Happened?
As most of you are aware, a hacker compromised our staking contracts earlier this week, and as a result, we halted the claiming/minting of sILV. We thought that we had caught the issue before a hacker could exploit it; however, an attacker had previously found the bug, and they were able to mint approx 8,000 sILV without detection.
The attacker used this sILV to begin draining the Uniswap pool. To prevent them from liquidating the sILV, the Illuvium eDAO minted sILV and used this to remove the liquidity in the pool, stopping the attack. The attacker removed approximately 335 ETH; the eDAO saved an additional 117 ETH.
What happens to my sILV?
We have taken a snapshot at block number: 13940833 (one before the rescue transaction). This snapshot ensured we could exchange sILV with a new sILV token. If you held the sILV token at the time of the snapshot, you are entitled to the same amount of the new sILV token.
I provided liquidity to the sILV Uniswap V3 Pool. Will I be reimbursed?
Yes, as long as you provided liquidity at block number 13940652, you will receive your same ETH/sILV amounts back as ETH and sILV once we upgrade the contracts.
I bought sILV from the Uniwap V3 Pool after the block number
The decision to reimburse people who interacted with the pool after block number 13940833 lies with the Illuvium Council. An emergency meeting will be held within the next 48 hours to discuss if the council should create a proposal.
Will the DAO be affected financially?
Even though this sILV Uniswap pool was unofficial, many community members, including myself, used it to trade in it and, as such, feel somewhat responsible for legitimising the pool. I have therefore decided to reimburse all liquidity providers personally, so there will be no loss to the DAO.
How will we distribute the new sILV
Interacting with Ethereum L1 has become increasingly expensive since we launched, so we are discussing several L2 scaling solutions to distribute this new sILV on an L2 to ensure that the cost of converting to the new contract is as minimal as possible for users. We are also considering running the upcoming land sale on L2 to ensure that all users can participate, no matter how small.
What are we doing to mitigate any future bugs?
- Three independent audits per contract (1x Internal, 2x external)
- Introduction of a bug bounty program
- Hiring additional solidity engineers
- Additional contract testing
- Additional code reviews
Thank you again for your support through this difficult period.
All marketing ideas and/or proposals need to go through the DAO, you can use the Marketing Ideas channel on https://discord.gg/illuvium
Обсуждают сегодня