Quantstamp Submits First Idle Governance Proposal

Quantstamp Announcements
December 15, 2020

Gov Tokens Allocation Fix in Idle

On December 14th, a minor bug in the governance tokens distribution module in Idle protocol was reported.

The incident does not involve any deposited funds in Idle protocol (Best-Yield or Risk-Adjusted strategies) nor the accrued yield provided by the underlying protocols.

Governance tokens distribution ($IDLE and $COMP) is affected by the bug under specific circumstances, hence resulting in a misallocation of a small number of tokens to liquidity providers. According to the initial assessment, approximately ~150 IDLE and ~1 COMP have been misallocated since the launch of Idle Governance.

The bug has already been mitigated by a joint effort with Quantstamp and Idle team members, and Quantstamp has proposed a patch via a governance proposal, IIP-1. For security reasons, Quantstamp and the Idle team will fully disclose the bug once the on-chain proposal is implemented.

Core Facts

Quantstamp collaborated with the Idle team to investigate this inquiry, identifying the vulnerability and working on both the temporary mitigation patch and the final proposal.

Next Steps

The on-chain proposal, IIP-1, launched by Quantstamp is available here.

Idle Governance has 3 days to cast its vote, in favor or against it. If the “For” vote wins and 4% of IDLE tokens have casted a vote, IIP 1 will be implemented after 2 days (grace period).

If you want to get in touch with the Idle team, feel free to join their community on Twitter, Discord, or Telegram.

Quantstamp Announcements
December 15, 2020

Gov Tokens Allocation Fix in Idle

On December 14th, a minor bug in the governance tokens distribution module in Idle protocol was reported.

The incident does not involve any deposited funds in Idle protocol (Best-Yield or Risk-Adjusted strategies) nor the accrued yield provided by the underlying protocols.

Governance tokens distribution ($IDLE and $COMP) is affected by the bug under specific circumstances, hence resulting in a misallocation of a small number of tokens to liquidity providers. According to the initial assessment, approximately ~150 IDLE and ~1 COMP have been misallocated since the launch of Idle Governance.

The bug has already been mitigated by a joint effort with Quantstamp and Idle team members, and Quantstamp has proposed a patch via a governance proposal, IIP-1. For security reasons, Quantstamp and the Idle team will fully disclose the bug once the on-chain proposal is implemented.

Core Facts

Quantstamp collaborated with the Idle team to investigate this inquiry, identifying the vulnerability and working on both the temporary mitigation patch and the final proposal.

Next Steps

The on-chain proposal, IIP-1, launched by Quantstamp is available here.

Idle Governance has 3 days to cast its vote, in favor or against it. If the “For” vote wins and 4% of IDLE tokens have casted a vote, IIP 1 will be implemented after 2 days (grace period).

If you want to get in touch with the Idle team, feel free to join their community on Twitter, Discord, or Telegram.

December 13, 2022

Quantstamp Community Update - November 2022

Presenting our research paper at DICG 2022, wrapping up our event season, hiring and audits. Here's what happened at Quantstamp in November.

November 8, 2022

Quantstamp Community Update - October 2022

Offchain Labs acquires Prysmatic Labs, Google Cloud announces node-hosting services, presenting at Devcon, and lots of audits. Here's what happened at Quantstamp in October.

October 25, 2022

Rollup Escape Hatches

After years of effort, rollups are becoming mainstream components of the Ethereum ecosystem. An escape hatch is a method to recover digital assets or program state from a rollup when sequencers or validators are offline, a critical security feature if something goes wrong, and crucial given the complexity of these systems.