Cover photo

Euler Hack Reflection: Learning, Adapting, and Strengthening Angle Protocol

On March 13th, the Euler Protocol experienced a $197m hack. As a result, the Angle Protocol, which had 17.6m USDC on Euler, was left under-collateralized. In this article, we take a comprehensive look at the events leading up to the hack, their unfolding, and the valuable lessons learned. Next, we explore how these lessons could help shape a stronger and more resilient future for the Angle Protocol.

Angle Protocol and Euler

Angle Protocol relies on various modules for agEUR. The Core Module, responsible for the majority of agEUR issuance, is a complex system involving multiple stakeholders and yield strategies. Up until now, the protocol invested a portion of the collateral reserves backing the stablecoin in different yield strategies to generate returns.

Traditionally, Angle relied on a strategy investing in Compound or Aave for its USDC and DAI reserves. In June, it was voted to add support for Euler for the DAI reserves of the protocol. This meant that in some cases, the DAI holdings of the protocol could be invested on Euler if it was yielding more than Compound and Aave. At some points, the protocol had more than 3 million DAI on Euler.

In January, another vote led to the addition of support for Euler for the USDC reserves of the protocol. This was part of a larger overhaul as the yield strategy was changed to support depositing into Aave, Compound and Euler at once. The new strategy was built to permissionlessly optimize the allocation of funds across these different venues to maximize the protocol'srevenue on its reserves. More details on the new strategy are shown here.

Another way with which Angle can create agEUR is through its direct deposit modules, which allow the protocol to mint agEUR in some places like Aave and Curve with no immediate collateral available.

As part of its direct deposit modules and following several governance votes held in June 2022, Angle had minted agEUR to be lent on Euler. Some of these agEUR were also lent on Euler through Idle.

Euler hack timeline

On Friday the 10th of March, the protocol had most of its holdings on Compound and 5m USDC lent on Euler. Yet, an opportunity for the protocol to earn more revenue was spotted, and the strategy handling the USDC of the protocol was permissionlessly harvested which moved 12m USDC from Compound to Euler, leading the protocol’s position on Euler to grow to17.6m USDC.

As of the 10th of March, the protocol had also minted 3.6m agEUR as part of its direct deposit modules, but it had no DAI or FRAX on the platform.

During the 11th and 12th of March, the protocol lost some TVL due to the USDC depeg event. Funds released for users burning agEUR or Standard Liquidity Providers withdrawing their liquidity were automatically taken from the USDC that were invested on Compound, as it was the lowest yielding platform to which the protocol was exposed. As TVL decreased over the weekend, the share of the funds of the protocol invested on Euler grew at the same time to approximately 47% (31.5% before the depeg) of the TVL of the Core module.

— The Euler hack began at 9:56 am CET on March 13th.

— At 10:20, Angle Labs noticed the hack thanks to a Peckshield alert.

The Angle Protocol has a 2/3 emergency multisig, called the Guardian, with the ability to rapidly pause some functionalities of the protocol or to change parameters in response to unforeseen events. At this point, right after the hack, it was obvious that doing nothing would put the protocol in a bank run situation leaving the last stakeholders of the protocol with nothing left. The Guardian multisig thus immediately started the transactions to pause the protocol.

At the same time, given the impact and the potential losses at stake, the governance multisig was involved to pull the agEUR from the Euler AMO.

— At 10:42, a withdrawal transaction for 3,350,000 agEUR was confirmed. At this point, there was still some Protocol-owned liquidity on Euler via Idle, and Euler had not yet been paused. Other depositors with borrowing power on Euler (such as USDC depositors) could have borrowed agEUR from other lenders. It was therefore decided to burn the remaining agEUR on the Euler contract to prevent such exploits. The idea was that these tokens could potentially be minted again at a later point in time.

— At 11:03, the first pause transactions occurred on the Core module. By 12:52, the protocol's Core module had fully paused, and the debt ceilings of the Borrowing module were set to 0 on Ethereum.

To minimize potential losses, the governor multisig began to wind downother direct deposit modules of the protocol. This was done by pulling liquidity wherever possible, such as on Atlendis, where the protocol had lent 1m agEUR.

— By 3:30 pm, all available AMO had been wound down, and agEUR liquidity had been pulled from everywhere except from Aave V3 where lent agEUR was fully utilized. As a result, the protocol became entirely frozen and, technically, could have been liquidated. This left no room for insiders to take advantage of the situation and front-run others by removing leftover liquidity.

— At 3:56 pm, we published a tweet with Angle Labs to acknowledge the situation and transparently inform everyone about the amounts involved. Then, at 8:14 pm, we created a public Q&A page to keep everyone updated about the situation.

From then on, our priority was to transparently provide a more detailed state of the protocol, including all holdings of the DAO. This was to allow everyone, even those without technical expertise, to assess what was missing.— By the end of March 13th, agEUR had logically started to depeg. On March 14th, due to the bridge limit, agEUR was not priced the same on all chains.

