It seems like every week we hear news of another DeFi project being hacked or exploited. The latest crop of victims includes such projects as Harvest Finance, Akropolis, Value DeFi, Origin and of course Compound.
When exploits do occur, they usually involve manipulating the reference price like ETH/DAI on a data source, such as Curve, Kyber or Coinbase Pro. Sometimes, it’s a mistake, as in the SNX case where the Korean Won was quoted with the wrong decimal place.
As decentralized finance grows, the potential for exploits will certainly increase. DeFi is going to become more complex as more assets are accepted as collateral. Complexity will also increase as indexes become more prevalent and options that are settled at fair market value reach their potential. The success of these outcomes depends on accurate, secure data that is free from manipulation.
So, what chance do these less liquid reference values have to fend off attacks when something such as ETH/DAI is so subject to manipulation? Some of these are thinly traded on few venues and almost entirely on decentralized exchanges. Others are calculated values that rely on third parties.
Mitigating the risk of hacks and exploits for DeFi
Multiple oracles. Every oracle is structured differently in its preferred sources of data; how they come to a consensus on the data; and how they calculate those prices. One potential option when dealing with less liquid pairs is to utilize multiple oracles. While this will introduce an added cost, new emerging oracles have made great strides in reducing costs compared to legacy oracles.
Placing bounds around prices would act as a sanity check. For stablecoins, we can place minimum and maximum values to mitigate the potential exploit. For example, one could set the price of Dai between $0.97 and $1.03.
Circuit breakers. For cryptocurrency pairs other than range-bound stablecoins, we can set trading ranges. And should these ranges be breached, we can implement a cooling-off period. This would function in much the same way as the circuit breakers used by Nasdaq and other traditional financial markets. Only after the cooling-off period should one restart.
Averages. Time-weighted average price and/or volume-weighted average price for varying periods of time, depending on the DeFi project’s use case, can also mitigate attacks for less liquid prices. By using averages across time and volume, a sudden and temporary shock in price has less impact on the reference price. Andre Cronje takes this to the extreme in his Keep3r oracle, where he uses the daily average price.
Market internals. When attacks do occur, they often exploit only one side of the market internals, such as bids only. Large and sudden swings in bid/ask spreads should be a sign that something could be amiss. As an industry, we should watch for these occurrences and program alerts for when they do happen.
Volatility index. Implied volatility, or IV, plays a critical function in finance. It is the basis by which options are priced. Even in mature and liquid markets like the CBOE Volatility Index, which is a volatility index covering the $30 trillion S&P 500, attempts at manipulation still occur. Current DeFi-implied volatility calculations are based on the IV in Deribit’s European option prices. Using varying methods, the implied volatility is backed out based on the option price, time to maturity, strike price, spot price and prevailing interest rates. The implied volatility should be checked for abnormal shocks, such as a sudden increase or decrease in IV values relative to the underlying or relative to the market overall. While IV is an indication of future expectations of volatility, there are usually correlations with the underlying asset and/or market volatility in general. Furthermore, time-weighted or volume-weighted IV should also be considered especially at close to maturity for cash-settled options.
Better oracles for a better DeFi ecosystem
In an ideal world, we can collect data from multiple sources that are difficult and/or costly to manipulate.
For one thing, existing oracles only support the largest of cryptocurrency pairs and often do not refresh the price frequently enough. For example, Compound elected to use Coinbase Pro over Chainlink, which may have seemed a bemusing choice to many.
However, even Chainlink only updates the Dai contract once every 24 hours or if the price moves by 2%. Compound was, therefore, forced to make a choice between fresh/lively data or data free of manipulation. Had they chosen Chainlink over Coinbase Pro, it is still possible that they would have suffered losses while the price of Dai was manipulated to swing within the 2% range. But it would have been a death-by-a-thousand-cuts rather than the catastrophic gash they ended up suffering.
Many cryptocurrencies only trade on one or two exchanges, sometimes only on decentralized exchanges, and have very little liquidity and suffer from high volatility. In these types of situations and others, DeFi projects must partner with oracles that can provide the breadth of data they need along with the liveliness of data that is essential.
Each DeFi project faces a unique and distinct set of variables. Therefore, not all of the proposed solutions are suitable for each project. A project should consider its unique data requirements and what compromises are suitable for their needs.