens. Worthless tokens will be automatically transferred to the team’s multi-sig wallet.
2. Swaps/join/exit pool functions will be enabled after that.
3. We will issue a proposal regarding the weight of a new COVER which will be received as a refund from the COVER team. They will be added to the pool according to this weight.
4. We strongly advise the PowerPool community to re-analyze the YETI index and come up with new weights based on a data-driven approach, including cashflow opportunities, etc. It means that the weight of the new COVER token should be defined by the community. The community can completely remove the “new COVER” from the index — in this case, “new COVER” will be traded for other index tokens by arbitrageurs.

We understand that code is written by people and audited by other people. All of them could do mistakes. Due to this, when CVP is distributed via the LM program only a tiny portion of CVP tokens are stored on the contract at the same time(despite the fact that the LP mining contract is audited). This security measure, which was added back in September entirely protects CVP from hacks like COVER’s one.

The main question remains to be answered — how to protect PowerPool indices from such issues and composite protocol hacks in the future?

Our solution for that is dynamic AMM (it was first published in the 2021 roadmap a couple of days ago). It comes down to (1) algorithmically pausing token swaps in case of emergency/serious price drop of one of the tokens (2) dynamic weights changing of one token in case of significant price drop against other tokens from the basket. More updates soon.