— Due to the drying up of liquidity, the guardian multisig removed the agEUR bridge limit to mainnet on March 14th. This allowed users to bridge to Ethereum, where agEUR was more liquid, and prevented them from being arbitraged by MEV bots that front-ran users every time bridge limits were reset.

— On the 14th, we also began collaborating with authorities to provide all possible assistance in investigating the hack and recovering the funds.

— Early on the 15th of March, we released the detailed overview of the protocol’s holdings, based on information publicly available on-chain.

From then on, evolution of the situation for Angle became dependent on the evolutions of the Euler side, as everything that could be done on the Angle Protocol side had already been done.— Fortunately, things quickly started to take a favorable turn. On March 25th, the hacker began repaying funds to the Euler DAO. By April 4th, all stolen funds had been returned to the Euler DAO.

— Right now, the funds are currently on an Euler multisig, and discussions are taking place on Euler governance forum as per how the routed funds need to be routed back to affected users. The most probable outcome as it stands is that the protocol should receive enough to make all the stakeholders of the Core module whole (and get its surplus back on top of that).

Angle DAO discussions & vote

Soon after the hack and before the first repayments, discussions began on the Angle Discord and governance forum about how to respond to the incident. Much of the conversation focused on identifying which protocol stakeholders should be considered repaid back first.

This led to a vote about whether agEUR holders should be considered senior in the Angle Core module in case of a loss that is not automatically handled by the smart contracts. This vote ended on the 4th of April, and veANGLE holders supported the seniority of agEUR holders.

This vote was meant as a general purpose vote on the Core Module, yet it also provides some guidance on how to move forward with the current situation.

Having agEUR as senior within the Core Module means that its peg could be fully restored, even when funds from Euler have not yet been received. As it stands, the protocol currently has sufficient reserves to handle agEUR's holders claims on the collateral.

Some lessons on the hack

The final outcome of the hack may in the end be more favorable than initially expected. Even though there remain some uncertainties with the practical redistribution of funds by Euler, it is already time to start drawing some lessons from it and thinking about the future of Angle.

The thoughts expressed here only reflects the views of Angle Labs. Anysuggestions put forth would need to be discussed and voted on further by the DAO.

The Euler hack had a significant impact on Angle, even though the eventual loss should be null. It's crucial to emphasize that the Angle Protocol itself was not hacked, and all the protocol smart contracts functioned as intended.

  • There is an opportunity to improve risk management at the protocol level. For instance, the employed strategy that lent to Euler aimed to optimize revenue by investing in protocols deemed equally risky.

  • In the future, if such strategies were to continue, the protocol could distribute its holdings more evenly amongst platforms, and avoid concentrating too much in a single one. It could also ensure that a far less significant part of agEUR’s backing is invested in other protocols. This approach would reduce the severity of the impact in case of a hack.

  • On top of that, while information about the Euler’s exposure of the protocol was transparently displayed to everyone in the analytics, it was not clear to everyone that the protocol could lend USDC and DAI on Euler. Further improving the display of the composability risks associated to the protocol is definitely an important point to have in mind for future iterations.

  • Emergency multisig signers could have also been faster to fully pause the protocol. Specifically, having prepared payloads to pause the protocol would have allowed to pause everything more rapidly. While this didn't have an impact in hindsight, it's an essential safety precaution to consider for the future.

Suggestions for the protocol’s future

The current situation with the paused Core Module presents a valuable opportunity to address technical debt and build a more resilient, robust and scalable system.

The weekend before the Euler hack had already revealed some of the limitations of the Core Module. Because of the rapid USDC price decrease, most of the hedging agents got liquidated which left the protocol badly hedged, and at the same time, people came to redeem agEUR for USDC with USDC at a very cheap value (at around $0.9). This led to a non negligible decrease in the protocol surplus.

In the absence of sufficient hedging mechanisms in the Core Module, the protocol could not resist such events or handle unfavorable USD/EUR price variations. Not only does the protocol need a better system to ensure agEUR price stability, it also needs a system that is more resilient and scalable.

It is also important to note that during and after the Euler hack, as well as during the USDC depeg, the Borrowing module functioned as expected. Borrowers repaid their debts at a lower agEUR price, and liquidations continued to function properly without any bad debt accruing. Similarly, the Curve direct deposit module of the protocol was safely wound down, even allowing the protocol to make a profit from the liquidity removal operation.

<aside> 💬 With this in mind, we have opened a discussion on Angle Governance Forum on safely reopening the protocol post-hack while repayments are pending and refining Angle Core module design.

</aside>

We encourage everyone to jump in and express their voice in the current discussions. By reflecting on our experiences and working together, we can build a stronger, more secure future for Angle Protocol.

Loading...
highlight
Collect this post to permanently own it.
Angle Protocol 📐 logo
Subscribe to Angle Protocol 📐 and never miss a post.
#governance