Quantstamp Submits First Idle Governance Proposal

Quantstamp Announcements
December 15, 2020

Gov Tokens Allocation Fix in Idle

On December 14th, a minor bug in the governance tokens distribution module in Idle protocol was reported.

The incident does not involve any deposited funds in Idle protocol (Best-Yield or Risk-Adjusted strategies) nor the accrued yield provided by the underlying protocols.

Governance tokens distribution ($IDLE and $COMP) is affected by the bug under specific circumstances, hence resulting in a misallocation of a small number of tokens to liquidity providers. According to the initial assessment, approximately ~150 IDLE and ~1 COMP have been misallocated since the launch of Idle Governance.

The bug has already been mitigated by a joint effort with Quantstamp and Idle team members, and Quantstamp has proposed a patch via a governance proposal, IIP-1. For security reasons, Quantstamp and the Idle team will fully disclose the bug once the on-chain proposal is implemented.

Core Facts

Quantstamp collaborated with the Idle team to investigate this inquiry, identifying the vulnerability and working on both the temporary mitigation patch and the final proposal.

Next Steps

The on-chain proposal, IIP-1, launched by Quantstamp is available here.

Idle Governance has 3 days to cast its vote, in favor or against it. If the “For” vote wins and 4% of IDLE tokens have casted a vote, IIP 1 will be implemented after 2 days (grace period).

If you want to get in touch with the Idle team, feel free to join their community on Twitter, Discord, or Telegram.

Quantstamp Announcements
December 15, 2020

Gov Tokens Allocation Fix in Idle

On December 14th, a minor bug in the governance tokens distribution module in Idle protocol was reported.

The incident does not involve any deposited funds in Idle protocol (Best-Yield or Risk-Adjusted strategies) nor the accrued yield provided by the underlying protocols.

Governance tokens distribution ($IDLE and $COMP) is affected by the bug under specific circumstances, hence resulting in a misallocation of a small number of tokens to liquidity providers. According to the initial assessment, approximately ~150 IDLE and ~1 COMP have been misallocated since the launch of Idle Governance.

The bug has already been mitigated by a joint effort with Quantstamp and Idle team members, and Quantstamp has proposed a patch via a governance proposal, IIP-1. For security reasons, Quantstamp and the Idle team will fully disclose the bug once the on-chain proposal is implemented.

Core Facts

Quantstamp collaborated with the Idle team to investigate this inquiry, identifying the vulnerability and working on both the temporary mitigation patch and the final proposal.

Next Steps

The on-chain proposal, IIP-1, launched by Quantstamp is available here.

Idle Governance has 3 days to cast its vote, in favor or against it. If the “For” vote wins and 4% of IDLE tokens have casted a vote, IIP 1 will be implemented after 2 days (grace period).

If you want to get in touch with the Idle team, feel free to join their community on Twitter, Discord, or Telegram.

September 29, 2023

Partnering with Toku to Enhance Web3 Security & Payroll Practices

Quantstamp is thrilled to announce a strategic partnership with Toku, marking a significant milestone in our commitment to web3 security and compliance.

July 3, 2023

Towards SATisfactory Web3 Software Engineering

In web3, traditional methods of bug detection and code verification fall short. Learn how lightweight formal methods can offer a practical approach to identifying and fixing bugs in dApp code.

June 5, 2023

Quantstamp x Hypernative Partner to Enhance Web3 Security

Quantstamp and Hypernative are excited to announce a partnership that marks a major milestone in bolstering security within the fast-moving web3 ecosystem.