|All Time High:|
|Market Cap: |
|The price of #OSQTH today is $87.14 USD.|
The lowest OSQTH price for this period was $0, the highest was $87.14, and the exact current price of one OSQTH crypto coin is $87.14038.
The all-time high OSQTH coin price was $1,079.
Use our custom price calculator to see the hypothetical price of OSQTH with market cap of BTC or other crypto coins.
|The code for Opyn Squeeth crypto currency is #OSQTH. |
Opyn Squeeth is a newer coin by our records, at least 8.2 months in age.
|The current market capitalization for Opyn Squeeth is $5,702,815.|
Opyn Squeeth is ranking upwards to #1173 out of all coins, by market cap (and other factors).
|There is a big daily trading volume on #OSQTH.|
Today's 24-hour trading volume across all exchanges for Opyn Squeeth is $2,265,695.
|The circulating supply of OSQTH is 65,444 coins, which is 100% of the total coin supply.|
A highlight of Opyn Squeeth is it's exceptionally low supply of coins, as this tends to support higher prices due to supply and demand in the market.
|OSQTH has limited pairings with other cryptocurrencies, but has at least 2 pairings and is listed on at least 1 crypto exchange.|
View #OSQTH trading pairs and crypto exchanges that currently support #OSQTH purchase.
What Opyn Users Should Know Ahead of The Merge
Opyn supports The Merge and does not have plans to support any forks in our web app. Opyn will only work on the canonical chain that is moving to PoS. If a canonical PoW ETH fork emerges, the Squeeth interface will not support forked PoW Squeeth, vault NFTs, or Crab Vault receipt tokens. To learn more about The Merge, see Ethereum’s announcement. As an Opyn user, you do not need to do anything. Assuming the Merge is successful, the Squeeth Protocol will continue to work without issue through the transition from proof of work (PoW) to proof of stake (PoS). Opyn’s web app (squeeth.opyn.co) will also continue to function. Though if any third-party infrastructure providers (e.g. node providers) have downtime, some users may experience brief periods of unavailability. It’s also worth noting the possibility of increased ETH price volatility leading up to and around the merge. Squeeth offers exposure to the squared price of Ethereum, so ETH volatility is particularly pertinent. Users who are short Squeeth or deposited in the Crab Strategy should monitor ETH price volatility and liquidation levels. Users who are long Squeeth should continue to monitor their positions and the funding cost of Squeeth. Please take note of The Merge timeline and manage your positions accordingly. Given Squeeth uses the Uniswap v3 GMA (geometric moving average) TWAP as an oracle price, we want to highlight changes that accompany The Merge: Uniswap v3 oracles were designed with PoW security tradeoffs in mind, where it’s predictably difficult for a single entity to mine multiple blocks in a row. To combat the possibility of a Uniswap v3 GMA TWAP oracle manipulation for Squeeth, Opyn uses the ETH-USDC pool and sets a TWAP period long enough to reduce the likelihood of manipulation attempts. Uniswap details the new risks for TWAP under PoS here. Users utilizing Opyn’s gamma protocol infra also do not need to do anything. The Merge will occur around ETH mainnet block height of 15,540,293, which, at the time of writing, is estimated to happen between Thu Sep 15 2:23 UTC & Thu Sep 15 3:33 UTC. If The Merge delays and occurs within 1 hour of 8:00 UTC on Fri Sep 16, it’s possible that gamma contracts will be paused to ensure accurate oracle pricing for option expiration. Note: Trading digital assets confers high risk due to large price fluctuations. Before trading, please have a full understanding of all the risks associated with investing in digital assets. It is your responsibility to understand the implications of the Merge. Opyn is not liable for any losses incurred. We are looking forward to The Merge! Please reach out in Discord if you have any questions. What Opyn Users Should Know Ahead of The Merge was originally published in Opyn on Medium, where people are continuing the conversation by highlighting and responding to this story.
Opyn launches $1M ImmuneFi Bug Bounty Program
The ImmuneFi Bug Bounty program aims to strengthen Opyn’s security while boosting collaboration with the greater DeFi ecosystem as part of our coverage partnership with Sherlock Protocol. Opyn has launched a $1 million bug bounty program with ImmuneFi as part of our $10 million coverage partnership with Sherlock Protocol. This partnership will cover Squeeth smart contracts and incentivize ethical reporting of potential security vulnerabilities or exploits. The ongoing bug bounty program will go hand-in-hand with Sherlock’s $10 million smart contract coverage to advance the security of Opyn. Sherlock is a risk management platform built on Ethereum and designed to keep end users protected by providing affordable and scalable coverage to protocols. ImmuneFi is the leading bug bounty platform that has already paid out over $10 million in bounties, having prevented over $20 billion in potential losses with around $78 million worth of bounties currently available. ImmuneFi is trusted by a number of DeFi protocols including The Graph, Nexus Mutual, Olympus and many others. The bug bounty program is focused on Opyn’s smart contracts and DApp and focuses on preventing:Loss of user funds (principal) by freezing or theftTemporary freezing of funds for more than 1 weekUnable to call smart contract — Bug Bounty Reward Distribution. — The breakdown of the rewards are in accordance with ImmuneFi’s distribution criteria for the impact of the vulnerability, see here for more details. Threat Level and reward distribution:Critical Up to USD 1,000,000 (sponsored by Sherlock)High USD 25,000Medium USD 5,000Low USD 1,000 All Medium, High and Critical Smart Contract bug reports require a PoC and a suggestion for a fix to be eligible for a reward. All Low Smart Contract bug reports require a suggestion for a fix to be eligible for a reward. Critical smart contract vulnerabilities are capped at 10% of economic damage, primarily taking into consideration funds at risk, but also PR and branding aspects, at the discretion of the team. However, there is a minimum reward of USD 50,000. Critical payouts by Sherlock will only be paid out for critical bugs that would result in a loss of funds and can be executed profitably, and this then excludes Sherlock critical bounty payout for temporary freezing bugs. Payouts up to USD 50,000 are handled by the Opyn team directly and are denominated in USD. However, payouts are done in USDC. Payments above that have the remainder paid out by Sherlock with their bug bounty matching program and are done in USDC. Access the actual bug bounty programs here:Gamma Bug Bounty (not in partnership with Sherlock)Squeeth Bug Bounty About ImmuneFi Immunefi is Web3’s leading bug bounty platform, protecting $100 billion in user funds. Focusing on Web3 and smart contract security, ImmuneFi provides bug bounty hosting, consultation, bug triaging, and program management services to blockchain and smart contract projects. Check out their site, follow them on Twitter, Discord, Medium, and YouTube. About Opyn Opyn is building DeFi-native derivatives and options infrastructure. Opyn’s product Squeeth (squared ETH) is a new financial derivative that gives traders perpetual exposure to ETH². Opyn’s gamma protocol serves as the infrastructure for DeFi protocols to build structured products with underlying options strategies. Check us out at Opyn.co, follow us on Twitter, Discord, Medium Opyn launches $1M ImmuneFi Bug Bounty Program was originally published in Opyn on Medium, where people are continuing the conversation by highlighting and responding to this story.
