{"id":503758,"date":"2022-10-26T00:00:00","date_gmt":"2022-10-25T21:00:00","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/after-mango-markets-exploit-compound-pauses-4-tokens-to-protect-against-price-manipulation\/"},"modified":"2022-10-26T00:00:00","modified_gmt":"2022-10-25T21:00:00","slug":"after-mango-markets-exploit-compound-pauses-4-tokens-to-protect-against-price-manipulation","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/after-mango-markets-exploit-compound-pauses-4-tokens-to-protect-against-price-manipulation\/","title":{"rendered":"# After Mango Markets exploit, Compound pauses 4 tokens to protect against price manipulation"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a3df65b2af3b\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a3df65b2af3b\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/after-mango-markets-exploit-compound-pauses-4-tokens-to-protect-against-price-manipulation\/#%E2%80%9D_After_Mango_Markets_exploit_Compound_pauses_4_tokens_to_protect_against_price_manipulation_%E2%80%9C\" >&#8221; After Mango Markets exploit, Compound pauses 4 tokens to protect against price manipulation &#8220;<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9D_After_Mango_Markets_exploit_Compound_pauses_4_tokens_to_protect_against_price_manipulation_%E2%80%9C\"><\/span>&#8221; After Mango Markets exploit, Compound pauses 4 tokens to protect against price manipulation &#8220;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<p><img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/images\/840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMTAvNThmNmVjNTUtYjQ1OC00OGMzLTk3NzMtZjc1NzQ0NmZiZWFhLmpwZw==.jpg\" \/><\/p>\n<div class=\"post-content\" data-v-4b69a2fe>Decentralized lending protocol Compound has <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/compound.finance\/governance\/proposals\/131\">paused<\/a> the supply of four tokens as lending collateral on its platform, aiming to protect users against potential attacks involving price manipulation, similar to the recent $117 million exploit of Mango Markets, according to a proposal on Compound\u2019s governance forum that was recently passed.<\/p>\n<p>With the pause, users will not be able to deposit Yearn.finance\u2019s YFI (YFI), 0x\u2019s ZRX, Basic Attention Token (BAT) and Maker\u2019s MKR (MKR) as collateral to take loans.<\/p>\n<p>The proposal passed on Oct. 25 with 99% of all voters in favor. It stated:<\/p>\n<blockquote><p>\u201cAn oracle manipulation-based attack analogous to the one that cost Mango Markets $117m is much less likely to occur on Compound due to collateral assets having much deeper liquidity than MNGO and Compound requiring loans to be over-collateralized. However, out of an abundance of caution, we propose pausing supply for the above assets, given their relative liquidity profiles.\u201d<\/p><\/blockquote>\n<p>In a security review of Compound v2 performed in September, the Volt Protocol team <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.comp.xyz\/t\/investigate-market-manipulation-risk-in-zrx-and-other-tokens\/3555\">identified<\/a> potential market manipulation risks related to low-liquidity tokens. The report explained:\u00a0<\/p>\n<blockquote><p>&#8220;The attack is possible when the amount of a token borrowable on markets like Aave and Compound is large compared to the liquid market. The most notable example is ZRX, which has borrowable liquidity on each of these markets comparable to or greater than the usual daily volume across all centralized and decentralized exchanges.&#8221;<\/p><\/blockquote>\n<p>On <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">Twitter<\/a>, Robert Leshner, founder of Compound, explained that the conservative <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>roach wouldn\u2019t impact existing users.\u00a0<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Following the <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/mangomarkets?ref_src=twsrc%5Etfw\">@mangomarkets<\/a> exploit, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/gauntletnetwork?ref_src=twsrc%5Etfw\">@gauntletnetwork<\/a> has proposed disabling new supply for the most thinly traded collateral.<\/p>\n<p>This conservative approach won&#8217;t impact existing users, and encourages the migration of usage to Compound III (which is resistant to the attack vector). <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.co\/yMQDgRXru7\">https:\/\/t.co\/yMQDgRXru7<\/a><\/p>\n<p>\u2014 Robert Leshner (@rleshner) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/rleshner\/status\/1583577623946403841?ref_src=twsrc%5Etfw\">October 21, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>On Oct. 11, Avraham Eisenberg, the hacker behind the Mango Markets exploit, manipulated the value of a posted collateral \u2014 the platforms\u2019 native token, MNGO \u2014 to higher prices, then took out significant loans against the inflated collateral, which drained Mango\u2019s treasury.<\/p>\n<p>The exploiter, self-described as a digital art dealer on Twitter, claimed that he and a team of hackers undertook a \u201chighly profitable trading strategy\u201d and that it was \u201clegal open market actions, using the protocol as designed.\u201d<\/p>\n<p>After a proposal in the Mango\u2019s governance forum was approved, Eisenberg was allowed to keep $47 million as a \u201cbug bounty\u201d while $67 million was sent back to the treasury.<\/p>\n<p><template data-name=\"subscription_form\" data-type=\"defi_newsletter\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/cointelegraph.com\/news\/after-mango-market-exploit-compound-pauses-four-tokens-to-protect-against-price-manipulation\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8221; After Mango Markets exploit, Compound pauses 4 tokens to protect against price manipulation &#8220; Decentralized lending protocol Compound has paused the supply of four tokens as lending collateral on its platform, aiming to protect users against potential attacks involving price manipulation, similar to the recent $117 million exploit of Mango Markets, according to a&#8230;<\/p>\n","protected":false},"author":1,"featured_media":503759,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/images\/1200_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjItMTAvNThmNmVjNTUtYjQ1OC00OGMzLTk3NzMtZjc1NzQ0NmZiZWFhLmpwZw==.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74867,74868,74882,77595,74892,70944],"class_list":["post-503758","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-altcoin","tag-defi","tag-hacks","tag-lending","tag-tokens","tag-hackers"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/503758","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=503758"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/503758\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/503759"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=503758"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=503758"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=503758"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}