|Author||Justin J Moses|
This SIP proposes to remove the on-chain functionality of issue, burn and claim in anything other than
Issuing, burning and claiming any synth is functionality the smart contracts have supported even though the dApps don’t offer the functionality. It’s been highlighted already that by issuing, burning and claiming in any synth, the exchange fee can be avoided. Unfortunately, a bot has been detected that is leveraging this loophole to issue new debt, repay it instantly, and accuring profits at the expense of Synthetix debt holders. The bot issues into synths that have market movement (by reading the mempool and using higher gwei than our oracle), then immediately burns their debt, and thereby profiting from trade without paying any fees.
This loophole makes it pertinant we shut this backdoor into exchanging immediately.
The proposal is to remove the
currencyKey argument from
FeePool.claimOnBehalf and that they all use
Instead of having a
require(currencyKey, "sUSD"), removing the
currencyKey argument altogether removes any possible confusion for the user.
These fixes are for the imminent Vega release, targeted to address the current bot activity.
Copyright and related rights waived via CC0.