The New Opyn
Today, we’re introducing the new Opyn brand, including a new homepage and a redesigned options chain!What is Opyn? Opyn is a capital efficient DeFi options protocol that allows users to buy, sell, and create options on ERC20s. For developers, Opyn is the most flexible and secure options protocol in DeFi. The name Opyn comes from our mission to empower people through an inclusive, fair and open financial system.Why are we rebranding? We started Opyn in 2019, three friends obsessed with crypto and DeFi 😊 We designed the first logo at like 2am in a Berkeley apartment (fun fact: it’s a mushroom 😂 ) Since then, we’ve shipped two versions of Opyn and the team has grown from three to ten — spread across six continents. What started as a few users has turned into a community that has collectively traded more than $322,707,593 of Opyn options. As we’ve grown, we’ve realized we needed to refresh to reflect the protocol’s evolution and community’s feedback! We focused on the following three values:Learning and TeachingThe crypto community is incredible, and a huge part of what got us into this space in the first place! Jamming on ideas and buidling with ya’ll is the best, and we value learning and helping spread what we’ve learned :) 2. EmpathyWe’ve always focused on the protocol and our users, iterating towards the best possible experience. Our goal in the long run, as is the case for many of us here in DeFi, is truly to create a more inclusive, fair, and open financial system, and we can only do that if we understand and build for the people who current systems don’t serve. 3. Crypto-futurismWe’re hyped about the future and think crypto will help make the world a better place. We’re excited to do our part in building the future we want to live in.Introducing the new Opyn: We were jamming on the above values, extrapolated option greeks to ancient Greeks (hey they loved to learn and were optimistic about the future too), and wanted to give them a crypto-futurism vibe. Enter the Greeks:Option Greeks help traders better understand the risk and potential reward of optionsPhilosophy and intellectualism were a huge part of ancient Greek culture, and ancient Greeks were devoted to teaching and learningGreek mythology has shaped modern culture and tradition, inspired creativity, and encouraged problem-solving Option Greeks combined with the ancient Greek’s focus on gaining and imparting knowledge embody the focus Opyn will always have on the protocol and our users: Learn and Trade (User First) LearnUsers can learn anything about options — from option basics to advanced strategies, we love to teachWe’re options g(r)eeks who love research, inventing new products, and pushing the limits of on-chain options TradeUsers can trade on the most capital efficient DeFi options protocolAnyone can create any new option for whitelisted productsUsers and market makers can trade partially collateralized options (July 2021) Security and Integrations (Developer First) SecurityDevelopers can build products on top of the most secure options protocol in DeFiOpyn smart contracts have been audited by the best firms in crypto, such as OpenZeppelin and Certora IntegrationsProjects can build products on the most flexible options protocol in DeFiOpyn engineers are excited to help with product ideas and troubleshootingVisual Identity Rainbow SpectrumOpyn “Neon Utopia” It’s not just another ~gRaDiEnT~ it’s Opyn’s “Neon Utopia” 😹 Lol but we liked this because “Neon utopia” highlights the futuristic vibe crypto represents to Opyn Futurism focuses on technical progress, dynamism, speed, and energy. Given rainbows represent the perfect harmony of colors, we feel a psychedelic, “neon utopia” color palette expresses Opyn’s energy Other characteristics that represent our color scheme:Futurism, Psychedelic, Dynamic rainbow spectrum, Neon glowMysticism, Bright hue, Vibrancy, PrismVivid, Luminous, Cyber, FluorescentInfinity, New Dimensions, Cosmic, Glow in the dark Opyn BlueOpyn Blue The shade we chose to represent Opyn was originally named after the color of the ionized air glow produced during electrical discharges. Typically people associate blue with trust, so suprise suprise financial protocol chooses blue! But trustworthiness and reliability are super important to us and we added some neon glow for excitement 😊 Opyn LogoThe New Opyn The new logo has two elements: Athena and Opyn’s neon utopia gradient. Athena Sculpture:Athena is the goddess of wisdom Rainbow Gradient:Glow: represents innovation and crypto futurismBlue: represents trustworthiness and reliabilityGreen: represents renewal, growth, and wealth Greek SculpturesAthena, Goddess of Wisdom Greek Gods and Goddesses gave meaning to the world people saw around them. Examples of mythical Greek figures and their representations include:Apollo (god of music, poetry, art, oracles)Ares (god of war, battlelust, courage and civil order)Athena (goddess of wisdom)Demeter (goddess of agriculture, grain and bread)Hermes (god of trade)Poseidon (god of the sea, earthquakes, floods, droughtZeus (king of gods, and god of the sky, lightning, thunder, law, order, justice) Given option Greeks help traders understand risks and rewards, we chose powerful Gods and Goddesses to play a central role in Opyn’s rebrand. Icons, Payoff Diagrams, and Illustrations Greek icons and payoff diagrams absorb the Opyn blue Greek IconsOption Greeks Payoff DiagramsOption Payoff Diagrams Illustrations Greek illustrations absorb Opyn’s rainbow spectrum For us, this rebrand is about what makes us uniquely Opyn and telling that story. The New Opyn was originally published in Opyn on Medium, where people are continuing the conversation by highlighting and responding to this story.
Opyn closes $6.7mm funding round led by Paradigm
The most powerful, capital efficient DeFi options protocol. February 3, 2021 — Decentralized options protocol Opyn has closed a $6.7mm Series A funding round, led by Paradigm. Follow-on backers include Kain Warwick and Stani Kulechov. Dragonfly participated after leading the seed round. The funds will be used to further development and security of the gamma protocol, decentralize the protocol further, and grow the Opyn team, focusing on key research and engineering hires. “Options are a $300 trillion market that Opyn is reimagining by making it more inclusive, fair, and transparent” said Zubin Koticha, Co-Founder and CEO of Opyn. “Working with Dan and Matt at Paradigm has been incredible — they have helped us design elegant upgrades to the protocol, and are our secret sauce in building code that forever changes the way options are thought about and traded.” “We are thrilled to partner with Zubin, Aparna, Alexis and the rest of the outstanding Opyn team as they build the primary DeFi options protocol,” commented Matt Huang, Co-founder and Managing Partner at Paradigm. “Options are a key primitive in financial markets, and we are particularly excited to help the team research cutting-edge topics such as capital efficiency, AMM-design, and scaling.” In June of 2020, Opyn raised a $2.16mm seed round from top DeFi investors, led by Dragonfly with participation from Balaji Srinivasan, Robert Leshner, Version One Ventures, and more. Since then, users have traded more than $125mm of options with Opyn. Recently, Opyn launched v2 of its protocol, focusing on improving capital efficiency within DeFi. Opyn v2 has many new features and technical improvements, allowing users to trade option spreads and combos, auto-exercise at expiry, and create new options on any whitelisted product, among others. Moving forward, Opyn will focus on reducing margin requirements for naked options, adding options on even more assets, and increasing liquidity through the development of Opyn’s options-specific AMM. About Opyn Opyn is a capital efficient DeFi options trading protocol that allows users to buy, sell, and create options on ERC20s. DeFi users and products rely on Opyn’s smart contracts and interface to hedge themselves against DeFi risks or take speculative positions on different cryptocurrencies or tokens. Founded in 2019 by Aparna Krishnan, Zubin Koticha, and Alexis Gauba, the company is based in the blockchain, BUIDLing from all over the world. For more information, visit: www.opyn.co Contact: email@example.comResources Opyn v2| Opyn v1 | FAQ | Github | SecurityConnect with Opyn Twitter | Discord | Medium Opyn closes $6.7mm funding round led by Paradigm was originally published in Opyn on Medium, where people are continuing the conversation by highlighting and responding to this story.
