Introducing WOWswap V2 with Chainlink Oracle Integration for Price Feeds
Last week @Boring_Crypto tweeted about a potential vulnerability exposing WOWswap to the same flash loan attack from which bZx protocol suffered.
In response to this threat, we upgraded the WOWswap protocol to V2️⃣, which now uses the widely used Chainlink Price Feeds as our go-to oracle mechanism to prevent future on-chain actions based on manipulated price data.
In this post we describe the details of the vulnerability and the measures our team took to mitigate the risks.
What was the problem?
WOWswap V1 allowed traders to buy any approved token with leverage without checking if a token’s price on Pancakeswap/Quickswap is in line with the wide market price of that token.
☢ Therefore, using a flash loan an attacker could buy a lot of token A via Pancakeswap/Quickswap, artificially increasing its price 📈🆙.
☢ Then using leverage from WOWswap an attacker could buy more token A pushing it’s price even higher 📈🆙🆙.
☢ Finally, the attacker would sell the first portion of token A, securing the profit.
As a result of the sale of the token A, the price of the token A would plummet 📉 and the leveraged position made via WOWswap would be liquidated💀, with the liquidity pool incurring a loss 💩.
Here is the actual example of how this vulnerability could be used:
Some WOWswap LPs might have lost a little bit of funds due to unfavorable ibBNB/BNB conversion rate caused by this transaction. Don’t worry — you will be compensated in BNB before Friday, April 7th.
What is the solution?
Since the core problem was the opportunity to buy a suddenly appreciated token via WOWswap, we closed this option by using the Chainlink Price Feed — time-tested decentralized oracle networks for price data pertaining to various cryptocurrencies, foreign exchange rates, commodities, indices, stocks, and more.
WOWswap V2 allows buying a token with leverage if its AMM-based price is less than 102% of the Oracle’s price.
Also, WOWswap V2 migrated many trading pairs to Pancakeswap V2 on Binance Smart Chain, where now most of their liquidity has been migrated. As such, price slippage is much lower.
What’s the downside?
Since Chainlink doesn’t currently support all the tokens initially offered for leveraged trading on WOWswap V1, we have temporarily suspended some tokens from leveraged buying, including $WOW. You can still sell all previously purchased tokens via WOWswap — you just can’t purchase them with leverage (temporarily). We are working to launch new Chainlink Price Feeds for additional tokens in the future.
What else is included in WOWswap V2?
The first version of WOWswap allowed taking loans for leveraged swaps only in the same currency that the token is traded against on Pancakeswap or Quickswap. For example, if a token did not have a direct liquidity pool with BUSD, it was impossible to take a loan in BUSD to buy it with leverage: only a BNB loan was available. However, taking a loan in BNB creates an additional risk exposure to BNB price movements: a leveraged position can be liquidated if the price of BNB grows faster than the price of the purchased token.
WOWswap V2 overcomes this shortcoming by allowing multi-hops: BUSD -> BNB -> Token. So, if a token is only traded to BNB on Pancakeswap, a trader would be able to buy it for BUSD, taking an additional BUSD loan for leverage. This mechanism will free margin traders from the risk of BNB’s appreciation and allow liquidity providers to receive high yield in stablecoins.
Your feedback 👂matters
- Try WOWswap here.
- Check FAQ section on WOWswap website.
- Join our Telegram community.
- Follow us on Twitter.
