Smart Contract Vulnerabilities in On-Chain Lending

With DeFi exploits seeming to occur on a regular basis, it is essential on-chain investors assess the financial risk of deploying capital via crypto rails. Moreover, the lack of analysis specific to unsecured on-chain lending and the necessary credit risk premia for DeFi exploits prompted us to investigate the matter in detail. TLDR: undercollateralized on-chain lending carries de minimis smart contract risk relative to most DeFi protocols.

Exploit Taxonomy

We have taken necessary measures to conduct our own risk assessment considering publicly available information. It is important to acknowledge the inconsistent reporting of hacking losses across the industry, which makes it challenging to provide an exact assessment. Still, our analysis offers a conservative overview and taxonomy of smart contract risks to date, taking into account the varying reporting practices and data. Of note:

• We calculated an annualized Loss Due to Exploits per Day (LDEPD) to receive an estimated general (i.e., not specific to one type of application or vulnerability type) DeFi risk premia, which came in at a lamentable 3.21% per annum (please see the addendum for methodology)
• On a categorical basis, results came in mostly as expected, with Bridges driving the largest losses in the application category, followed by Lending and Trading/AMM. As it relates to vulnerability type: General SC Vulnerabilities drive the majority of failures, however Private Key Losses and Flash Loan Manipulation attacks still make up a large portion of successful attack vectors.
• Anecdotally, many of the successful hacks over the past 3 years have run similar playbooks (price manipulation using flash loans, unlimited token minting bugs, reentrancy attacks, etc.) with many of them being the exact same attack played out on a new chain with a copy-pasta Dapp that is unknowingly carrying over the same errors from the original SC design. We expect this to subside over time as attack vectors become more widely known in developer communities and less sophisticated Dapps draw less and less TVL as a result of market forces. Ultimately, this should drive down the LDEPD overtime. Below you can see the breakouts for the information we compiled. Please Note: Given the lack of standardized information and disparate and often limited reporting standards, the below analysis is a best-efforts analysis that we believe captures the majority of activity in the space to give a reasonable idea of where the industry stands.

Looking Closer at On-Chain Lending

Delving into the lending category more specifically, collateral-based lending applications constituted 100% of the losses in the sector. We haven’t been able to identify any material instances of undercollateralized lending Dapps being successfully attacked for financial losses (e.g. Centrifuge, Clearpool, Maple, TrueFi, etc). This makes sense given a sizeable portion of attack vectors simply go away once collateral is not needed to secure loans (i.e., flash loan pricing manipulation, oracle failures, etc). This is in line with our expectations given a material driver of smart contract manipulations are associated with pricing manipulation of collateral which is the principle input into secured lending risk models. Additionally, unsecured lending platforms have a structural advantage. Collateralized lending Dapps represent massive honey pots of on-chain value, compared to undercollateralized Dapps that largely rely on smart contracts to track, move, and tranche value before it is lent out to borrowers. While many collateralized lending Dapps have attractive downside protection characteristics given the ability to liquidate collateral, smart contract risk is material.

In the case of the Osprey Total Return Credit Pool (launch pending), the design prioritizes capital efficiency, which has the added benefit of reducing the economic returns to nefarious actors. The expectation is that at any one time a maximum of 5% of deposited USDC will remain in the smart contract at any given time, with the majority of funds held off-chain with regulated custodians. As such, even in the unfortunate instance of a smart contract exploit, losses would constitute 5% of total TVL as opposed to close to 100% in the case of a Euler-style hack. Other safeguards in place with unsecured lending (and the Osprey pool more specifically) add additional protection layers against hackers that include:

Pricing Smart Contract Risk of Undercollateralized Lending Platforms

When looking to calculate a smart contract risk premium specifically for undercollateralized on-chain lending, we felt it dis-ingenious to use 0% (even though historical data could support this claim). Instead, we used a similar process as noted in the previous section to determine a 1.18% annualized LDEPD for the lending category (inclusive of over-collateralized lending protocols).

Assuming 1.18% annualized losses on the (maximum) 5% of pool capital at risk in event of a vault hack, we arrive at an estimated 6bps credit risk premia for non-overcollateralized lending platforms. We believe this to be conservative given we assume a 0% recovery rate for stolen funds (much lower than industry average), as well as the inclusion of over-collateralized lending Dapps in our LDEPD calculations, which, as noted previously, are the main driver of losses in the sector.

Consequently, we are extremely confident in the ability to offer secure on-chain credit solutions at competitive rates after accounting for smart contract risk. Smart contract risk is real and should not be underestimated, but the evidence points to immaterial impacts with respect to undercollateralized lending protocols. Finally by categorizing these risks, we hope to provide a deeper understanding of the kind of threat vectors smart contracts may face. We hope this will serve as a starting point for analyzing smart contract risks across different categories and provide reference to how smart contract risk and yield products should be priced over time.

Addendum: Hacking Loss Calculation Methodology

To calculate losses attributed to DeFi as an annual percentage of TVL lost, we web scraped for sizeable exploits that made news coverage which were readily verifiable. We collected the estimated dollar amount that was at risk due to the hack, as well as the type of application it occurred on (e.g., lending, swaps, etc.), and the vulnerability type (e.g., flash loan, oracle failure, general SC vulnerability, etc). Next, we compiled the results to create a daily table of losses (assuming 0% recovery on all hacks for conservatism). We divided losses by the average DeFi TVL for each day during the testing period (between January 1st 2020 and Aug 3rd 2023) per publicly available DeFiLlama data, to calculate an average loss due to exploits per day (LDEPD).

By: Christian Lantzsch and Sefton Kincaid, CFA