Opyn v2 Gamma Protocol Launches Using Chainlink Oracles to Settle Options
We are excited to announce that the Opyn v2 protocol is now integrated on mainnet with market-leading decentralized oracle network Chainlink to power the Opyn Oracle module. Opyn v2 protocol went live on December 29th, 2020 with a WETH-USDC options market. These options leverage the Chainlink ETH-USDC Price Feed oracle to obtain the current ETH price used during settlement. — Understanding Opyn v2. — Opyn is an open, decentralized options platform built on Ethereum that enables users to trade DeFi options. Aiming to be the most capital efficient options protocol in DeFi, in Opyn, traders and investors can interact with the protocol by depositing collateral in a vault to create and sell put and call options (oTokens), earning premiums on those options. Alternatively, users can buy options (oTokens) to hedge against volatility or make trades. Opyn v1, built on top of Convexity Protocol, laid the foundation for DeFi options as the first live ERC20 options protocol. For the first time, anyone could create, buy, and sell options on any ERC20 token. Since the Opyn v1 release in February 2020, more than 100 options were launched with over $115m in volume traded. Over this time, we’ve heard helpful feedback from Opyn users and the community, resulting in the development of Opyn v2 (Gamma Protocol), which lays a foundation for a more capital-efficient and highly liquid options protocol. — Opyn v2 Leveraging Chainlink for higher security and a better UX. — Opyn v2 introduces European cash-settled options, which require an oracle to determine the correct payout at expiry. We initially launched WETH-USDC options. Unlike many DeFi protocols, Opyn v2 does not need an “always up-to-date” price from the oracle since there is no liquidation system and the protocol can’t go bankrupt. However, Opyn v2 requires an oracle to provide the most accurate market prices possible at the time of expiry (usually every Friday 08:00 AM UTC). It’s critical to ensure that the price delivered by the oracle is reflective of the current market conditions at the exact time of expiry. This requires a trusted oracle framework, which is not only accurate, but also inherently resistant to data manipulation attacks such those induced by flash loans. It is for this reason Opyn selected Chainlink as our go-to oracle solution. Chainlink uses a decentralized network of independent oracle node operators who pull prices from multiple off-chain data aggregators, which each track prices across hundreds of exchanges while taking into account volume, liquidity and other important metrics.. Thus, manipulation of a single exchange or even small group of exchanges has minimal to no effect on the underlying price consumed by Opyn v2. On top of providing high quality data reflective of marketwide price discovery, Chainlink was the right solution for Opyn because:Chainlink uses a decentralized network of independent oracle nodes and data providers to obtain accurate prices, ensuring no single point of failure in the sourcing and delivery of data.Chainlink has easy and flexible infrastructure that can be implemented by developers with minimum effort thanks to clear and well-maintained documentation and resources.Chainlink is a proven, time-tested oracle solution that already secures billions of dollars in value on mainnet for many leading DeFi projects. In addition to a secure and reliable Chainlink-powered decentralized oracle, Open v2 also has a disputer mechanism in our contract, which has the ability to overwrite an oracle price if any unexpected situation were to arise. This disputer role is handled via a multisig made up of key stakeholders, however, we do not expect to deploy given the time-tested reliability of Chainlink price data. It’s merely meant as additional protection to mitigate against a potential black swan event. The Opyn team’s main goal is to develop the most capital efficient decentralized options protocol by focusing on security and user experience. Choosing Chainlink enabled the team to focus on the core smart contracts and user experience instead of building and maintaining our own secure oracle solution. We let Chainlink do the heavy lifting on the oracle, deferring to its robust and time-tested protocol that has a laser-focus on delivering reliable oracle data. We look forward to continued integration between Chainlink and Opyn v2 as additional options markets arise. “We’re so excited that opyn v2 is now live! Our goal with v2 has been to build the most capital efficient options protocol in all of DeFi, and I’m so proud of the team and the community for what we’ve accomplished. One of the best improvements in v2 is that our options automatically are exercised at expiry, so users can buy them and fuggedaboudit! After considering many options, we used Chainlink for cash settlement at expiry because of how simple it was to integrate with, how responsive and helpful the team was, and because it works great for our use case of getting a final price of options for cash settlement. With accurate and secure prices from Chainlink, Opyn on a path to creating a more inclusive, fair, and open financial options market. Options are a ridiculously large market in traditional finance, with more than $300 trillion trading each year, and it’s been so cool to reenvision these intruments for the benefit of the DeFi movement!” — Zubin Koticha, co-founder of Opyn “We are happy to see Opyn v2 launch with hyper-reliable and secure Chainlink price oracles. The Chainlink-powered ETH-USDC decentralized price oracle will ensure that Opyn users are able to create, sell, and execute automated option contracts based data that reflects a volume-adjusted marketwide price, in a manner inherently resistant to data manipulation attacks.” — Daniel Kochis, Head of Chainlink Business Development — Learn more. — To learn more, visit Opyn Website, read Opyn V2 Gamma Protocol Announcement or Join the conversation on Discord. — About Chainlink. — Chainlink is the most widely used and secure way to power universal smart contracts. With Chainlink, developers can connect any blockchain with high-quality data sources from other blockchains as well as real-world data. Managed by a global, decentralized community of hundreds of thousands of people, Chainlink is introducing a fairer model for contracts. Its network currently secures billions of dollars in value for smart contracts across the decentralized finance (DeFi), insurance and gaming ecosystems, among others. Chainlink is trusted by hundreds of organizations to deliver definitive truth via secure, reliable data feeds. To learn more, visit chain.link, subscribe to the Chainlink newsletter, and follow @chainlink on Twitter. Docs | Discord | Reddit | YouTube | Telegram | Events | GitHub | Price Feeds | DeFi | VRF Opyn v2 Gamma Protocol Launches Using Chainlink Oracles to Settle Options was originally published in Opyn on Medium, where people are continuing the conversation by highlighting and responding to this story.
