Just weeks after a typo in the platform’s code base, Hegic has shutdown again after a trader exploited a hole in the system’s design.
Hegic Options’ revival was short-lived after the protocol succumbed to a design flaw. Andrew Kang revealed that there was a defect in Hegic’s design that allowed older liquidity providers to pocket a profit without fulfilling their obligations.
DeFi Project Hegic Suffers Poor Game Theory
Hegic Options was forced offline after a trader took advantage of a hole in the network’s design. The platform’s liquidity pool was designed in a way that gave precedence to older liquidity providers.
Liquidity providers that sell options contracts (short the options) would receive their premium and be free to exit the pool after collecting it. The problem was that they weren’t forced to honor the obligation an option seller is supposed to.
Simply put, this means that a trader could receive the benefit of selling an option contract without bearing the liability if they were caught on the wrong side of the trade.
Newer liquidity providers are then forced to bear the entire burden as older providers could collect their options premiums and walk away.
This hole was exploited by a trader who figured out the design flaw. Kang notes the trader first deposited liquidity then bought put options. Then, they withdrew the liquidity and exercised the options.
5) Over 13 transactions & 1.5 days, this LP netted ~$3,340 in profit
Taking into account recycled capital, this was essentially a quick low risk 22% ROI
I’ve detailed the transactions in the table below pic.twitter.com/i0StBz61Wo
— Andrew Kang (@Rewkang) May 21, 2020
This means that the trader earned a premium by selling options, then added fuel to the fire by exercising options they bought, forcing existing liquidity providers to bear a larger loss than they bargained for.
Hegic previously shut down once before after a typo in the codebase froze $30,000 worth of ETH forever.
This time around, Hegic’s code performed as expected, but the protocol suffered from flawed game theory. Hegic’s developer is currently working on fixing the contracts and relaunching the protocol to mainnet.
With two major vulnerabilities in the same month, Hegic has a long road ahead to regain user faith – something bZx has been unable to do over three months after being in a similar situation.