Skip links

Reflecting on the Sonne Exploit

If you have not already heard, the Sonne lending protocol on Optimism was exploited today for over $20M worth of assets.

In short, the exploit was a typical Compound V2 empty market exploit, which is a known vulnerability. When Sonne deployed their $VELO market, they did not seed liquidity appropriately, exposing themselves to the attack.

We are not here to assign blame or point fingers but rather to assess what we can learn from this incident and how we are applying these lessons to improve our security.

First, we must assess the impact on OATH Foundation products and users.

How this Affected Us

Reaper, Digit, and Ethos Reserve protocols on Optimism utilize our novel MultiStrategy vaults to optimize allocations of blue-chip assets to yield strategies for users. A component of these strategies relies on allocating assets to Granary and Sonne for basic looping strategies.

As soon as news of the exploit broke, we worked rapidly to recover as many assets as possible from strategies exposed to Sonne. This resulted in a significant recovery of assets at risk and allowed Ethos Reserve to eliminate exposure almost entirely.

However, the nature of an emergency response is inherently responsive, and as a result, some of the assets in the MultiStrategy vaults have been lost in the exploit.

We are in contact with the Sonne team and working with blockchain security firms in an attempt to recover funds.

Hierarchy of Controls

In risk management, there is a concept known as the hierarchy of controls. It is a list of mitigation approaches, in order of effectiveness, for managing potential hazards. For our purposes, re-hypothecation to externally-controlled protocols is the hazard.

Following the Hierarchy of Controls, OATH will move to eliminate the hazard moving forward.

Eliminating a hazard is the most effective risk mitigation method, wherever possible, and that is exactly the approach we will take.

Our team will no longer be sourcing yield from externally controlled protocols.

We initially took on this risk because the potential reward and perceived risk appeared favorable, and user demand validated this assessment. We believed that if we had a close enough relationship with teams using audited codebases that maintained stringent security practices, we could mitigate most of this risk.

It is now clear that no yield opportunity is worth exposing our users’ funds to external protocols and security processes beyond our control.

Rehypothecating internally ensures we control the end-to-end security infrastructure that protects funds. An example of this implementation is the Aurelius CDP, which supplies assets to its own integrated lending market. Ethos Reserve was also able to avoid a worst-case outcome due to our strong preference for Granary.

We work hard to embed our security practices directly in all our internal processes, including the deployment scripts.

We seek to minimize risk wherever possible, and limiting exposure to external protocols is the best way to ensure our efforts to secure funds are not compromised. Relying on outside team’s security processes no longer fits our strict security standards.

This loss cannot be ignored, and we are taking all the necessary actions to ensure it never happens again.