Euler Finance bounces back from flash loan attack, introduces modular vaults

Euler Finance released a modular credit layer nearly 18 months after a flash loan attack wiped out millions of dollars from the decentralized finance protocol.

The credit layer, known as Euler v2, is a development kit for deploying ERC-4626 vaults that allow users to manage lending risks and build customizable vaults. As a result, the solution allows users to choose between risk-isolated lending pairs or cross-collateralized vault clusters, as well as passive lending or fixed-parameter vaults, Michael Bentley, Euler Labs CEO, told Cointelegraph. According to him:

“Euler v2 is built to be as adaptable as possible. Its modular design allows for the creation of markets with various risk parameters and collaterals, some of which are more resistant to volatile market conditions.”

Vaults on Euler v2 are agnostic about governance, risk management mechanics and asset pricing and can hold non-fungible tokens (NFTs), tokenized real-world assets (RWAs) and natively-minted synthetic assets.

According to the protocol, Euler v2 has been audited by at least 12 different cybersecurity firms, generating 31 audit reports to date. The protocol also held a public $1.25 million post-audit bug bounty without identifying any medium or higher severity issues. Based on a previous announcement, a total of $4 million has been spent on securing Euler ahead of its relaunch.

“Every market carries its own risks, and it’s important for users to do their research before interacting with any vault and check the parameters of every market. If you use an ungoverned vault, you should be managing your own risk,” explained Bentley.

Related: Euler Finance attack: How it happened, and what can be learned

Euler v1 was exploited for $195 million in a flash loan attack in March 2023, although all funds were subsequently returned by the attacker. In a flash loan hack, the attacker takes a large uncollateralized loan and repays it instantly, manipulating asset prices within a single transaction. The attacker profits from the temporary price changes.

In Euler’s attack, the hacker used two accounts: the first borrowed from the protocol and used a “donate” function, artificially reducing the collateral value in their account and triggering a default. The second account then liquidated the first, exploiting Euler v1’s liquidation discounts to gain more assets than were lost.

“Euler v1 was extensively audited, and the risks of DeFi are extensive. Euler came out of last year’s exploit stronger and more focused. We recovered all user assets and got them back into the hands of those who lost them, which was a remarkable feat,” Bentley said about the security incident.

According to data from DefiLlama, Euler currently holds $3.5 million in total value locked, with nearly $343,000 in borrowed funds. Over the past few years, the protocol has raised over $40 million from several investors.

Magazine: How crypto bots are ruining crypto — including auto memecoin rug pulls