- Summary - Impact to customer
- Vulnerability has existed through entirety of THOR integration.
- Timeline - Alerts, Communication, Monitors, Status
- 12/23/22 Waterman Issue - $7650 USD
- 4/9/23 - Mooncatcher issue - $38,632 USD
- Detect - How do we detect this problem or a problem like this sooner?
- React - How do we Improve our reaction to situations like these?
- Quick Fix - How do we stop the bleeding faster?
- Is there a threshold for turning off trading?
- Deeper warnings on slippage that require user acknowledgment before actions can be performed
- Prevent - How do we prevent or reduce the impact of things like this in the future?
- Engineered e2e testing in swapper
- Product specs that consider potential to touch user funds
- Deeper Operations testing. Test for large amounts and verify slippage is correct.
- Tenderly for EVMs
- Other Areas of Risk - What are other areas that share the same vulnerability?
- Action Items
- Move Swapper to it’s own dedicated page
- Always prioritize security over user experience
- Add pop-up message(s) around high slippage warnings
- Color coded warnings
- Confirm rates when Thor is un-halted