Moola Market Manipulation

            Why Liquidity Matters for Lending Protocols

            By Professor Ronghui Gu, Co-Founder, CertiK



            On October 18, 2022, Moola Market – a non-custodial liquidity protocol operating on the Celo blockchain
            – suffered a loss of approximately $8 million. The incident was the result of an attacker manipulating the
            price of the platform’s native $MOO token, which allowed them to use the inflated price of their $MOO
            collateral to borrow additional tokens from the platform.

            The attack flow was nearly identical to the Mango Markets incident that occurred the week prior, in which
            an attacker also borrowed the illiquid native token of the lending platform, manipulated the price higher,
            and then used this newly inflated value of their collateral to borrow an outsized amount of the protocol’s
            assets.
            In both cases, the attacker returned most of the funds they had obtained. Moola Markets negotiated with
            the  attacker,  who  returned  93.1%  of  the  funds  in  return  for  a  $500,000  bounty  payment.  While  this
            prevented Moola liquidity providers from being as negatively impacted as they could have been, DeFi






            Cyber Defense eMagazine – December 2022 Edition                                                                                                                                                                                                         95
            Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.