Opyn v2 Introduction + Bug Bounty
Overview of Opyn v2 and announcing v2 Bug Bounty. — Opyn v1 laid the foundation for DeFi options as the first live ERC20 options protocol. For the first time, anyone could create, buy, and sell options on any ERC20 token. Opyn v1 will remain live on the Ethereum network, providing a venue for American, physically settled options. We’ve heard your feedback and been developing Opyn v2, which lays a foundation for a more capitally-efficient and highly liquid options protocol. Opyn v2 is currently undergoing audit. This post will provide a high level overview of v2:European, cash-settled optionsMargin improvements (spreads!)Auto-exercise for in the money options upon expiryEarn yield (& gov tokens) on collateralCall options without multipliersOperators to allow contracts to act on a user’s behalfOracle used for option settlement priceFlash mintsDeterministic option contract addresses, names, symbolsAnyone can create new options if the product has been whitelisted — European, cash-settled options. — v2 moves to cash-settled, European options to enable margin improvements by allowing for safe constructions of spreads. European options mean that option holders can exercise options only upon expiry. While this may seem restrictive (doesn’t allow for early exercise), given adequate liquidity, selling American options is almost always more profitable than exercising early, because with early exercise you forfeit your time value. For example, assuming 0% interest rates: Lets say you own a ETH $500 put option and ETH moves down to $400. In a liquid market, the minimum price of that ETH put is ~$100. Otherwise there is arbitrage. Lets say the ETH $500 put is trading for $80. You (or any market maker or arbitrageur) can buy 1 ETH for $400 and buy 1 put for $80. With an American option, the arbitrageur can immediately exercise and sell the ETH they bought for $500, collecting $20 profit in the process. With a European option, the arbitrageur has to hold their option to expiry, but have locked in a $20 profit. Cash settlement means that option holders don’t have to provide the underlying asset in order to exercise. Rather, the options are settled in the collateral asset, and option holders receive the difference between the price of the underlying asset at expiry and the strike price from option sellers. — Margin Improvements. — Opyn v2 lays the foundation for more capitally efficient options starting with spreads. Spreads enable long oTokens to collateralize short oTokens, enabling users to post the max loss of a structure as collateral. — Auto-exercise for in the money options upon expiry. — The protocol now has auto-exercise for in the money options, so option holders don’t need to take action before or at expiration. Upon expiry, proceeds for long and short option holders are calculated and can be redeemed at any point after the proceeds have been finalized with a settlement price. — Earn yield (& gov tokens) on collateral. — The protocol now allows for yielding assets (eg. cTokens, aTokens, yTokens) to be used as collateral for options, and allows for farmers to harvest earned and airdropped Tokens (eg. COMP with cToken collateral). The first options v2 launches with will be USDC collateralized, but shortly after the initial launch, we will release options with yielding collateral. — Call options without multipliers. — Opyn v2 allows for call options without any multipliers so 1 call option oToken will correspond to 1 unit of the underlying asset (eg. 1 call oToken on 1 ETH will correspond to 1 call option on 1 ETH) — Operators to allow contracts to act on a user’s behalf. — Operators are a smart contract feature that allow users to delegate control of their vaults to a third party smart contract. This could be a smart contract that rolls over their options for them, a fund manager to do trades for them, or a vast possibility of other interactions that developers can build on top of the protocol. — Oracle used for option settlement price. — Cash settlement requires an oracle to determine the payout at expiry. The Opyn v2 architecture is generalizable to allow for different oracles for different assets. We we will initially be launching ETH-USDC options collateralized with USDC. These will use the Chainlink oracle to get the ETH price. There are no liquidations needed as max loss is posted as collateral. — Flash mints. — Since vault collateralization is checked at the end of a transaction, you can mint options without collateral as long as they are burned before the end of the transaction. — Deterministic option contract addresses, names, symbols. — v2 allows for specific oToken details to determine the address, name and symbols and each oToken. For example, the symbol for a 300 strike WETH put option expiring on December 25th, 2020 would have the following symbol: oWETHUSDC/USDC-25DEC20–300P — Anyone can create new options if the product has been whitelisted. — A product is a combination of specifying the underlying asset, strike asset, and collateral asset for an option and whether its a call or a put. For any of these whitelisted products, anyone can create a new option, specifying the strike and expiry. Expiration times are currently fixed to 8AM UTC to prevent fragmentation of liquidity across a variety of expirations within the same day.Bug Bounty and Launch Details The Opyn v2 core smart contracts are completed, and are continuing to undergo audit from Open Zeppelin and Formal Verification from Certora. Security is one of our highest priorities, so prior to launch we’re introducing the Opyn v2 Bug Bounty, with rewards up to $100k. We encourage and value the community’s input in helping us discover vulnerabilities and responsibly disclosing them.Prior to the deployment of Opyn V2 to the Ethereum mainnet, successful bug reporters will receive a 20% bonus on their bounty pay out. This is to help drive security efforts in the lead up to launch. Depending the findings from security audits, formal verification, and bug bounties, we are targeting to launch by the end of 2020, however this is an optimistic target and not a formal release date. Prior to launch you can already start learning about and developing on the Opyn v2 protocol!GithubDocumentation (in progress!)PresentationTestnet Deployments We will continue sharing updates as we make progress. We appreciate your contributions and feedback! You can join the conversation here: Twitter | Discord | Medium | Email Opyn v2 Introduction + Bug Bounty was originally published in Opyn on Medium, where people are continuing the conversation by highlighting and responding to this story.
