Pac Finance users mistakenly liquidated, Blast's "factory project" problems frequently cause concern

On April 12, users of Pac Finance, a lending app on Blast, said they suffered a $24 million liquidation on April 11 because the developer wallet suddenly changed parameters.

Pac Finance allows cryptocurrency holders to deposit funds and earn interest by lending capital. To ensure repayment, borrowers are only allowed to lend a certain percentage of the value of the collateral. This percentage is called the "loan-to-value ratio" (LTV). According to blockchain data from the Blast network, the Pac Finance developer wallet called a function on its PoolConfigurator-Proxy contract at 1:06 a.m. UTC on April 11, setting the LTV of ezETH to 60%.

LTV can be changed by the development team, but it is usually only implemented after an announcement. However, Pac Finance did not release an announcement on the official channel for this parameter change, which led to the platform users being liquidated.

After the liquidation incident fermented, Pac Finance team members clarified in the community that it was not that they did not release an announcement, but that they announced the decision when replying to others. They also said that the team had previously explained to the engineer in charge of the contract the task of modifying LTV, but the engineer arbitrarily modified the liquidity threshold without communicating with the team, which led to this problem. "We are investigating with several security audit experts such as pacman and zachxbt, and are contacting several users who have been affected."

Pac Finance is the first hybrid lending protocol on Blast, with both peer-to-peer lending and peer-to-pool lending functions. Previously, it became a popular interactive protocol because of the expectation of airdrops. After this unexplained liquidation incident, the community also remembered the previous projects of the founding team, and a drama incident also took place.

Last May, the NFT lending protocol ParaSpace staged an internal fight. Many KOLs issued articles to warn that there were conflicts within the ParaSpace team and suggested that users withdraw their funds as soon as possible. The matter quickly fermented in the community, and a large number of users withdrew their funds from ParaSpace out of panic at high gas prices. In this storm, the "project control" and "team trust" of the ParaSpace founding team were questioned to a certain extent. Although the safety of user funds was subsequently ensured, it was greatly affected at the market level. After that, ParaSpace announced a merger and rebranding with Parallel Finance to create ParaX.

Back to the Pac Finance incident, it is not the first project on Blast to have fund security issues. Blast, as a Layer2 that emerged at the end of last year, has produced many early native projects under the expectation of airdrops and the explosive growth of TVL, but at the same time, many problems have also arisen.

In early March, Blast's lending agreement Orbit Lending was also accused by KOLs of having problems with the liquidation threshold. The agreement states that 83% is the liquidation threshold, but in fact it will be liquidated when it reaches 80%. However, the project subsequently compensated the affected users.

At the same time, Blast's ecological project Munchables said it was attacked and there was a suspected problem with the locking contract, resulting in the theft of 17,400 ETH (worth about 62.3 million US dollars). SomaXBT disclosed that Munchables previously hired an unknown security team EntersoftTeam to issue an audit report in order to save audit fees. The team's account profile is "We are an award-winning application security company with certified white hat hackers", but the platform has only more than a hundred followers.

Related reading: "Review of the Blast Ecosystem Munchables Stolen 17,400 ETH Incident"

After ZachXBT's analysis, the four different developers hired by the Munchables team may be the same person. But on the same day, the Munchables attacker returned 17,000 ETH, which puzzled the community.

In short, in the crypto world, security is always a red line issue. No matter how much financing is obtained, ensuring the security of user funds is a must for a good project.

欢迎加入律动 BlockBeats 官方社群：

Telegram 订阅群：https://t.me/theblockbeats

Telegram 交流群：https://t.me/BlockBeats_App

Twitter 官方账号：https://twitter.com/BlockBeatsAsia