Drift Protocol Technical Incident Report - May 11, 2022
What Happened
Drift Protocol was paused on 2022/05/11 in response to a rapid increase in the rate of withdrawal of user funds. Drift successfully paused the protocol prior to a complete depletion of user funds.
Within about 12 hours starting May 11, 12AM UTC, $8.72m of collateral net withdrew from the system, pushing the pool from $13.66m to $4.94m.
Technical Root Cause
The issue stemmed from the system mischaracterizing realised collateral and allowing any profits to be withdrawn without:
• Any checks
• Any gates
• Any earmarking of funds
• A built-in socialised loss / clawback mechanism
In effect, traders could withdraw notional PnL even while the system as a whole was insolvent, as the AMM/insurance fund accounting did not properly reconcile against actual collateral availability.
Attack Vector / Steps
This was less a "hack" and more an exploitation of a design flaw in the v1 AMM accounting:
1. Traders identified that they could realise/withdraw profits in excess of the system's actual collateral
2. A rapid bank-run dynamic emerged as users withdrew before the pool dried out
3. Drift paused the protocol when net withdrawals threatened complete depletion
Financial Impact
• Net withdrawals during the incident: $8.72m
• Pool moved from $13.66m to $4.94m (roughly $8.7m drained from the v1 collateral pool)
• Total settled collateral repaid to traders: $19.5m
• $4.95m from the remaining Insurance Fund
• $14.55m from Drift project financing
Remediation
• Drift v1 was sunset after the incident
• All v1 positions were settled and traders made whole in full
• Drift v2 was designed with proper collateral accounting, gating of withdrawals, and a real socialised loss / clawback mechanism
Sources