Banker Joe: Security & Price Oracles
Date: October 27th 2021
A short article related to the recent CREAM Protocol hack
TLDR
- Banker Joe Protocol is safe
- Chainlink Price Oracle is used
- The DEX/Farms were never at risk
What Happened?
Earlier today the C.R.E.A.M Protocol was subject to a highly sophisticated Flash Loan Attack, with the exploit aimed at a vulnerability in CREAM’s PriceOracle. The Hack raised a sum of over $100m.
The hacker used an extremely sophisticated process involving Price Oracle manipulation. The exact vector can be identified following an immediate investigation from the BlockSecTeam:
Why is this relevant to Trader Joe?
Banker Joe has forked code from Compound and CREAM.
As soon as this news broke, The Trader Joe Team promptly announced the closure of any NEW borrowing on Banker Joe, preventing any Flash Loan activity from taking place.
Trader Joe will always prioritize the safety of the community and will always aim to ensure the highest standards of security are met on the Trading Platform.
Check out the below thread from co-founder Cryptofish
The Team at Trader Joe immediately engaged with Auditors to begin investigating the exploit. Following the news of the hacker manipulating CREAMs price oracle, the Team then took the decision to re-open Banker Joe, after thoroughly investigating the exact attack vector shared to ensure there was no risk to Banker Joe.
Banker Joe only uses the Chainlink Price Oracle to ensure the highest levels of robust data feeds.
More information about Chainlink can be found in the linked article
Banker Joe: Audits
Banker Joe has been doubled audit by Hashex and Paladin, audit results can be found below. More auditors are being engaged.
Summary
Trader Joe will take no shortcuts in the pursuit of innovation.
Security and Safety of the community will always come first.
Please come forward and reach out to the Trader Joe team if you have any continued concerns, we are happy to engage with the community further.
FAQ
Is Banker Joe at risk?
The attack happened on yearn value yUSD for which the oracle is governed by smart contract. It doesn’t apply to Banker Joe.
Is Trader Joe at risk?
No, Trader Joe and Banker Joe are completely segregated.
Why did you fork CREAM?
Banker Joe has forked code from Compound and CREAM. We chose CREAM because it introduced features like Collateral Caps and TripeSlopeInterest rate models, which would give us extra flexibility for managing risk and liquidity. In addition, CREAM codebase was audited by Trail of Bits, a god-tier auditor.
Banker Joe is not 100% Cream fork (can ask Paladin, our auditor). We are 100% chain-link oracle protected and don’t use any on-chain oracles.
Is Banker Joe too degen?
Our platform risks are not managed by devs but instead managed by a committee of quant researchers, with strong tradfi and defi experience. If you have CFA, CPA, CFO, or just love crunching spreadsheets, welcome to come chat w/ us (reach out to us on social platforms).
About Trader Joe
Trader Joe is a one-stop-shop decentralized trading platform native to the Avalanche blockchain. Trader Joe builds fast, securely and aims to serve the community at the frontier of DeFi. The long-term vision of the team is to make Trader Joe an R&D-focused platform for new DeFi primitives not yet seen on any blockchain.