AIP-144 Disclosure

Reading time saved: 3 minutes

4 replies, 1756 views, 35 likes


A $20k issue with the AIP-144 Swap Contract related to the aUST asset was quickly identified and resolved by a Llama contributor. In response, Llama plans to enhance their code review and testing processes, conduct more rigorous testing, and provide advance notice for proposals to prevent similar issues in the future.

The discussion revolved around a significant issue with the AIP-144 Swap Contract related to the aUST asset, which put approximately $20k worth of funds at risk. The problem was promptly identified and resolved by Dydymoon, a Llama contributor, who arbitrated the entire aUST amount and returned it to the Aave collector. The root cause of the problem was traced back to an incorrect boolean value (ethFeedOnly) in the Swap Contract constructor for the aUST configuration, which caused the contract to treat USD as ETH.

In response to this, Llama has planned to enhance their internal processes for code review and testing. They also intend to work on a separate proposal payload to swap the aUST from the Aave collector and will share a post-mortem detailing how similar issues will be prevented in the future. Community members, including Miguelmtz and Bgdlabs, emphasized the importance of improving internal processes for code review and testing, suggesting early feedback on the forum, improved tooling for the community, coordination with security partners, and stricter requirements for test cases.

Llamaxyz shared that Llama has conducted an internal post-mortem and agreed to improve their internal processes to catch bugs in advance. The improvements include additional testing requirements as part of development, such as adding specific value tests for every configuration in a contract, situational integration tests post-execution of a function in a contract, and assertions for every major state change within a code block. They also plan to give at least a month of advance notice for each proposal to the Llama Engineering team to ensure sufficient time for development, testing, internal review, and external review. This incident has led to a significant shift in the community's approach to code review and testing, emphasizing the importance of rigorous testing and review processes to prevent similar issues in the future.

Posted 10 months ago

Last reply 10 months ago

Summary updated 2 months ago

Last updated 08/12 04:39