Open in app

Sign in

Write

Sign in

Spool Contract Pause: Post Mortem

Spoolcomms
Spool
Published in
4 min readApr 21, 2022

Spool is a complex project featuring an entirely new codebase and solving problems never before tackled in DeFi. Over the past year we have been working hard to bring the first complete version of Spool.fi protocol to the public.

The month prior to launch was a busy time as our developers, in cooperation with multiple audit partners, toiled to finalize and sign-off on the final code. Our QA team conducted extensive on-going due diligence to ensure everything met exacting standards and shortly after launch, in an over-abundance of caution, it was determined to pause the system and return all user funds.

Transparency and accountability are hallmarks of the Spool DAO. As we prepare to redeploy we wish to advise our community on the events that took place leading up to the system pause and explain why these steps were taken.

What happened?

Our first smart contracts were successfully deployed on 30.3.2022 at 01:37 AM UTC.

Remaining contracts were deployed soon after (along with user-facing web apps), bringing the number of deployed contracts to more than 60:

  • 6 x Genesis Vaults
  • 21 x Strategies
  • 5 x Core System Contracts
  • Staking Mechanism
  • Various Multisig Setups
  • (and more)

Deposits totalling to $4.9M were recorded in the first 24 hours post-launch. The Total Value Routed (TVR) increased to $12.5M over the following 30 hours. Up until the system pause, an additional $11.5M was deposited, totalling $23M.

We executed our first “DoHardWork” (DHW) transaction on 2.4.2022, which completed exactly as expected and without issue. These transactions are scheduled to be executed on a daily basis. Our team closely monitored the integrity of the system and state of the users’ funds at all times, and to ensure funds were safe, each step was simulated prior to executing on-chain.

On 3.4.2022, after simulating the second “DoHardWork”, our team noticed discrepancies in how user shares were calculated, while at the same time received inconsistent data reports from valued users.

Cause

Issues reported were originally thought to be linked strictly to the User Interface, but were later confirmed to be a function of the same underlying DoHardWork function. Core contracts were paused to ensure that all user funds were fully protected while further examination was conducted. An investigation was immediately launched by our development team in conjunction with some of our 3rd party audit partners.

After in-depth analysis of our smart contracts and on-chain state, the root cause was identified as relating to how new shares are calculated, specifically in function _redeemStrategiesIndex of the VaultIndexActions.sol contract.

Response

Given that the root cause was found in one of the core contracts, and in accordance with Spool DAO’s Security Procedures, an Emergency Withdrawal was executed and all funds returned to users.

The Emergency Withdrawal was performed via the multisig by automatically pulling all funds to the Spool DAO multisig contract. Ten preDAO members approved the transaction to refund all the initial depositors and the funds were distributed back in full to the depositors within 12 hours.

All funds were preserved during the process and at no time were user funds at risk. Moreover, an announcement was made that all users’ gas fees will be fully compensated for gas once the necessary portions of the smart contracts have been audited.

Explanation

Spool has 2 layers of shares. The first is on the user-vault level. After a user deposits into a vault (and the DoHardWork is executed), he receives vault shares. These present the proportion of total vault values owned by the user.

The second layer of shares is on the vault-strategy level. Vaults have different strategy proportions. For example, Vault A can comprise 5% of Strategy 1 and Vault B can comprise 20% of Strategy 1. This is why (similar to user-vault shares) vaults possess users’ shares, which present the value of the strategy owned by the vault.

The issue in question originated with a miscalculation of the user-vault shares after the second DHW was performed and the share redemption was completed. The users depositing in the second batch were given less shares than they should have received. The users that deposited in the first batch (before the first DHW) now owned more than they should have.

The issue was promptly resolved and the emergency functions executed flawlessly. While the system was paused, a comprehensive re-testing of all system components was subsequently conducted. Furthermore, a new staging environment was deployed and fully tested by invited community participants.

Next Steps

  • All gas fees will be reimbursed so that no user is out of pocket. These fees will be refunded in full corresponding ETH amounts as a part of a separate transaction.
  • The original (Stablecoin) Genesis Spools’ rewards will be soon withdrawn and used for the upcoming relaunch. Users will be able to claim their current rewards until April 21 at 11:59 PM UTC. After that date, the remaining $SPOOL rewards will be reallocated, according to the 3M $SPOOL emissions set in the original DAO vote, and used as rewards for the updated Genesis Spools on relaunch.
  • $SPOOL staking remains unaffected: users should keep staking to continue earning voSPOOL.
  • Genesis Spool relaunch will happen imminently and following the satisfactory completion of final testing.

Conclusion

Like all challenges, we see this as an opportunity to improve and look forward to deploying a more robust codebase as a result. We thank the community for their support as we bring true innovation to DeFi. We encourage anyone with questions to join the discussion in our Discord server.

Resources

Website | Telegram | Twitter | Medium | Discord | Gitbook

--

--

Spoolcomms
Spool

Written by Spoolcomms

39 Followers
Editor for

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams