May 27, 2024
On May 27, the team has discovered an isolated custom oracle discrepancy on select experimental tokens supported by Symmetry Engine program. As a response, team immediately froze the Symmetry program to investigate.
After a thorough evaluation, we’ve identified discrepancies that appeared recently in our custom high-frequency oracle built on Switchboard, resulting in short windows of incorrect pricing data for certain experimental tokens. A solution has since been implemented.
Below is a record of the exceptions detected since May 22 to present.
Data shows recent instances when the oracle script (deployed by Symmetry, separate from Symmetry Engine smart contract) failed to parse certain token price information without producing errors, causing null value writes for short periods, followed by correct price updates. Consequently, during these short periods, some token prices were not accurately accounted for.
On May 27, approximately 15:31 UTC, a user deposited USDC into a basket containing affected experimental tokens (JLP, NOS, Moutai, POPCAT), which was rebalanced correctly by Symmetry Engine into above mentioned tokens, however, during a separate, mint transaction, the oracle exception has occurred and excess basket tokens were minted to the user, who then burned their basket tokens to withdrew from the basket, resulting in reduced basket price & TVL.
Similar events occurred for 3 other depositors. Update: 2 depositors have cooperated and returned unjust gains, and have been awarded a bounty.
<aside> ✅ Symmetry Smart Contract (Symmetry Engine) had no issues, and has been audited by Ottersec. No vulnerabilities present.
</aside>
https://app.symmetry.fi/view/E7WvXNJKTUZgYmzXZxpQJxYsfkrH9nqZGFduetS77y8A
https://app.symmetry.fi/view/C1w8W17NwBwtifZszifyZv1Rp6fnagLLTugvxDBHRPoA