BUIDLing with Options (oTokens) in DeFi Pt. 2
Calling all DeFi BUIDLers — we wanted to share some ideas for what you can build with Opyn v2! Opyn’s new v2 allows you to create put and call options with spreads for capital efficiency, and is great for applications ranging from protection and hedging to taking views on different cryptocurrencies.Learning Resources Options are an incredibly versatile financial instrument — in fact you can create any financial payoff using just put and call options. Here are some great resources to get started with learning about options:Khan Academy video seriesInvestopedia’s Options GuideIdeas — Rollovers. — Allow users to rollover their options from one expiry until the next. For example, if a user holds on to an option that expires on Oct. 30, give them the ability to have that option automatically rollover to expire on a date in the future eg. Nov 30. You can accomplish this relatively simply using the new “operator” functionality in Opyn v2, where users can delegate vault actions to another smart contract. — Interfaces. — Create interfaces for users to access and interact with Opyn v2. This could be an easy to use options interface for folks who are new to options, an explorer type interface to see what’s going on across the protocol like OpynMonitor, a more advanced interface for sophisticated traders, an integration with an existing interface like Zerion and Zapper, or something else entirely! — Portfolio Managers. — With Opyn v2’s new “operator” functionality, users can delegate out portfolio management to dedicated portfolio managers. These managers could be individuals or smart contracts that employ specific strategies. — Hedging for Uniswap LPs. — Uniswap LPs can help reduce impermanent loss in ETH:Stablecoin pools using straddles (put and call with same strike) and strangles (put and call with different strike). — Structured products. — You can use options in combination with other financial primitives to build interesting structured products. For example, you could attach a call or put option to an ERC-20. One way this could work to go to a money market (eg. Compound, Aave), look at the fixed rate lending rates, and deposit an amount (say 0.99 USDC) that yields 1 USDC at expiry. Then you could use the remaining 0.01 USDC to buy a call option. The user’s upside exposure would be based on the 0.01 and the price of a call option. — Volatility Oracle. — Using put and call options you can develop a volatility oracle like the VIX, which tracks volatility in traditional finance. — OTC oTokens Interface. — To avoid slippage, a lot of large oToken users are looking for ways to conduct OTC trades for oTokens. You could facilitate this using 0x as a settlement layer, building a simple interface for parties to interact with eachother while preserving anonymity — this could be something similar to what Boxswap does for OTC NFT trading. — +Your amazing new idea. — The possibilities with oTokens are limitless — we’re so excited to see what new ideas you’ll come up with! We’re happy to help at any time. You can find us on the Opyn discord.Current Projects Incorporating Opyn — OpynMonitor. — Opyn Monitor is a powerful interface for users to keep track of their Opyn positions and engage in advanced trading. — SaveDAI. — SaveDAI is an insured, yielding savings account built using Compound, DAI, and Opyn, by wrapping cDAI and ocDAI into a single ERC20 token. — DEXTF. — DEXTF creates structured tokens making use of oTokens in the set of protocols they integrate from. — Aave Insurance. — The Aave team created a put option on aUSDC, allowed you to protect your USDC deposits in Aave. — tBTC Insurance. — A hackathon participant created a put option contract, where the contract allows holders to exchange tBTC for WBTC no matter what, protecting users from tBTC risks.Get started We’re more than happy to brainstorm ideas and answer any questions :) You can find us on the Opyn discord, or on the Opyn channel on the ETHOnline Discord and you can check out the v2 documentation here. — Resources. — Product | v2 Dev Docs | FAQ | Github | Audit Report | Whitepaper — Connect with us!. — Twitter | Discord | Medium | Email BUIDLing with Options (oTokens) in DeFi Pt. 2 was originally published in Opyn on Medium, where people are continuing the conversation by highlighting and responding to this story.
Insurance Options Oracle
Maker Medianizer. — — 9/29/20 Update. — Insurance oToken Oracle Update: Maker holders have approved the executive vote which includes Opyn’s oracle whitelisting application. We have unpaused the insurance contracts and they are functioning normally. — 9/24/20 Update. — Insurance oToken Oracle Update: Maker holders have approved Opyn’s oracle whitelisting application in the polling process. Opyn’s proposal will be bundled and available for the executive voting process on Friday 9/25. If approved, oracle changes and whitelisting will be implemented shortly thereafter and the insurance oTokens will be able to be unpaused. Polling vote results: https://vote.makerdao.com/polling-proposal/qmeuuzmxbs8kymukxfrpfs8hlphvzwxuhrregyxwa5qgpr — 9/14/20 Update. — Maker requires that the proposal must be live on the forum for 7 days before moving to polling. The polling vote will happen on 9/21/20 and if approved will advance to the executive vote on 9/25/20. — 9/13/20 Update. — Opyn has been working with Maker to restart Maker’s v1 medianizer oracle, which would unpause the Opyn cDAI, cUSDC, and aUSDC insurance contracts. The process will include whitelisting the v1 medianizer on the v2 medianizer as well as changes to allow the v1 medianizer to query the v2 medianizer for the ETHUSD price. This would be a temporary fix until the existing insurance options have expired and any future insurance options would not utilize the v1 medianizer. This proposal will be brought to a polling vote on Monday, 9/14/2020. We are hopeful that Maker voters will advance it to the Friday Executive vote on 9/18/2020. If approved as part of the Executive vote, it will be implemented. Proposal on Maker forum: https://forum.makerdao.com/t/mip10c9-sp8-whitelist-opyn-on-ethusd-oracle/4061What has happened? Summary: For users of insurance oTokens, (the options on stablecoin deposits in Compound and Aave), Maker has discontinued their v1 Oracle Medianizer, which has paused functionality for those series due to lack of an oracle price. No user funds are at risk, but functionality for insurance oTokens (the options on stablecoin deposits in Compound and Aave) will be paused until the oracle comes back online. This pause means insurance users cannot exercise or remove collateral until the oracle is back online. All other series are unaffected because they do not rely on any oracle. We are coordinating with the Maker team to reboot the Medianizer.What are the implications? Opyn’s insurance options (the options on USDC and DAI deposits in Compound, and USDC deposits in Aave) use Compound’s v1 price oracle to get the price of ETH. Since these are ETH collateralized options, this oracle is used to determine if vaults meet the collateral requirement. Compound’s v1 price oracle calls Maker’s v1 medianizer. Maker has shut down its v1 medianizer, meaning that they are no longer pushing prices to the medianizer. Until the resuming of activities of the v1 medianizer, the implications are as follows:For oToken Sellers of the affected series, you will be able to remove your collateral after expiry, but not before then.For oToken Buyers of the affected series, you will not be able to properly to exercise your options (i.e. you will not get a full collateral payout), but you can still sell your options.I am an oToken seller or buyer, what should I do? You do not need to take any action. We are working our hardest to collaborate with the Maker team to get the v1 Medianizer back and up and running, so there is no impact. If you have any questions please let us know at tiny.cc/opyndiscord or DM. We will be posting updates on Twitter and Discord as soon as we have them. Expect further communication as we collaborate with the Maker team.Paused Series: USDC deposits in Compound: https://etherscan.io/address/0x8ed9f862363ffdfd3a07546e618214b6d59f03d4 DAI deposits in Compound: https://etherscan.io/address/0x98cc3bd6af1880fcfda17ac477b2f612980e5e33 USDC deposits in Aave: https://etherscan.io/address/0xde34d5e3f942b4543c309a0fb0461497e72c793c Insurance Options Oracle was originally published in Opyn on Medium, where people are continuing the conversation by highlighting and responding to this story.
