Euler Reemerges with v2 Modular DeFi Lending Protocol

Euler has launched a v2 modular DeFi lending protocol after the $197 million flash loan attack in March 2023.

Launch of Euler v2

Euler v2 went live on Wednesday following a year of meticulous development and rigorous security audits. Unlike its predecessor, Euler v1, which operated similarly to Compound and Aave, v2 has been redeveloped as a “meta-lending protocol.” This new design allows builders to create highly customizable borrowing and lending vaults, aiming to reduce fragmentation and inefficiencies in isolated lending markets.

CEO Michael Bentley emphasized that the return of Euler follows 31 audits from firms like Certora, Omniscia, OtterSec, Open Zeppelin, and Trail Of Bits. Other security measures have included a $1.25 million Cantina audit competition and a $3.5 million “Capture the Flag” event in collaboration with Hats Finance.

How Euler v2 Works

Euler v2 enables ERC-4626 vaults to be deployed permissionlessly using the Euler Vault Kit, with connections to other vaults through the Ethereum Vault Connector. This tokenized vault standard helps ease interaction and integration among various DeFi protocols.

The vaults can hold user deposits in traditional cryptocurrencies, tokenized real-world assets, synthetic assets, and non-fungible assets. They are customizable, allowing vault creators to manage risk/reward parameters and governance. A unique feature permits deposits in existing vaults to be used as collateral in newer vaults, enhancing liquidity.

Upon launch, four vault classes are available: escrowed collateral, governed, ungoverned, and yield aggregator vaults. Escrowed collateral vaults do not allow borrowing directly; governed vaults provide collateral use and borrowing under management; ungoverned vaults feature fixed parameters for risk management; while yield aggregator vaults optimize risk and reward across different vault types.

Pricing is managed via the Euler Price Oracle System, integrating diverse external pricing oracles for reliable price feeds. Euler v2 introduces free-market liquidations, with advanced vault creators able to customize liquidation flows while retaining the popular reverse Dutch auction mechanism from v1.

The native EUL token continues as the governance token for v2, with announcements of substantial projects involving vaults expected soon.

The Flash Loan Attack and Recovery

On March 13, 2023, Euler suffered a $197 million loss from a complex flash loan attack. Although flash loans serve legitimate purposes in DeFi, they are susceptible to exploitation due to their lack of collateral requirements. Following the attack, Euler’s EUL token value dropped nearly 70% but has since recovered to $5.02.

To recover the stolen assets, Euler offered a 10% bounty, which led to a successful return of most of the stolen funds by the attacker in subsequent weeks. The hacker expressed remorse and committed to returning the remaining funds, completing the recovery on April 3.

Bug Fix That Led to Vulnerability

In September 2023, a whitehat known as Kankodu claimed their submitted bug fix inadvertently led to the vulnerability exploited in the attack. They had previously identified another bug and were rewarded for it but noted that the fix introduced a larger flaw.

Significant Safeguards in v2

Despite the challenges of attracting users post-attack, Euler Labs remains committed to robust security. Bentley highlighted that significant safeguards have been implemented to prevent similar issues.

Certora’s formal verification has proven security properties for the Euler v2 Vault, aiming to ensure account health under all conditions. Euler v2 has set a new standard for security in DeFi lending.