Developers that depend on Solana-based DEX Serum are looking to deploy another version of the protocol that is not reliant on FTX.
An alleged hack on bankrupt crypto exchange FTX on Friday raised fears that the upgrade authority for Serum may have also been compromised. The upgrade authority refers to an account responsible for signing transactions with the ability to change on-chain code.
“The serum program update key was not controlled by the SRM DAO, but by a private key connected to FTX,” tweeted pseudonymous developer Mango Max on Saturday.
“At this moment no one can confirm, who controls this key and hence has the power to update the serum program, possibly deploying malicious code,” he added.
In light of the potential vulnerability, a number of protocols removed Serum as a liquidity source. These include the widely popular swap aggregator Jupiter and DeFi wallet Phantom.
Serum was launched by FTX, Alameda Research and the Solana Foundation in 2020 and has since grown into a vital part of Solana’s DeFi ecosystem. At the time of its launch, FTX CEO Sam Bankman-Fried described it as a fast, cheap and powerful cross-chain DEX.
“And it’s truly, fully trustless,” tweeted Bankman-Fried at the time.
While these claims of being fully trustless are now called into question, abandoning Serum as a liquidity source entirely doesn’t appear option for Solana-based DeFi.
Solana founder Anatoly Yakovenko said that developers have opted to fork the program because several protocols depend on it for liquidity and liquidations.
Leading the effort was Mango Max, who said that developers had deployed “a verified build of the same version” on Sunday.
The upgrade authority and fee revenue are now being managed by a multi-sig wallet controlled by a team of trusted developers, Mango Max said,
Projects like Jupiter Exchange, Open Serum, Solape, Switchboard and Mango Markets are currently working on integrating the fork.