On December 19th 2023 the Mimo Labs team detected a bug in the deployed version of the KUMA Protocol on Ethereum, related to the USK. This bug occurs on the first (and only the first) redeem of a KUMA NFT in exchange for KIBT.
When a KUMA NFT is redeemed via the ‘buyBond’ function in the USK_KUMA_SWAP contract, the user is supposed to receive the KUMA NFT chosen before. On December 19, 2023 a user burned 102,839.29 USK in order to receive KUMA NFT #4 (transaction), however he received a KUMA Bond Clone Token instead (the KUMA Bond Clone Token #1).
The KUMA Bond Clone Token can be seen as a wrapper of the KUMA NFT that can be redeemed for the underlying NFT at any time via the ‘claimBond’ function in the USK_KUMA_SWAP contract for addresses that have the KUMA_SWAP_CLAIM_ROLE. The KUMA_SWAP_CLAIM_ROLE is a role controlled by the KUMAAccessController contract, himself controlled by the DAO Multisig, a ⅝ multisig with Mimo Labs team members as signers.
As this bug was known by the Mimo Labs team and had already been fixed in protocol deployments on other chains, the DAO multisig signers decided to temporarily grant the KUMA_SWAP_CLAIM_ROLE role to the address (0x8cC880E53c247D006a9BfB9A6A79B6F3F0ec20CC) that received the KUMA Bond Clone Token without a governance vote, to enable it to redeem the original KUMA NFT.
Transaction from the DAO Multisig to grant the KUMA_SWAP_CLAIM_ROLE to 0x8cC880E53c247D006a9BfB9A6A79B6F3F0ec20CC by calling the function ‘grantRole’ in the KUMAAccessController contract: Ethereum Transaction Hash (Txhash) Details | Etherscan
Transaction from 0x8cC880E53c247D006a9BfB9A6A79B6F3F0ec20CC to redeem the KUMA NFT #4 in exchange for KUMA Bond Clone Token #1 buy calling the ‘claimBond’ function in the USK_KUMA_SWAP contract: Ethereum Transaction Hash (Txhash) Details | Etherscan
Transaction from 0x8cC880E53c247D006a9BfB9A6A79B6F3F0ec20CC to renounce to the KUMA_SWAP_CLAIM_ROLE via the ‘renounceRole’ function in the KUMAAccessController contract: Ethereum Transaction Hash (Txhash) Details | Etherscan
0x8cC880E53c247D006a9BfB9A6A79B6F3F0ec20CC no longer has the KUMA_SWAP_CLAIM_ROLE, having renounced it, as described above.