The pricing error effected caused a 99.9% discount from the asset's actual market value of roughly $2,200. The error triggered a wave of liquidations, ultimately leaving the platform with approximately $1.78 million in bad debt.
“Once identified, our risk manager @anthiasxyz moved quickly to reduce the cbETH borrow cap to 0.01 to contain further risk to the protocol,” Moonwell wrote on X on Monday. “The supply cap was also reduced to 0.01 to prevent new users from unknowingly supplying to the affected market.”
Moonwell said that instead of multiplying the cbETH/ETH feed by the ETH/USD price, the system used only the raw cbETH/ETH exchange rate. As a result, the oracle reported cbETH at around $1.12.
Trading bots began targeting cbETH collateral positions, and because the system believed cbETH was worth just over $1, liquidators were able to repay roughly $1 of debt to seize a total of 1,096.317 cbETH, the company said.
“This wiped out most or all of the cbETH collateral for many borrowers, while leaving substantial bad debt on their positions since the repaid amount was far below the actual borrowed value,” Anthias Labs wrote.
The distorted pricing also enabled exploitation.
“A smaller number of users exploited the distorted pricing to supply minimal collateral, massively over-borrow cbETH at the artificially low reported price, and instantly generate additional bad debt denominated in cbETH,” the firm added.
When asked by Decrypt about the error and resulting exploit, Moonwell spokesperson declined to comment.
Overall, Moonwell was left with $1,779,044 in total bad debt across various markets, according to the post.
According to Moonwell, a forthcoming governance vote will address the oracle configuration following the required timelock period.
