After the mining failure involving its stablecoin, aUSD, the Acala Network announced on Monday that it had resumed its operations following a referendum allowing liquidity pools (LPs) to withdraw liquidity from pools or unstake LP tokens.
The community referendum for Stage 1 of resuming Acala operations has passed and been executed.— Acala (@AcalaNetwork) September 26, 2022
LPs who choose to unstake LP tokens or withdraw liquidity on Acala now have the option to do so. https://t.co/yzvOz7zwxT
In August, a misconfiguration of the iBTC (IBTC)/aUSD liquidity pool led to a 3.022 billion aUSD to be erroneously minted, taking its price to less than $0.01 from its United States dollar peg. Acala is a decentralized finance (DeFi) platform built on the Polkadot ecosystem.
The wallet addresses that had received the minted aUSD have been identified via on-chain tracing, allowing the recovery of 2.97 billion aUSD mistake mints from 16 addresses. Other thirty-five accounts were identified as having acquired 12.38 million erroneously minted aUSD.
According to the incident report, 16 IBTC/aUSD LP contributors received the error mints, and some of them repeatedly added more liquidity to the pool, claiming more aUSD error mints and resulting in more aUSD being erroneously minted. It noted:
“Some of these users repeatedly swapped more aUSD error mints as the imbalance of pools grew. They then transferred a significant amount of aUSD error mints to other XCM-connected chains and CEXs.”
The cause of the incident “was a vulnerability in the DEX saving code that is part of the incentives pallet,” said the company, which also announced a security roadmap to strengthen the security of the Acala network.
The report revealed the full extent of the event. Reportedly a total of 3.022B aUSD errors were minted, 2.97 billion aUSD were found in the addresses of the 16 identified LP contributors and 12.38 million aUSD error mints were found on the top 35 accounts that acquired a significant amount of aUSD error mints or were linked to the accounts that acquired it. A remaining 52.068 million aUSD error mints, error mint-swapped tokens and addresses involved in the incident were identified.