Drift Protocol is an open-sourced dynamic AMM (DAMM) and decentralised orderbook (DLOB) perpetual swap exchange built on Solana. Drift provides leveraged trading of perpetual contracts for top crypto-assets.
Drift Protocol was paused on 2022/05/11 in response to a rapid increase in rate of the withdrawal of user funds. Drift successfully paused the protocol prior to a complete depletion of user funds. The pause was critical to ensure that no further funds were drained from the protocol.
This post-mortem provides a chronology of the incident, explains the underlying issues the led to the rapid withdrawal of funds, demonstrates how an attacker could have exploited the issues, describes how the issues forced to exchange to be paused and proposes immediate fixes and areas for further improvement ahead of Drift v2.
Drift’s core contributors are now full steam ahead working on a vastly improved Drift v2 that fixes the immediate technical issues present in v1 and builds upon v1’s foundation to ship a more robust leveraged trading system with sufficient risk mechanisms and guardrails, while taking into account community feedback.
Drift v1 is now sunset with all positions settled and the total settled collateral of $19.5m ($4.95m from the remaining Insurance Fund and $14.55m from financing) repaid to affected traders in full. Drift v2 is expected to launch in July with all the proposed improvements in Section 2.
In this section, Drift provides a chronology of events, a detailed breakdown of the issues that took place and a full code-based proof of concept to detail the bug. ****
| Time | Event |
|---|---|
| May 11 2022, | |
| 12 AM - 12 PM UTC | Sharp spike in withdrawals noticed |
| Within about 12 hours starting May 11 12AM UTC, $8.72m of collateral net withdrew from the system, pushing the pool from https://defillama.com/protocol/drifthttps://defillama.com/protocol/drift. The core developers noticed the alarming rate of withdrawals from the protocol and started to investigate the issue. | |
| https://explorer.solana.com/tx/3fj99yUrZKQWPnUb7eQH3RbfuN8U5UuYwHmTVdrt4qDvxTN4vsAPvSYrHsmsjgPxcbK5PhhS8JRtT2XLKqNxdzSe | First Pause to de-risk markets |
| Due to volatility in LUNA, trading was halted so that the core developers could reduce risk on the exchange. Risk was reduced by increasing initial margin requirement, the base market spreads, and the exchange fee. | |
| https://explorer.solana.com/tx/3HwLjpnSAAMR2ovQ3Tczt4nAfZMYSdFuZ9tXGx1s93JTXWjmgQVExbCyvgu1KnYZiBjhjfyfCBdNGjSUKjQy8Hde | Exchange unpaused and k reserves reduced |
| After derisking the exchange, the core developers believed that the risk was low enough for the exchange to re-operate. Upon unpausing, the core developers continued to investigate the root issue and https://flatgithub.com/0xbigz/drift-flat-data?filename=data%2Fcurve_history.csv&sha=4ac8eaf62e3766d3e2f8996b5e5eb549d8d6089a for LUNA, SOL, AVAX, BTC, and ETH. Reducing k (the reserves) helps reduce growth in a Long-Short Imbalance. | |
| https://explorer.solana.com/tx/61N6ETBTzbBBqnsybaG41oeNjkiD5z2EDn3CrhpmpdDJrjR1wYYscF8Rg435Paw9EDS4MXmkJSDg1y3SR3PnZuoz | Second pause to investigating withdrawal bug |
| The core developers identified the realised PNL and Insurance Fund withdrawal bug as the source of the drastic protocol withdrawals. The protocol does not have a withdrawal kill-switch or social loss mechanism so the core developers were forced to paused the exchange to distribute the remaining funds back to users. | |
| May 16 2022 | Methodology for Position Settlement |
| With exchange paused, https://driftprotocol.medium.com/drift-settlement-plan-2d1af1c1525. The core developers developed a methodology to settle positions and realised collateral alongside the community. | |
| May 18 2022 | “Drift Drain” Exploit POC code published https://github.com/drift-labs/protocol-v1/tree/crispheaney/drift-drain |
| This code showcases how the protocol bug allows an attacker to drain entire vault in a single transaction. | |
| May 20 2022 | Redemption UI Live |
| May 21 2022 | POC working patch for withdrawal bug pushed |
| May 25 2022 | Settlement Resolution |
| Drift secured financing to cover the outstanding shortfall of $14.5mm in full to traders. | |
| May 26 2022 | Technical Incident Report Published |
| May 27 2022 | Redemption Live with Full Outstanding Settled Shortfall Amount |
There were two levels of issues at play — one is a surface-level unchecked withdrawal and PNL accounting bug — and one is a deeper leveraged trading design issue. This section delves into the two root causes of the incident.
Based on community feedback, the document uses the term issues instead of bug or design flaw. The Drift core developers acknowledge that there were challenges with the v1 implementation and are eager to resolve them in Drift v2.