Title: eIP 36 Fast track - Module updates
Author: Carebear
Related Discussions: N/A
Submission Date: 12 December 2022
Summary
Euler’s permissionless nature has left a small edge-case contract bug that I propose to empower the Euler Foundation to rectify, and to do so in a fast-track way.
Abstract
A bug in reserve accrual has been discovered in the Euler contracts. No customer funds or protocol reserves are at risk, but users who have RAD assets or liabilities are temporarily unable to use their accounts, and they are temporarily unable to be liquidated.
Motivation
Euler should operate as intended, and this bug can be easily fixed hence I suggest the DAO fast tracks this proposal.
Specification
The contracts are coded to gracefully handle extremely large supplies or borrows, for example if a token has flash mint support, or is a malicious token with a gigantic supply. However, if the reserves grow to a certain level on a market, newly accrued interest cannot be stored and this causes updating the market’s asset information to fail.
Fortunately, the contracts can be upgraded to apply the same protection done for supply and borrow amounts to the reserves. In the case of reserve overflow, no new reserves will accrue to the market. However, loading it will continue to succeed and – critically – liquidations of users can still be processed.
This bug was noticed because a user made a large mint on the RAD pool. RAD is currently configured with a very poor quality oracle, which means that an extremely large amount of RAD could be minted with a small amount of additional collateral.
These large nominal values can cause off-chain reporting metrics to be comically wrong. We’re calling these values nominal since 0 actual RAD was involved. Note that the actual cause of the wrong numbers is a bad oracle, and this has happened with regular deposits and/or borrows as well. The large mint worked as expected, except for uncovering the bug in the reserves accrual mechanism mentioned above.
Implementation
This vote will empower the Euler Foundation to do two things:
- As a short-term fix, make a contract fix to the RAD market, deploy the Governance module, and set reserve factor to 0
- Upgrade all other modules in a slower, more methodical way to ensure this does not happen to other assets
Voting
Voting will last 24h if approved by the discord governance section
Yes: empower the Euler foundation to make these two changes ASAP
No: do not make the change