Opyn ETH Put Exploit Post Mortem
This post provides information about the Opyn oETH put exploit. Specifically,what we are doing about it,the timeline of events of the Opyn oETH put exploit,an analysis of the exploit itself,details about the white hat actions taken to recover at risk funds, andnext steps going forward. oETH Put users: Please see this first post for an overview of the exploit that drained funds. Users of other options: Note that only ETH put oToken contracts were affected.What are we doing about it? We have the utmost respect and empathy for our early users and want to do right by our community. For put sellers: We are reimbursing ETH put sellers in full who were affected by the vulnerability via the process outlined here. All oETH put sellers have now been reimbursed in full. For put buyers: Further, in order to provide liquidity to oETH put buyers, for the next two weeks, we will buy ETH put options for 20% above Deribit best ask price. Additionally, in the case that any unsold oETH puts end up in the money before expiry, users will be able to exercise by sending us a message on Discord. For all users: Please do not create any new oETH put vaults or buy/sell oETH puts except through the process defined above with the Opyn team. We understand that this was an extremely stressful day for users. The exploit itself is on us. We let users down. Reimbursing all put sellers in full is the fair path forward. Our goal now is to regain user trust. We will do this by:Rehauling our security practicesSetting up a program of transaction monitoringSetting up a rigorous testing period for every solidity code releasePutting in pause functionality for contracts we release in order to halt attacksIncreasing the scope and size of our bug bounty programGoing through full audits for every single piece of code we releaseIncreasing our emphasis on test driven development and making security a cornerstone of Opyn. We will do what we can to make this right. We will come back stronger.Timeline of Events 9:59 PM PT — a user asks about a suspicious transaction in our general Discord 3:05 AM PT — a user posts that they have trouble withdrawing collateral 4:00 AM PT — we started looking into the transaction to determine if it is problematic 5:20 AM PT — we assemble the team, after determining that it is either a large bug or a hack 5:40 AM PT — we contact trusted security and incident response advisors, incl. samczsun, Taylor Monahan, OpenZeppelin, and Jared Flatow 6:00 AM PT — we remove all of the liquidity from oETH Puts (and preemptively from other options too), so users cannot interact with the affected contracts and so the attacker cannot get the oETH liquidity needed to execute potential further attacks. We also update our frontend to block off interactions with oETH Puts. 6:30 AM PT — we identified the exploitable line of code, stemming from this line. We raised the exercise fee to the maximum of 10% to reduce the profitability of an attack, and allow us to recoup a percentage of funds if anyone was to exploit this vulnerability again 7:00 AM PT — The White Hack Group, Bokky Poobah, and Harry Denley provide additional input, validating our analysis of the issue 7:30 AM PT — Having identified that additional user funds were at risk, we limit our public discussion of the exploit since other oToken holders who knew about the exploit and held oTokens could recreate the exploit and steal the remaining funds. We begin a detailed analysis of how many funds are still at risk, and from which users and vaults. 8:00 AM PT — We tally and confirm that 572,165.13 USDC in the put contracts was still at risk. We start analyzing an additional attack vector where an attacker mints oTokens instead of buying oTokens to understand how profitable the attack would be, if it had already occured, and to determine a safe whitehat hack strategy. 9:00 AM PT — We design a method to safely remove a significant portion of the remaining USDC collateral from vaults. In the absence of a pause function, with the help of samczsun and Jared, we begin to whitehack the remaining funds. The fastest and safest way to do this, we find, is to write a contract that can atomically increase the collateralization requirement and then liquidate all users and then lower the collateralization requirement. 9:30 AM PT — Users begin to discuss the suspicious transactions as an exploit. We begin to draft a statement on the exploit trying to balance the need to inform users with the risk that too much disclosure could put additional funds at risk. 10:00 AM PT — We release a public statement on the exploit, informing users but not revealing the details of the exploit until we had removed all of the at risk USDC collateral safely. 11:40 AM PT — samczsun helped us in successfully executing the first white hack 2:30 PM PT — we finished rescuing the first 439,170 USDC from the contracts. We started brainstorming ways to rescue the remaining funds, some of which were in the attacker’s vaults. 3:30 PM PT — we release a public statement informing the community about the first white hack, an overview of the exploit, and initial actions for affected ETH put users. 4:00 PM PT — we determine another way to to execute a second white hack to save all of the remaining funds 6:30 PM PT — samczsun helped us recover 132,995 USDC through the second white hack. We updated the community about the second white hack. 10:45 PM PT — we updated the community about reimbursement Aug 5, 9:55 PM PT — we updated reimbursement for ETH put buyers to include the choice to exercise their option with Opyn if it ends up in the money before expiry Aug 6, 10:59AM PT — we updated ETH put sellers about the reimbursement process Aug 7, 10:50AM PT — we posted a list of affected ETH put seller addresses and balances for ETH put sellers to review Aug 9, 10:00AM PT — we reimbursed all ETH put sellers in fullThe ExploitTotal amount of funds at risk: 943,425.13 USDCTotal amount lost in hack: 371,260 USDCTotal amount safely recovered via whitehacks: 572,165.13 USDC — Background on the msg global variable in solidity:. — The way that ‘msg’ global variables work in solidity is that the `msg` object exposes information about the current contract call. Consider the following example with a simple contract called Bank which has a depositCheque function. The external depositCheque function calls an internal helper function _depositCheque. Example: — Background on Opyn and Options:. — Opyn options give the option holder the right but not the obligation to sell or buy their underlying asset at a pre-specified price called the strike price. The option holder can exercise their option and sell or buy the underlying assets at any time before expiry of the option. In this specific case, the options at risk were the oETH put options which gave the option holder the right but not the obligation to sell their ETH for some pre-specified amount of USDC anytime before the expiry of the option. — The Exploit:. — The exercise function that Opyn uses has an external function that then calls an internal function. The internal exercise function is called in a for loop by the external function. The issue arises on line 809 which checks that the ‘msg.value’ for the exercise internal function matches the underlyingToPay. Since the internal function derives the msg data from the external function, calling the internal function multiple times passes the same msg data multiple times to the internal function. For ETH put options, the exercise function does not work for exercising from multiple vaults at the same time, other than the exploit described below. The problem arises when the attacker calls the external function oToken. exercise (oTokensToExercise, [vaultAttacker, vaultVictim]) on a vaults where the states are as follows: vaultAttackeroTokensIssued: oTokensToExercise/2Collateral: X USDC vaultVictimoTokensIssued: Some Amount >= oTokensToExercise /2Collateral: Some Amount >= X USDC The internal _exercise... function will require that the msg.value == oTokensToExercise i.e. the amount of ETH passed in is equal to the number of options exercised. However, calling the external exercise function with 2 vaults can trick the internal _exercise function into thinking 2 ETH is sent exercising 2 options, when really only 1 ETH is sent. Thus, the attacker, without paying underlying tokens for the exercise on the victim’s vault, takes out X USDC as collateral. The exploit requires oTokens to execute. The oTokens could either have been bought on uniswap or minted by the attacker. In the case where oTokens are purchased on uniswap, the net profit of the attacker = X USDC - cost of acquiring the tokens, absent any exercise and gas fees. In the case where oTokens are minted, the net profit of the attacker depends if their vault is later attacked by someone else. In this case, the attacker’s worst case net profit is breaking even and the best case is X USDC, absent any exercise and gas fees. The second attack vector is unlikely to be profitable before expiry (as the attacker’s left over vault could be attacked by others), but in the final block before expiry, the attack could steal all of the collateral in all vaults. — The Attack:. — Given the above vulnerability, we now know that the attacker can pay the underlying one time, and use that for multiple exercises within the same `exercise` call, as long the exercised amount on each vault is the same size. Looking at one of the attack transactions we can see how the attack was conducted. The attacker wrote a wrapper contract which conducts 4 actions within 1 transaction:Create vaultMint 30 oTokensCall exercise, specifying the victim’s vault and their own vault to be exercised on.Redeem the underlying in their own vault. Do notice that the attackers have to obtain 30 oTokens before the attack. In the case above, we noticed that the attacker bought the oTokens on Uniswap just prior to the attack. — Does this attack work on non ETH Puts?. — This attack doesn’t work for non ETH puts. If the underlying is an ERC20 token, then msg.value is not used. Instead, the underlying ERC20 token gets transferred into the contract to the