On Jan 14th 2022, Float Protocol Pool 90 on Rari Capital Fuse got exploited via a price oracle manipulation attack.
The exploited depositors were:
($200k) Float Protocol’s Treasury Diversification Funds
($1M) FRAX AMO
($250k) FEI PCV deposits.
($25k) fDAI EOA
After the exploit the attacker returned $250k USD to the Float Protocol Operations Multi Sig wallet, which has been transferred back to the Float Protocol Treasury.
It is proposed to share the returned funds from the exploit among those who deposited within Float Protocol Pool 90. The returned funds shall be shared by USDC transfer as a ratio of the USD value of assets deposited by lenders at the time of the exploit.
Protocol owned liquidity has been deposited within the FLOAT-ETH and BANK-ETH Uniswap v3 Pools to make this type of exploit more costly and more risky to try again. We are also building and deploying arbitrage bots to both reduce the likelihood and counteract these forms of exploits thus protecting the Protocol and others in the future.