Abachi was built around a serious idea: bring real-world credit and B2B lending closer to decentralized finance. That meant spending time inside the mechanics of the protocols that shaped DeFi's early credit and liquidity markets.
One of those protocols was OlympusDAO, the system behind OHM. Olympus was not just another token project. Its monetary design, treasury, protocol-owned liquidity, and rebasing mechanics made it one of the most studied experiments in DeFi.
In January 2022, while implementing OlympusDAO's rebase model for Abachi's own token emissions, our engineering team found a bug in the Olympus V2 smart contract system. The issue was not framed as a simple direct-drain exploit. The risk was more subtle: in extreme cases, it could lead to an incorrect rebase amount.
In a protocol where supply accounting and monetary policy are core mechanics, a rebase error can affect the integrity of the system even when it does not fit neatly into older bounty categories. We tested the issue, modelled the impact, and submitted the report through Immunefi. The technical details were not published publicly at the time, following OlympusDAO's request.
How Olympus Responded
The existing Olympus bug bounty program already covered severe outcomes such as loss of user funds, bond funds, or treasury funds. The bug Abachi reported sat in a different class. It had financial impact, but the impact was tied to rebase accounting rather than a direct transfer of funds.
OlympusDAO addressed that gap through OIP-77, a governance proposal that added a third critical bounty tier for bugs or exploits that could lead to an incorrect rebase amount. The new tier carried a flat $33,333 reward and also authorized one retroactive bounty for the qualifying report that had already been submitted.
That report was Abachi's.
The protocol adapted its security program around a real report that exposed a missing category. The result was a clearer bounty framework for a class of bugs that could affect monetary accounting without directly draining funds.
The White-Hat NFT
OlympusDAO also recognized Abachi with a Proof of Whitehat NFT. Abachi announced the bounty publicly in a Medium post on March 28, 2022, and shared the NFT recognition on X. The awarded NFT can be viewed on OpenSea.
The NFT documented the white-hat disclosure publicly. Smart contracts are public, composable, and often reused across ecosystems, which makes responsible disclosure incentives an important part of protocol security.
What It Taught Us
Rebases, emissions, accounting paths, and edge-case state transitions can look less dramatic than headline exploits, but they are part of the monetary machinery users rely on.
We found the bug because we were implementing the mechanics ourselves, testing assumptions, and modelling behavior under edge cases rather than treating the system as a black box.
Security is not only audits at the end of development. It is the discipline of understanding how a system behaves when assumptions fail.
For Abachi, the bounty was a useful recognition of that work. For OlympusDAO, OIP-77 strengthened the bug bounty framework. For the wider ecosystem, it was another example of how transparent disclosure, governance, and aligned incentives can make DeFi infrastructure safer over time.
Read next: Building ReachMe in Two Weeks