‘Make Up Your Mind,’ says SBF of the Mango Hack

Mango Hack

‘Make Up Your Own Damn Mind,’ says Sam Bankman-Fried of the Mango Markets Hack.

The FTX CEO chastised the DeFi community for putting too much faith in oracles.

On Wednesday, FTX CEO Sam Bankman-Fried took to Twitter to discuss the lessons learned from Tuesday’s Mango Markets breach. And he was on the hunt for DeFi oracles.

“When it comes to oracles, you just have to make up your own damn mind,” he remarked.

 

Oracles convert off-chain, real-world data into blockchain-compatible data. Oracles open smart contracts, which are programs that run when a certain condition is satisfied. They have a variety of uses, including investing and trading digital assets, prediction markets, and even carbon taxes.

An intruder hacked $100 million from the Mango Markets Solana DeFi trading platform on Tuesday. The attacker took advantage of a weakness in Mango Market’s design to seem to have more collateral than they actually had, driving up the price of the MNGO token and then negotiating a $100 million loan based on data supplied by the platform’s oracle.

 

“What went wrong?” he inquired. “Did the Oracle make a mistake?”

 

Not much, he answered, adding that it was dependent on the Oracle’s specs.
“The oracle properly revealed MNGO’s current price,” he stated. “It’s only that the ‘current price’ was nothing near the ‘fair price.'”

 

Table of Contents

MNGO crashed due to oracles

 

He highlighted that big stakes, particularly in illiquid tokens, might have a tremendous impact. Some holdings, such as MNGO, are huge and illiquid enough that the risk engine—software that offers market risk measures and investment analysis—forces the position to be completely collateralized.

Fully collateralized indicates that the borrower provides collateral throughout the loan. The collateral in this case was bitcoin. Mango Markets needed a 120% initial collateral ratio and a 110% maintenance collateral ratio. If the user’s collateral ratio falls below 110%, the account will be liquidated.

“As a result, even before reaching position limitations, the risk engine guarantees that the collateral supporting a position is enough,” he explained. An exploit was utilized by the Mango Market attacker to simulate having enough collateral.

 

“Is it bad if an Oracle reports ‘MNGO: $0.40’?” he wondered. “It all depends on what it promises.”

 

“If it’s just promising to tell you what MNGO is currently trading at,” he said. “And, for a brief period, on some exchanges, MNGO was in fact trading at $0.40.” The problem, he added, was using the raw oracle price.

 

“The oracle tells you everything and nothing—the history and current state of markets,” he said. “It’s the risk engine’s job to consume that information, and decide what positions are safe.”

 

He claims that the risk engine cannot always simply repeat what the oracle says. “Sometimes it has to make up its mind.”