Levana, a perpetual swap protocol that runs on the Osmosis blockchain, recently suffered an unauthorized attack that resulted in the loss of over $1.1 million from its liquidity pools. The exploit took place over 13 days, causing the protocol to lose 10% of its liquidity.
Investigations into the incident revealed several factors that contributed to the tragic outcome. Congestion hit the Osmosis blockchain, severely limiting user interactions within the market.
Furthermore, a bug in the Osmosis fee market code exacerbated the situation, necessitating higher gas prices for bot maintenance and transactions during peak traffic periods.
The Osmosis blockchain congestion attack significantly hampered user interactions with Levana’s perpetual swap protocol.
The fee market bug complicated matters even more, requiring gas prices to be raised during peak traffic times, negatively impacting the overall user experience.
The scheme took advantage of Levana’s “price staleness” in integrating with the Pyth oracle. In conjunction with the congestion attack and fee market bug, this flaw enabled the attackers to deplete liquidity pools and manipulate market prices.
Levana’s reaction to the breach was quick and decisive. To address the vulnerability, the protocol temporarily halted the creation of new positions and revisions to existing ones.
Importantly, Levana assured its customers that the attack did not affect their current trading positions or earnings.
While Levana’s system integration vulnerabilities were discovered, the team clarified that the Pyth oracle itself worked as expected.
The emphasis remains on addressing system integration flaws rather than any shortcomings in Oracle performance.
In the aftermath of the attack, Levana’s top priorities are to protect user assets and quickly restore full operational capabilities.
The protocol is still committed to addressing the identified flaws and putting in place measures to prevent similar incidents in the future.