Euler Protocol’s Oracle Risk Grading System

Users of non-custodial lending protocols need to understand factors like oracle manipulation and make a judgement call on when it is safe to use a given oracle. Explained here is how and why Uniswap’s oracles are sometimes risky, and introduce a new price oracle rating tool on the Euler UI to help users understand and manage these risks.

TL;DR: lending into anything with an oracle rating below B is extremely risky!

Introduction

Euler is a non-custodial lending protocol which allows its users to judge which markets are safe for them to lend and borrow on.

A key component of the risks borne by users on Euler derives from the price oracles provided by Uniswap V3. These oracles may be vulnerable to manipulation when the Uniswap V3 pool they derive from is illiquid or thinly traded.

To help users better identify markets at risk of price manipulation attacks, an oracle rating system has been introduced to the Euler front-end, designed to rank price oracles for each market by their associated liquidity and vulnerability to manipulation.

Users should carefully consider the risks involved in depositing large amounts of assets on Euler in markets with a poor oracle rating. Large deposits of assets may entice attackers to manipulate the price on Uniswap in order to drain funds on Euler.

Which markets are safe to lend on?

All forms of lending are risky, whether depositing crypto assets in a lending protocol or depositing fiat currency into a bank account. Ultimately, there is no guarantee that borrowers will repay their loans.

However, some forms of lending are less risky than others. If the borrowed and collateral asset pricing is more difficult to manipulate, loss of funds is less likely, all other things being equal.

What is an oracle?

Within the context of pricing, an oracle is an on-chain API for price. Simply put, it tells you what the price of an asset is at a given time.

What is Euler’s Oracle Solution?

In order to enable lending and borrowing on virtually any ERC20 token, we have chosen in our opinion the most decentralised oracle solution available: Uniswap TWAP (Time Weighted Average Price).

Specifically, when someone activates a lending market on the XYZ token, the protocol automatically uses Uniswap V3’s TWAP (essentially a moving average of the price) on the first existing 0.3%, 0.05%, 1% fee-level pool in order to determine the price of XYZ.

For instance, when someone activated the DAI lending pool on Euler for the first time, the protocol queried Uniswap V3 for available pools of DAI/ETH:

It automatically chose the 0.3% pool and the respective TWAP as the price oracle for DAI on Euler.

What is an oracle attack scenario?

While Uniswap’s oracles are well suited for the Euler permissionless lending protocol, depositing into an Euler pool backed by illiquid liquidity pools on Uniswap can lead to devastating results.

Let’s run through an example:

Suppose someone activated the $HOGE lending pool on Euler and deposited $5mil worth of $HOGE.

As there are no 0.3% or 0.05% fee pools on Uniswap V3, Euler will use the 1% pool for the oracle. There is, however, a bit of a problem:

There is virtually no liquidity in that Uniswap pool.

This is literally free money. All an attacker has to do is sell some tiny amount of $HOGE for $ETH on Uniswap to crash the price of $HOGE to almost zero and keep it there for a few blocks so the TWAP follows the spot price. Since there is no liquidity whatsoever, it doesn’t pay off for arbitrageurs to bring the price back to normal as slippage will be enormous.

After that, the attacker needs to deposit a bit of collateral like USDC and borrow all the $HOGE that is now valued at almost $0 (due to the oracle attack). In reality, however, it’s actually worth $5mil and the attacker can offload the stolen $HOGE on Uniswap V2, gate.io, PancakeSwap etc. and make millions without any real costs.

In fact, many well-known tokens have with very liquid markets on Uniswap V2, CEXes but barely any liquidity on Uniswap V3. This creates an easy risk vector: manipulate and drain a lending pool based on Uniswap V3 pricing, and sell the stolen assets on more liquid exchanges.

If you’ve already deposited into an Euler pool with an illiquid Uniswap V3 oracle… please realise you’re taking on enormous risk.

Luckily, a risk grading system has been developed for users to be aware of the risks.

