Venus Protocol, a decentralized lending market built on the BNB Chain, denied claims that it had suffered a significant loss in an exploit over the weekend.
The team behind the protocol took to X to quickly shut down rumors of what was first reported to be a $54 billion exploit by blockchain security firm SlowMist.
A response from the team, we’re taking a closer look into this incident!
Follow us for more updates! https://t.co/ChM6nJhxRn
— SlowMist (@SlowMist_Team) December 10, 2023
Venus said that the protocol was working as intended, but a short-term price issue with the Binance Oracle that is responsible for price feeds in an isolated pool was responsible for the issue – something that SlowMist later clarified.
Brad Harrison, the head of Venus Labs, explained that the oracle which supports the price of snBNB – a yield bearing liquid staked version of BNB – reported the wrong price in an isolated pool on the protocol.
This resulted in one user inadvertently borrowing $270,000 worth of the asset in question. Although the oracle was introduced “to avoid these exact situations,” Harrison said that the risk of such an issue still prevails when it comes to long assets that rarely have multiple price feeds available.
$270k. Pool has a risk fund for these scenarios.
— Brad DeFi/acc (卧虎) (@bradherenow) December 10, 2023
“In this case we will look ahead to enhance the security on isolated pools by adding support for price resilience,” said Harrison.
“While participating in isolated pools always involves higher risk, no other pools were affected.”
Venus Protocol also paused the snBNB market, along with two other isolated markets with similar Binance Oracle configurations.
Following the @chaos_labs recommendations and out of an abundance of caution due to today's Binance Oracle price feed issue on the Isolated LST BNB Pool, the snBNB market has been temporarily paused along with 2 other *isolated* markets (agEUR, stkBNB) with similar Binance…
— Venus Protocol (@VenusProtocol) December 10, 2023
“It is also worth mentioning that the Binance Oracle team has already identified and fixed the issue and this is strictly a precautionary temporary measure,” they noted.