OptiFi, a decentralized exchange (DEX) on the Solana blockchain, suffered a $661,000 loss of funds after a disastrous mistake. The DEX lost the funds after it made a huge mistake when closing its program on August 29.
According to the DEX’s official announcement, the mistake occurred at 06:00 UTC when a developer tried to upgrade its program on the Solana mainnet.
How the Mistake Occurred
According to the explanation provided via medium, the developer was making an upgrade to the OptiFi program. However, it took longer than they expected due to network congestion. As a result, the developer decided to abort the anchor deploy upgrade before receiving a response. At the same time, the process they created spawned an unused buffer account holding 17.2023808 SOL.
Thus, when the developer tried to close the buffer account to regain their balance, they unknowingly permanently closed the main program instead of the buffer account. According to the announcement, they used the “Solana Close Program” without full knowledge of the impact of the action.
A Permanent Loss
According to the OptiFi team, $661,000 was lost forever in the locked contract. The team said it represents 95% of the funds from their team members. In addition, all margin accounts USDC tokens, AMMs USDC vaults, and option tokens bound to the program had been lost.
Compensation Plan
The team has said they will return all user deposits lost and settle all user positions manually, according to Pyth oracle at 8 AM September 2, UTC. They added that all transactions and deposits would be based on Solscan. According to the announcement, this will take around two weeks. They encourage all affected members to go to their Discord channel to receive the latest updates on the compensation plan.
Lesson Learned
The team stated that they had learned that each deployment needed a rigorous process, and single-point had to be avoided. In the future, the team will execute a peer-surveillance approach, requiring at least three peers to deploy upgrades.
The role of the peers will be to serve as a reminder to the primary deployer that there are risks associated with each step and to ensure that each step complies with the guidelines for deployment. In addition, they will go over backup plans to ensure the operation’s security in the event that something does not go according to plan. They also stated that in order to lessen the significance of errors made while performing routine tasks, they would partition the capital pools (AMM) from the main program.
Recommendations for Solana
In addition, the team offered some words of wisdom to Solana. First, they gave Solana the recommendation to include some descriptions in Solana Docs that would warn users about the potential consequences of terminating a program. The team made the observation that although tutorials on how to shut down programs and buffer accounts were provided, there was no mention of the risk that is associated with doing so. In addition, the group suggested that a “Solana close program” should not be executed without first undergoing a two-step verification process.
