DeFi risks at the low liquidity market
The global crypto market in 2022 seems to have survived every conceivable challenge. Perhaps it’s time to rethink some of the achievements notable throughout the DeFi Summer market of 2020.
It’s no secret that decentralized exchanges, exchange aggregators, and feeder services have taken a central role in the DeFi revolution. Uniswap, AAVE, Compound, Maker, and Curve are projects that have taken a central role in the current landscape of decentralized finance and have served as examples for many other teams.
Recently, however, they have been increasingly in the news as examples of possible economic inefficiencies. Last week’s attempted hostile exploitation of loans in the AAVE service forced the entire DeFi community to belatedly (but finally) react to changing market conditions.
The plan was fairly simple, though it required a high amount of capital. Private trader Avraham Eisenberg published a post on October 19 on how to influence token prices in low liquidity conditions using decentralized loan services. Eisenberg became widely known after he took responsibility for exploiting a notable vulnerability within the DEx derivatives exchange Mango Markets. The exchange’s vault losses of $110 million were compensated by the trader in exchange for a $33 million premium and a waiver of any legal claims.
The attack on the protocol began on the 13th of November, with a deposit of about $38m in USDC and a range of loans in CRV tokens. Then, using a 1inch router, the trader sold the CRV and used the funds to make deposits on AAVE. By putting pressure on the price, he reduced the size of the loan, which together with the funds from the sale and new deposits on AAVE to the amount of about 24m USDC, lowered the price of the spot market from 0.62 USD to 0.43 USD.
An additional source of pressure on the price could be another external loan of 43m USD with a liquidation price of 0.29 USD (about 140m CRV pledged). Given that the overall trading activity on the CRV token is low, such significant pressure on the spot market could lead to an even greater decline in price.
However, it seems that the attacker failed to fully implement his plan. On November 23rd, against the background of the release of details and documentation about the launch of the Curve project’s stablecoin, the token price went up sharply, which led to the liquidation of loans.
As a result, some of the loans still could not be sold through the open market because of the sharp price change, and the AAVE protocol was left with a “bad debt” of 1.6m USD.
It is hard to evaluate the final success of the attack in terms of financial outcome, as there is no public information about the attacker’s positions on centralized exchanges. Given that the attack vector could be aimed not only at the CURVE token, but also on AAVE, which in the case of more “bad” debt would be forced to cover the losses of liquidators from its security fund by selling the AAVE token on the spot market — then it is difficult to make a definite conclusion about the numbers.
In theory, the attack could have been much more effective if options were used in addition to spot sales — an active purchase of put options could have forced the market maker to increase its safety position by increasing the short position. However, the cryptocurrency market is not that developed at the moment, so in a low liquidity market, a leveraged short position formed through loans and spot sales can be compensated only through futures on centralized exchanges.
The attack caused a high level of discussion about the parameters of reserve accounting and led to a restriction on borrowing for low liquidity protocols for AAVE and Compound.
Site — deltatheta.tech
Twitter — https://twitter.com/deltatheta_tech
OTC telegram group -https://t.me/deltatheta_TradingGroup
New to trading? Try crypto trading bots or copy trading
