Try Quests to earn cryptoOsmosis Bounties - Bug exploiters
Introduction
On June 07 the Osmosis v9.0.0 Nitrogen upgrade went live, and it brought with it a major bug that meant the blockchain had to be halted in order to prevent further exploits and correct the bug. Full insights on what the upgrade was meant to bring can be found here.
As far as we know, the Osmosis team was notified thanks to a reddit user, who exposed the fact that there was a serious exploit where anyone could add liquidity to any pool and gain an extra 50% when they removed it. This was a critical bug which could have potentially drained all liquidity pools.
In this dashboard, I'll analyze wallets that operated joining and exiting pools multiple times to try to assess the extent of the exploit.
Approach
Since the exploit started at block number 4707300 and the chain was halted at block 4713064, we can reduce the extent of the analysis to this interval.
One thing to take into account when trying to look out for potential exploiters is that they have to have at least an exit pool action, since that's the way the bug was exploited. There are several accounts with multiple joining pools but no exiting, meaning that they didn't exploit the bug.
The following table shows the list of suspicious wallets, meaning those that since the upgrade and until the halting of the blockchain, performed joining and exiting operations multiple times.
Amount in wallets
In order to look at the current situation of said wallets, I've used the approach of looking both into Apeboard (which seems to show correctly the LP tokens but not holding, assets and staking) and atomscan (which complements it perfectly, showing both staking and assets but not the LPs).
The 1st biggest potential exploiter has currently $194k available on Osmo holdings, 100 Osmo delegated, and part on LPs and other assets as follows(link + apeboard):
The 6th biggest potential exploiter has almost no assets available, around $70 in total (link):
Conclusions
I've analyzed the top 7 wallets because they're the ones that have a total of more than $10K withdrawn in a series of joined-exited pools since the nitrogen upgrade went live.
Wallet 1 holds a decent amount, wallet 2 same, wallet 3 has 83k, wallet 4 has emptied, wallet 5 same as wallet 4, wallet 6 has emptied, and wallet 7 holds more positions on pools than the total amount "drained", making it a candidate that despite having joining-exiting operations, I believe it might not be part of the exploiters.
Out of the total amount exploited, most of it was between two wallets.
Out of the total amount exploited, most of it was in Osmo, Atom and axlUSDC.
As we can see, this potential exploiter took a profit of more than $3.1M, since the amount in USD in the table is the price at the time of the chain halting.
The total amount exploited is the following, with almost 5M:
The following chart shows the amount in USD drained by the top 10 addresses; we can see that between two of them they were responsible of around 90% ($4.4M) of the total amount drained.
Lastly, the following chart shows the distribution of the total amount drained by the different assets; most of them was Osmo (48%, around $2.3M), Atom (27%, around $1.3M and then axlUSDC, axlWBTC and axlWETH.