# Update on Solidly v1 and Recent Attacks ## What happened Over the past few days the Solidly v2 team has performed a series of attacks on Solidly v1 rendering various aspects of Solidly v1 and Solidex inoperable. That said **Your funds are safe**. The reason we've done this is to bring awareness to the fact that Solidly v1 and Solidex are susceptible to numererous attacks which anyone can perform. Developers of Soldily v2 have tried in the past discussing various attack vectors with both the Solidly v1 team and Solidex and have been met mostly with silence or denial. As such, we believe the most responsible course of action is to demonstrate the attacks ourselves, such that the issues with Solidly v1 and Solidex can no longer be ignored. We believe users of Soldily and Solidex deserve the straightforward truth: that **many aspects of Solidly v1 and Solidex are broken beyond repair.** ## The following attacks were performed ### 1.) Denial of service (DoS) attack on the global gauge index for many pools #### Results: - **SOLID rewards cannot be claimed by anyone** on the base layer - Solidex users are unable to deposit or withdraw their LPs (temporarily) #### Notes: - Even before our attacks many Solidex users have discovered they are unable to withdraw their LPs, a problem which has been widely ignored by the Solidex protocol (0xDAO devs have been helping users withdraw from Solidex for the past 6 momths) - 0xDAO realized this issue early on and built in a protection mechanism to the protocol: - When the global gauge or bribe indexs are out of sync we withdraw funds into a local buffer to prevent withdrawal issues ### 2.) Perform a DoS attack on global bribe sync index for many pools #### Results: - Users **cannot claim bribes** on the Soldily v1 base layer ### 3.) Demonstrate a new attack vector that allows any user to permanently brick any other user's ability to claim bribes for a specific NFT #### Results: - Solidex users will **never be able to claim bribes again** for a small number of pools #### Note: - This attack can be used in conjunction with several other exploits to **drain all bribes** for Solidly v1 ### 4.) Utilize Solidex's NFT to perform a **double spend bribe claim** attack on Solidly base layer #### Results: - Solidex rewards distributor gets double rewards - Some users are no longer able to claim bribes #### Notes: - If we had performed this attack using another NFT Solidex users would in some cases be prevented from claiming fees (since the bribe contract does not have enough funds), in which case Solidex users would be unable to withdraw their LP ### 5.) **Perform 51% attack on Solidly v1** #### Results: - All SOLID emissions go only to the fake `JOKER/RETURNS` pool - **No one gets any SOLID emissions this week** #### Notes: - The Solidly v2 team has the ability to **shut down all Solidly v1 emissions forever** ![](https://i.imgur.com/UxIHZQB.jpg) ## Source code We believe it is in the best interest of the community to share the source code for all attacks for a few reasons: - It's important for people to understand the issues with Solidly v1 - It is better to be honest and up-front about all Solidly and Solidex issues than to pretend they don't exist #### Code for attacks #1-3 https://ftmscan.com/address/0x86f6b698eb6e3769f9a649a8d3c2ca8f74f5a992#code #### Code for attack #4 https://ftmscan.com/address/0x6ffa6a7589961c28ea1cc7aea4a17289b291d330#code ## Other attack vectors In addition to the attacks that were performed, there are other types of attacks that we could have performed but did not ### Steal all Solidex votes We've seen that for the past couple weeks **Solidex vote's have been stolen** by the ELITE team to direct all Solidex votes to the WFTM/ELITe pool #### How it works - At 00:00:00 UTC upon the epoch change do the following (ideally atomiclly) - Call `submitVotes()` on Solidex voter - Vote for the pools you want on Solidex voter - Call `update_period()` on minter #### Result - The majority of Solidex votes will be redirected to the pool of your choice ### Cause Solidex voter to run out of gas and be unable to submit votes #### How it works - Solidex voter allows users to vote for up to 50 pools - Voting for 50 pools uses roughly 10m gas (executing submitVotes has to be called from within a node in order to not run out of gas) - The gas amount needed to vote for a pool is different depending on whether the pool is new or not - This is because SSTORE costs more when changing storage slot values from zero to non-zero than from non-zero to non-zero - TLDR: - Make 50 new pools and vote for them - Solidex will no longer be able to submit votes as gas usage will cost around 13m and will run out of gas ## Moving forward - We have temporarily repaired all pools - If your funds become stuck again on Solidex we've made a tool for you to unstuck your funds: https://solidly.com/repair - Anyone can attack Solidly v1 and Solidex at any time - **If you keep your funds in Solidex there is a chance they could get stuck** ![](https://i.imgur.com/lT7Qfhh.png) ### 0xDAO Burning their veNFT 0xDAO confirmed to burn their veNFT, so APRs on their platform will also be 0% going forward and thus there is no more usecase for oxSOLID and OXD on Fantom as of today. We recommend all oxSOLID and OXDv2 holders to immediately upgrade in order to retain token functionality and APRs in the future. The time-window of the migration will be closed soon. ### How to upgrade As outlined in our previous Medium article (https://medium.com/@seraph333/decf1033a05f), we took a deep dive into Solidly over the past 6 months, finding and fixing even many more issues than the ones listed above. You can upgrade all of your Solidly ecosystem tokens over on https://solidly.com, if you have any questions please join our Discord channel and we’ll be offering a helping hand. ## Summary - We deeply respect the work of Andre and Anton - Although we have discovered many issues with Solidly v1, we respect and appreciate the innovation of Solidly - We will begin to share our findings and code over the next 6 months as we transition to Ethereum - We encourage everyone to migrate to Solidly v2 (which we will refer to as only "Solidly" from now on) moving forward