Incident involving Stride’s stTokens on the Osmosis blockchain

March 17, 2023

Summary

Yesterday, Osmosis validators executed a routine chain upgrade. This upgrade included transitioning several Osmosis DEX liquidity pools containing Stride’s stTokens from constant product to stableswap. Due to incorrectly set parameters, the prices of tokens in these pools briefly experienced an artificial disruption. Open market arbitrage resulted in an unfair loss of funds for liquidity providers in these pools. Total losses were approximately $16,000.

The affected pools were: stOSMO (#833), stJUNO (#817), and stSTARS (#810). The stATOM pool (#803) was not affected. It was not transitioned to stableswap and remains a regular constant product pool.

Although this incident took place on the Osmosis blockchain and did not involve the Stride blockchain, holders of Stride protocol’s stTokens were affected. For that reason, the Stride Foundation has compiled this incident report. It is important to provide maximum clarity into what happened and why it happened.

‍

Incident and impact

In a signaling proposal several weeks ago, submitted by the Stride Foundation, Osmosis governance voted to transition the stOSMO, stJUNO, and stSTARS pools from constant product to stableswap. This signaling proposal passed, but a chain upgrade was needed to implement the pool changes. That upgrade - the V15 Sodium release - took place yesterday.

While the three pools were successfully transitioned to the stableswap pool type, a small mistake was made. The stableswap concentration parameters were incorrectly set to 1 : 1, as in a stableswap pool with USD stablecoins. However, each of these pools contains a liquid staked token (LST) and its corresponding unstaked token - not USD stablecoins. And an LST is always more valuable than its unstaked token (due to accumulated staking rewards). So incorrectly setting the pools at a 1 : 1 concentration ratio caused an artificial price disruption, allowing arbitrageurs to unfairly extract profit.

To understand exactly what happened, let’s use the stOSMO pool as an example. Yesterday, the redemption rate for stOSMO on the Stride protocol was 1.075, meaning 1 stOSMO could be used to redeem 1.075 OSMO. Before the stOSMO pool was transitioned to stableswap, stOSMO was trading for about 1.075 OSMO. It was trading roughly at peg - very good.

When the stOSMO pool was transitioned to stableswap, the concentration ratio should have been set at 1 stOSMO : 1.075 OSMO, as this would have concentrated the liquidity in the pool to reflect the accurate relative values of stOSMO and OSMO. But since the ratio was incorrectly set to 1 : 1, stOSMO was forced to be worth 1 OSMO, even though on the Stride protocol 1 stOSMO could still be used to redeem 1.075 OSMO. So stOSMO was forced to trade below peg - very bad. Arbitrageurs immediately took advantage of this opportunity, buying stOSMO from the pool. The same thing happened to the stJUNO and stSTARS pools.

As part of transitioning these three pools to stableswap, Osmosis governance granted a multisig address control of the concentration ratios for these pools, so that the ratio could be continually adjusted as the stTokens increased in value against their unstaked tokens. That multisig is controlled by the Stride Foundation. Once the Foundation became aware that the pools’ parameters had been incorrectly set, the multisig was used to set correct parameters.

As a result of this incident, the prices of stOSMO, stJUNO, and stSTARS on the Osmosis DEX were artificially disrupted for about four hours, allowing arbitrageurs to unfairly extract:

$12,368.12 from stOSMO/OSMO (#833)
$762.73 from stJUNO/JUNO (#817)
$2,697.49 from stSTARS/STARS (#810)

Therefore, as a result of incorrectly set parameters, a total of $15,828.34 was unfairly extracted from liquidity providers in these three pools.

‍

Timeline

This timeline contains relevant events leading up to yesterday’s incident.

February 21st:
A Stride core contributor submitted a pull request on the Osmosis GitHub. This PR contained the incorrect stableswap parameter that would later cause this incident. Osmosis core contributors reviewed, tested, and approved the PR.

March 10th:
The Osmosis V15 Sodium upgrade proposal went live onchain; the code was available for review by Osmosis validators and OSMO stakers.

March 15h:
The V15 Sodium upgrade proposal was passed by Osmosis governance in an onchain vote.

March 16th:
The upgrade code was executed by Osmosis validators.

March 16th, 11:40AM (EST):
After the upgrade, stOSMO, stJUNO, and stSTARS in pools #833, #817, and #810 immediately experienced an artificial price disruption, as the incorrect stableswap parameters forced each token to have the same value as its unstaked token.

March 16th, 3:30PM (EST):
The Stride Foundation became aware of the situation, and used its multisig granted by Osmosis governance to correctly set the concentration ratios.

‍

The future

To reiterate, this incident did not involve the Stride blockchain.

Yesterday’s incident is a sobering reminder that risk is ever-present in DeFi. Stride core contributors strive to maintain the highest security standards for the Stride blockchain. It’s a minimalist chain, there are frequent audits, it has IBC rate-limiting, and a bug bounty will soon be in place. Likewise, the Osmosis blockchain and Osmosis DEX have extremely rigorous security standards. Yet even so, risk remains in all DeFi.

But risks have been borne by all innovators throughout history. DeFi is the new frontier, and its users are the new pioneers. By settling this new land, a brighter future is being opened up for all mankind.

That said, Stride core contributors are redoubling their efforts to ensure the security and reliability of the Stride blockchain. Security was, is, and always will be the #1 priority of Stride core contributors.