Exclusive

Decentral Bank fixes bug that let one user mint 10 trillion USN for just $10

Quick Take

  • USN had a bug that, in certain circumstances, providing refunds of $1 trillion for every $1 of USN.
  • Decentral Bank says it has fixed the bug and that user funds were not impacted.

Decentral Bank says it has fixed a smart contract bug that briefly caused about 10 trillion USN tokens to be minted, the stablecoin developer announced on Thursday. The team has burned the tokens and plans to reward the affected user with a bug bounty.

Decentral Bank is a decentralized autonomous organization (DAO) that is developing the USN stablecoin on the Near blockchain.

According to a security incident report shared with The Block, the bug was discovered when a user called “pavladiv.near” tried to swap 5 USN ($5) for 5 USD Tether (USDT) at 01:35 a.m. EDT on July 6. The user attempted the trade via the on-chain swap mechanism on Decentral Bank.

Yet there was an issue that didn't let swaps work if the wallet did not contain any USDT (despite it not being needed for the swap). As a result of this error, the swap failed.

The user tried the process twice and it failed on both occasions. Since the transaction did not go through, the USN smart contract attempted to refund them. This is where the actual bug happened.

The bug caused a misplacement of decimal points when refunding pavladiv.near’s USN. Instead of returning 4.9995 USN (about $5), the smart contract bug minted 4.9995 trillion USN for the user on both occasions, thus creating almost $10 trillion out of thin air.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

Decentral Bank, upon noticing the minting bug, paused the contract and deployed a fix to prevent the incorrect decimal placement when refunding a failed swap. The team also burned the excess USN tokens minted by the bug, restoring the circulating supply of USN to its correct state.

If left unchecked, the bug could have been exploited to mint infinite USN. This could have led to a complete drain of the Ref Finance USDT liquidity pool. Ref Finance is a DeFi protocol on the Near network and is also one of Decentral Bank's backers and core contributors.

The USN developer says it is testing a fix for the failure of swaps by users with wallets that have never held