right vault on each internal function call. The way ERC20s are transferred is different from how ETH is transferred. For ERC20s, the smart contract pulls the required amount of ERC20 from users into the smart contract itself on each internal exercise function call. On the other hand, ETH is pushed by the user (msg.value) to the contract on the first external function call, and each consequent internal function call merely checks that the pushed ETH amount matches the amount needed to exercise.Response — Couldn’t Opyn have turned off once the exploit was discovered?. — In short, we can’t turn the protocol off. Opyn is permissionless and decentralized by design, and Opyn contracts are not able to be turned off or disabled. We took action as aggressively as possible to minimize further damage once the exploit was discovered. This included buying additional Put oTokens to prevent further attacks, removing the ability for Put oTokens to be sold, as well as white hacks on existing Put sellers to ensure that their collateral was safe. — Increase Exercise Fee. — We realized that since the attacker was exploiting a vulnerability in the exercise function, if we raised the exercise fee the protocol receives on each exercise, we could recover some of the funds as a fee. We increased the exercise fee to 10%, the maximum amount the fee could be set at. Increasing the exercise fee was effective at reducing the profitability for the attacker from both the attacks mentioned above. Removing all collateral was the only way to protect users’ funds. — Pull Liquidity and Buy Put oTokens. — Initially, we recognized that an attacker needed to possess oTokens to execute the attack and that anyone who had oTokens could replicate the attack if they understood the exploit. To mitigate further losses and attacks, we removed liquidity from our ETH Put pools on Uniswap to prevent attackers from buying these oTokens. We also removed the ability to buy ETH Puts on the opyn.co website. To ensure liquidity for existing oToken holders (and reduce the possibility of long token holders attacking the protocol while user funds were locked in), we offered and continue to offer to purchase all ETH Put oTokens that were outstanding at the time of the exploit for 20% above best ask price on Deribit. — Whitehack #1. — The goal of the first whitehack was to rescue as much of the user funds as quickly as possible. Responding quickly was the most important aspect for the first whitehack. At a high level, the rationale of the first whitehat hack was to use our limited admin privileges to remove money from vaults. One way to do this, we realized, was to liquidate all vaults with USDC collateral in them. The first whitehack worked as follows in an atomic transaction:The admin increases the minimum collateralization requirement for all vaults to infinitely high and sets the liquidation factor to 100%. We also set the liquidation incentive to 20%. This causes all vaults to be undercollateralized, fully liquidatable, and pays the liquidator a 20% liquidation incentive.Using all the oTokens that we had taken out from the liquidity pools, we liquidated as many vaults as we could. We needed only about 80% of the oTokens that a vault had issued to be able to fully liquidate that vault because of the 20% liquidation incentive.The admin decreased the minimum collateralization ratio back to 100% at the end of the process and set all the liquidation parameters back to 0. The issue with this strategy was that we needed oTokens to be able to liquidate vaults and we didn’t have all the oTokens in circulation. We needed at least 80% of each oToken in circulation to fully be able to liquidate the corresponding contract. We had most of the oTokens for the ETH $330 Put and ETH $200 Put, but significantly less for the ETH $180 Put. For the ETH $270 Put, the attacker owned about 40% of all oTokens in circulation, which meant we couldn’t liquidate and remove a significant amount of USDC collateral. Hence, we started trying to buy back oTokens so that we could liquidate more vaults. — Whitehack #2. — We already secured most of the user funds with the first white hack. The goal of the second whitehack was to remove and secure all the remaining funds in the contracts. The second whitehack worked the exact same way as the first whitehack, except for a key difference in step 1. Because we did not have any additional oTokens, the admin took out a flash loan to mint a large number of oTokens. Steps 2 and 3 were the same, with one important note being that we were able to liquidate the admin vault created in step 1 by having at least 80% of the originally minted oTokens by the end of the liquidations of user vaults. This process worked to fully rescue the funds from the contract. The only funds we were not able to drain were the 1080 USDC from the attacker’s vault and the 151.162 USDC from vaults which had not issued any oTokens since they could not be liquidated. The owners of the vaults that had not issued any oTokens can still redeem their collateral normally through the protocol. — Why wasn’t the issue with the exercise function caught at audit?. — We had implemented a proportional exercise function that we sent to audit. This worked by proportionally removing collateral from the total supply of collateral from all options sellers and paid out the buyer upon exercise. While the code was at audit, in testing, we realized that there was an issue with the way that proportional exercise was implemented. The issue with the way we had implemented exercise was that it forced all options sellers to have to wait till expiry to be able to withdraw underlying. Forcing options sellers to wait till expiry to redeem underlying was strictly worse for sellers since they could lose a lot more money if they had to wait till expiry to redeem and sell their underlying, since the underlying could crash further by the time expiry showed up. This was a core financial issue. We reported this issue to Open Zeppelin as a bug, changed the code to reflect a fix, and re-sent the new commit to Open Zeppelin. Having been sent after the audit had already begun, this new commit was not in the final version of the code that was being audited. This was a failure of communication on our part, as we did not clearly communicate to Open Zeppelin that this should be in the scope of the review process. In the future, it is on us to ensure 100% testing and audit coverage for every single line of solidity code on the contracts.What will Opyn do in the future to prevent this from happening? The security of the Opyn protocol has always been and continues to be our highest priority. We have let our users down and will work tirelessly to rebuild your trust. We are taking the following steps: — Internal Testing and Review. — The entire team, including those who work on code other than smart contracts, will review the spec, and undergo a period of trying to attack it before any code is written to find any mechanism related issues as soon as possibleEvery single line of solidity code will be written and reviewed by at least 3 Opyn developers and upon completion of that, every line will be independently reviewed by external auditorsDefine and test all high level workflows and common error flows for each systemsBuild a stronger testing process, by defining all critical testing scenarios before any tests are writtenHave an internal breakathon where the team tries to break our own codebase before we release anything to mainnetVerify system invariants with Trail of Bit’s Echidna system — Pause. — Introduce pause / emergency shutdown functionality to ensure we can turn off the system in the case of something suspicious — Audits. — Release fully audited code and not make any changes post audit without reviewContinue to work with top auditing firms such as OpenZeppelin and Trail of Bits — Bug Bounty. — Increase bug bounty rewards for our existing Bug Bounty Program by 50% to $15k for high vulnerabilities and $60k for critical vulnerabilities — Responsiveness. — Improve our responsiveness to bug reportsEnsure that all our users and everyone in the community knows that they can reach us promptly if they email firstname.lastname@example.org.Set up an urgent channel in our discord which users can also use to reach us quickly.Set up a proper system of alerts from the security email and the urgent discord channel. — Monitoring. — Set up 24/7 monitoring practices to quickly detect suspicious transactions that could point to potential vulnerabilitiesSet up dashboards to help us easily know how much money is in the system at every moment. We should easily be able to access the snapshot of our system at every second in the history of its existence. — Security Advisors. — Engage a set of security advisors who will help us consistently improve our security processesWhen can we expect the ETH puts to be live again? Currently, we are considering launching WETH puts at some point in the coming two weeks, since WETH is an ERC20 token unlike ETH. We are currently fixing the vulnerability in the v1 ETH puts, adding admin pause functionality, and going through a re-audit of any code that was outside the bounds of the Open Zeppelin audit. ETH puts will only be live after the audit process. We will keep the community updated as we have more details on the timeline for ETH puts.DeFi Community We really appreciate the DeFi community’s support and everyone who has reached out as we’ve been navigating this incident. Special thanks to samczsun, Tom Schmidt, Jared Flatow, Taylor Monahan, Alejo Salles (and the rest of the Open Zeppelin Team), Josselin Feist, Haseeb Qureshi, Andres Bachfischer, Martin Abbatemarco, Geoff Hayes, Reuben Bramanathan, Robert Leshner, Bokky Poobah, Harry Denley, The White Hack Group, Peckshield, Tina Zhen, Sunny Aggarwal, Kevin Britz. Please let us know if you have any additional feedback or questions. Our priority is to be there for our users. You can reach us on Discord and feel free to DM us. Opyn ETH Put Exploit Post Mortem was originally published in Opyn on Medium, where people are continuing the conversation by highlighting and responding to this story.
