Every month we will take a look at, and adjust our ratings to keep the risk system up to date. For more information on our rating system, see The Ease Risk Rubric documentation.
Time weighted Total Value Locked (TW-TVL)
TW-TVL updates have caused no changes to ratings this month. We will evaluate the growth of these metrics month to month and reevaluate the grading scale if necessary. Next, we will review significant adverse events from March that affected relevant protocols to our Syndicates.
On March 13th, an exploit caused the loss of $196 Million worth of crypto assets from Euler smart contracts, close to 75% of the protocols TVL at the time (source). The code responsible for the exploit had been audited by the security platform Sherlock, which has agreed to pay $4.5 Million in funds to Euler. Euler has recovered an overwhelming majority of the funds and plans to begin reimbursing users (source). Due to the extreme nature of this event, and the uncertainty of the protocol continuing operation, we have decided to leave Euler unlisted.
Also to note, this event is a good example for why Lending protocols receive the lowest possible protocol rating in our risk rubric. The nature of how funds move through their contracts can lead to significant losses in the event of a hack or exploit.
During upgrades to the Nexus v2 on March 10th, an unexpected exploit occurred in arNXM when Nexus migrated their staking pools. The ratio of wNXM to arNXM became incorrect, and exploiters used this to mint arNXM at steep discounts and sell onto the open market. A loss of user funds occurred as the wNXM backing each arNXM went from 0.885 to 0.861 (source). Ease patched the exploit, and had reinsurance through Nexus at the time of the incident. The claim was paid out by Nexus, allowing Ease to reestablish the arNXM:wNXM ratio to it’s pre-exploit level (source).
1. The quick action by the team to reimburse its users,
2. The lack of operational impact on the contracts, and,
3. Ease’s continued purchase of reinsurance after this exploit,
Their rating remains unchanged.
Two Yearn vaults, yvUSDC and yvUSDT, suffered indirect exposure from the Euler hack, resulting in a loss of $1.38 Million. However, this was not due to exploitation of yearn smart contract, and yearn has already stated to cover any remaining bad debt with its treasury (source). As exposure to underlying protocols would not result in a claim of a Yearn policy, Yearn’s rating remains unchanged.