Banker Joe: Security & Price Oracles

Date: October 27th 2021

  • Banker Joe Protocol is safe
  • Chainlink Price Oracle is used
  • The DEX/Farms were never at risk

Earlier today the C.R.E.A.M Protocol was subject to a highly sophisticated Flash Loan Attack, with the exploit aimed at a vulnerability in CREAM’s PriceOracle. The Hack raised a sum of over $100m.

The hacker used an extremely sophisticated process involving Price Oracle manipulation. The exact vector can be identified following an immediate investigation from the BlockSecTeam:

Banker Joe has forked code from Compound and CREAM.

As soon as this news broke, The Trader Joe Team promptly announced the closure of any NEW borrowing on Banker Joe, preventing any Flash Loan activity from taking place.

Trader Joe will always prioritize the safety of the community and will always aim to ensure the highest standards of security are met on the Trading Platform.

The Team at Trader Joe immediately engaged with Auditors to begin investigating the exploit. Following the news of the hacker manipulating CREAMs price oracle, the Team then took the decision to re-open Banker Joe, after thoroughly investigating the exact attack vector shared to ensure there was no risk to Banker Joe.

Banker Joe only uses the Chainlink Price Oracle to ensure the highest levels of robust data feeds.

More information about Chainlink can be found in the linked article

Banker Joe has been doubled audit by Hashex and Paladin, audit results can be found below. More auditors are being engaged.

Summary

Please come forward and reach out to the Trader Joe team if you have any continued concerns, we are happy to engage with the community further.

FAQ

The attack happened on yearn value yUSD for which the oracle is governed by smart contract. It doesn’t apply to Banker Joe.

No, Trader Joe and Banker Joe are completely segregated.

Banker Joe has forked code from Compound and CREAM. We chose CREAM because it introduced features like Collateral Caps and TripeSlopeInterest rate models, which would give us extra flexibility for managing risk and liquidity. In addition, CREAM codebase was audited by Trail of Bits, a god-tier auditor.

Banker Joe is not 100% Cream fork (can ask Paladin, our auditor). We are 100% chain-link oracle protected and don’t use any on-chain oracles.

Our platform risks are not managed by devs but instead managed by a committee of quant researchers, with strong tradfi and defi experience. If you have CFA, CPA, CFO, or just love crunching spreadsheets, welcome to come chat w/ us (reach out to us on social platforms).

Trader Joe is a one-stop-shop decentralized trading platform native to the Avalanche blockchain. Trader Joe builds fast, securely and aims to serve the community at the frontier of DeFi. The long-term vision of the team is to make Trader Joe an R&D-focused platform for new DeFi primitives not yet seen on any blockchain.

Social Links: Twitter | Discord | Telegram

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store