Opyn ETH Put Exploit
An exploit affecting the Opyn ETH Put contracts has been discovered. All other Opyn contracts other than the ETH Put contracts are not affected by this exploit. Since then, we have taken steps to mitigate further loss and will work to assist those who were affected.What happened? This morning, at approximately 4:00 AM PT, we became aware of an exploit on the Opyn ETH Put contracts via a user report in our Discord chat. This exploit allowed an attacker to “double exercise” oTokens and steal the collateral posted by certain sellers of these puts. At the time of this post, we’ve found 371,260 USDC that has been stolen from these contracts, but this amount may change as our investigation continues. 439,170 USDC from outstanding vaults was successfully recovered by a white hat hack that the Opyn team conducted on the Convexity Protocol to mitigate further loss. (Update: Working with samczsun we were able to whitehack an additional 132,995 USDC.) Because Opyn is a permissionless and decentralized protocol, we do not have the ability to shut off access to our contracts as many other protocols do. To mitigate further loss, we removed liquidity from our ETH Put pools on Uniswap to prevent others from buying these oTokens and removed the ability to buy ETH Puts on the opyn.co website. In order to ensure liquidity for existing oToken holders, we also offered and continue to offer to purchase all ETH Put oTokens that were outstanding at the time of the exploit for 20% above market price on Deribit. (If you currently hold an ETH Put, please reach out to the Opyn team on our Discord to redeem your Put option for 20% above market price on Deribit.) Once these measures were taken, we worked immediately with samczsun from Trail of Bits to develop a whitehat patch which allowed Opyn to remove 439,170 USDC collateral from outstanding vaults in order to safely provide collateral to Put sellers. (Update: Working with samczsun we were able to whitehack an additional 132,995 USDC.) We also engaged with Alejo Salles and Andres Bachfischer of the OpenZeppelin team to understand the details of the attack and develop mitigation strategies. If you still have funds in your vault, please reach out to us on Discord. The patch lowered the collateralization ratio on existing Put contracts and allowed us to liquidate them ourselves, making sure that outstanding Put seller’s collateral is safe in an address that is controlled by the Opyn team. We are working on designing a plan to mitigate the impact on ETH put sellers. All other Opyn contracts other than the ETH Put contracts are not affected by this exploit. To our users, we understand that many users lost funds, which is not acceptable. Protecting user funds has always been our top priority, and we did not properly protect user funds in this case. We will continue to work tirelessly to regain your trust, and to ensure that our contracts have an extremely high standard for security. We will be doing an internal review of our security and testing practices going forward, submit further contracts to audit in addition to our existing OpenZeppelin audits, and design a plan to mitigate the impact on put sellers. Please note that the exploited vulnerability was discovered outside the scope of the OpenZeppelin audit. A deeper technical post-mortem will be posted in the coming days.I am an oToken holder. What should I do? If you currently hold an ETH Call, COMP Put, BAL Put, cToken Put holder, or aToken Put holder no action needs to be taken. This exploit leaves those products unaffected. If you currently hold an ETH Put, please reach out to the Opyn team on our Discord to redeem your Put option for 20% above market price on Deribit. Update: In order to give liquidity to our oETH put users, for the next two weeks, we will buy your ETH put options for 20% above Deribit best ask price. Additionally, in the case that any unsold oETH puts end up in the money before expiry, you will be able to exercise by sending us a message on Discord.I am an oToken seller. What should I do? If you sold an ETH Call, COMP Put, BAL Put, or cToken Put holder, no action needs to be taken. Your funds are not at risk. If you currently sold an ETH Put, please join our Discord for further updates. We are working on a plan to mitigate impact for ETH Put sellers. Update #1: We will be reimbursing ETH put sellers in full who were affected by the vulnerability. We will have more details on what the reimbursement process will look like in the next 3 days and will post updates on Discord. Update #2: Details on the reimbursement process can be found here. Update #3: All ETH put sellers have been reimbursed in full.Would it have made sense to Opyn turned off once the exploit was discovered? In short, we can’t turn the protocol off. Opyn is permissionless and decentralized by design, and Opyn contracts are not able to be turned off or disabled. We took action as aggressively as possible to minimize further damage once the exploit was discovered. This included buying additional Put oTokens to prevent further attacks, removing the ability for Put oTokens to be sold, as well as liquidating existing Put sellers to ensure that their collateral was safe.What will Opyn do in the future to prevent this from happening? The security of the Opyn protocol has always been and continues to be our highest priority. We have let our users down and will work tirelessly to rebuild your trust. We are taking the following steps: 1) For any set of contracts we release, they will be thoroughly internally tested. We will revisit our internal testing practices to make them even more robust 2) All contracts will go through verification with Trail of Bit’s Echidna system 3) We will continue to only release audited code and work with top auditing firms such as OpenZeppelin and Trail of Bits. 4) We will increase bug bounty rewards for our existing Bug Bounty Program Expect further details on how we’re working to improve security practices soon. Please let us know if you have any additional feedback or questions. Our priority is to be there for our users. You can reach us on Discord and feel free to DM us. We really appreciate the DeFi community’s support and everyone who has reached out as we’ve been navigating this incident. Special thanks to samczsun, Tom Schmidt, Jared Flatow, Taylor Monahan, Alejo Salles, Josselin Feist, Haseeb Qureshi, Andres Bachfischer, Martin Abbatemarco, Geoff Hayes. Opyn ETH Put Exploit was originally published in Opyn on Medium, where people are continuing the conversation by highlighting and responding to this story.