Pando Rings
HackedDeFi · born 2021 · ✝ 2022
An oracle nudge let a lender pay out far too much.
Pando Rings was a lending protocol built on the Mixin network that was exploited in 2022 via price-oracle manipulation. The attacker distorted collateral prices to borrow against assets worth far less than the loans.
- Peak
- ~$22M stolen
- Cause
- Hacked
- Year of death
- 2022
☠️ Cause of death
A price-oracle attack let the exploiter inflate collateral valuations and drain the lending pools by over-borrowing.
📓 Lessons left behind
- —A lender is only as safe as its weakest price feed.
- —Use manipulation-resistant, multi-source oracles for collateral.
- —Cap borrow power against thinly-traded collateral assets.
🌱 The idea that survived
Manipulation-resistant oracles
Reinforced demand for time-weighted, multi-source price feeds in lending markets.
#defi#oracle#lending#mixin