Dopple Finance’s $KUSD and Synthetic Assets Manual Minting Analysis

https://docs.dopple.finance/twindex/synthetic-assets-tassets/meta-liquidity

Overview

On Jan 15, 2022, Inspex was contacted by multiple Dopple Finance’s users to investigate suspicious transactions on Dopple Finance prior to the big price crash. We started the investigation on the $KUSD contract and found interesting actions from Dopple Finance’s privileged wallet (Dopple Finance Deployer) that are unusual, which is known to be the creation of Meta Liquidity. This creation of liquidity without any backing asset causes other the liquidity providers to gain less fees, with questionable benefits to the platform users. Interestingly, a part of the leftover amount was sent to another address to redeem and buyback $KUSD from Twindex AMM, and another part was redeemed to $USDC and sent to Binance.

We have summarized the money flow into the following diagram:

The complete transaction details are in the following sheet:

https://docs.google.com/spreadsheets/d/1gmHbhgL9gTghg6xIrB5CoY9--SbldYY8qO_uhDjgO9k

The details have been summarized as follows:

Manual Minting of $KUSD

This sequence of actions started on Dec 22, 2021. The Dopple Finance Deployer address has granted itself the minter role, allowing that address to freely mint $KUSD.

With the minter role, the deployer minted 1.6M $KUSD for itself without any asset to back for the value of the minted token. Whereas in the normal case, $USDC and $DOPX are required for the minting of $KUSD.

Liquidity Provision for Synthetic Asset Pairs

After that, 16 synthetic assets were manually minted by the deployer, each with an estimated value of 100,000 $KUSD. Those tokens and $KUSD were then used to provide liquidity for Twindex AMM, as mentioned to be the Meta Liquidity.

The LP token gained from the liquidity provision were then burned by sending them to the null address.

1,563,011.74 $KUSD was used in the creation of Meta Liquidity from the total of 1,600,000 $KUSD minted.

This creation of liquidity without any backing asset causes other the liquidity providers to gain less fees, with questionable benefits to the platform users.

Repeated Redemption and Buyback of $KUSD

2 days later, on Dec 24, 2021, 10,000 $KUSD was transferred from Dopple Deployer to the treasury address in two separated transactions, 5,000 $KUSD each.

The $KUSD transferred was redeemed, and the $USDC from the redemption was used to buy $KUSD from Twindex AMM. The redemption and buying were repeated for several times, moving $USDC from the $KUSD pool to Twindex AMM’s USDC-KUSD pool.

As a result, the $KUSD price on the USDC-KUSD pool was increased. However, the $USDC collateralized by the platform users in the $KUSD pool was drained with unbacked $KUSD. This indicates that the platform owner used the platform users’ funds to manipulate the $KUSD price.

Redemption of Leftover $KUSD and Transfer of Asset to Binance

3 days later, on Dec 27, 2021, 27,048.26 $KUSD, in which the majority was from the manual minting, was redeemed by the deployer to get 19,219.50 $USDC. That $USDC amount together with funds from the other sources, totaling 40,048.90 $USDC, was then transferred to Binance.

As mentioned earlier, the $KUSD used was minted without any backing asset. These tokens created out of thin air were used to redeem $USDC with real monetary value, undeniably moving users’ funds from the platform.

$DOPX Inflation from Redemption

While performing the redemption of the unbacked $KUSD as mentioned earlier, $DOPX was also minted and left in both the Dopple Finance Deployer and treasury address. The $DOPX was minted by the redemption process in the following wallets:

Dopple Finance Deployer: Only one redemption action was performed and 7,945,577,379.65 $DOPX was minted from the unbacked $KUSD.

Dopple Treasury: Multiple redemption actions were performed and unbacked $DOPX was minted multiple times as shown in the following transactions:

In a nutshell, 45,924,129,559.04 $DOPX was created out of thin air, resulting in an inflation of the total supply of $DOPX which directly affects $DOPX holders in such a way that the value of the rightfully minted $DOPX was significantly reduced.

About Inspex

Inspex is formed by a team of cybersecurity experts highly experienced in various fields of cybersecurity. We provide blockchain and smart contract professional services at the highest quality to enhance the security of our clients and the overall blockchain ecosystem.

For any business inquiries, please contact us via Twitter, Telegram, contact@inspex.co

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Inspex

Inspex

Cybersecurity professional service, specialized in blockchain and smart contract auditing https://twitter.com/InspexCo