Euler Protocol’s Oracle Risk Grading System

There are two main factors that influence the ease of attacking a Uniswap V3 oracle: TVL and concentration of liquidity.

Uber-concentrated liquidity

If there is $20 mil USD TVL locked in but it is concentrated around one tick like in this example:

There really isn’t much of a point, because beyond that tick you can push the price anywhere and perpetrate the attack described above.

Skewed liquidity profile

Watch out for false friends including highly skewed liquidity profiles like this:

In this chart, there is plenty of liquidity to XYZ/ETH upside, but barely any to the downside. This means while overall TVL and liquidity are decent, users could still easily crash the price.

Ideal scenario

A much better setup is when liquidity is spread across, making the attack costly along every price tick. PAX/ETH is a good example:

The Grading System

This is why a rating has been developed that incorporates 3 factors:

TVL locked in the Uniswap V3 pool:

Slippage on a $1mil XYZ vs ETH buy order on Uniswap:

Slippage on a $1mil XYZ vs ETH sell order on Uniswap:

The sum of these ratings yields a comprehensive rating:

Which will be displayed on the front-end page of the respective lending pool:

The overall rating goes from A to F and should give users an idea of what the oracle risk is. Overall, anything below B should probably be avoided!

Keep in mind that this is merely an indicative tool and Euler bear no responsibility for loss of funds.

What can you do to make the pool safer?

As written in the Euler risk docs, the Euler governance can promote assets to collateral and cross tiers and increase the borrow factors if the asset is deemed less likely to be manipulated. Oracle rating plays a crucial role in this assessment.

If you want a given token to be promoted, it’s recommend to provide as much liquidity as possible over the full range of the Uniswap V3 pool. Feel free to reach out if you have questions.

What’s next?

This is merely the first version of the ranking tool. Behind the scenes, the Euler community is working on more sophisticated ways of estimating costs of attacking lending pools over multiple blocks given probabilistic scenarios involving price, liquidity profiles, TVLs, etc. Stay tuned for more!

About Euler

Euler is a capital-efficient permissionless lending protocol that helps users to earn interest on their crypto assets or hedge against volatile markets without the need for a trusted third-party. Euler features a number of innovations not seen before in DeFi, including permissionless lending markets, reactive interest rates, protected collateral, MEV-resistant liquidations, multi-collateral stability pools, sub-accounts, risk-adjusted loans and much more. For more information, visit euler.finance.

Join the Community

Follow us on Twitter. Join our Discord. Keep in touch on Telegram (community, announcements). Check out our website.

Disclaimer:

This piece is provided by Euler Labs Ltd. for informational purposes only and should not be interpreted as investment, tax, legal, insurance, or business advice. Euler Labs Ltd. and The Euler Foundation are independent entities.

Neither Euler Labs Ltd., The Euler Foundation, nor any of their owners, members, directors, officers, employees, agents, independent contractors, or affiliates are registered as an investment advisor, broker-dealer, futures commission merchant, or commodity trading advisor or are members of any self-regulatory organization.

The information provided herein is not intended to be, and should not be construed in any manner whatsoever, as personalized advice or advice tailored to the needs of any specific person. Nothing on the Website should be construed as an offer to sell, a solicitation of an offer to buy, or a recommendation for any asset or transaction.

This post reflects the current opinions of the authors and is not made on behalf of Euler Labs, The Euler Foundation, or their affiliates and does not necessarily reflect the opinions of Euler Labs, The Euler Foundation, their affiliates, or individuals associated with Euler Labs or The Euler Foundation.

Euler Labs Ltd. and The Euler Foundation do not represent or speak for or on behalf of the users of Euler Finance. The commentary and opinions provided by Euler Labs Ltd. or The Euler Foundation are for general informational purposes only, are provided “AS IS,” and without any warranty of any kind. To the best of our knowledge and belief, all information contained herein is accurate and reliable and has been obtained from public sources believed to be accurate and reliable at the time of publication.

The information provided is presented only as of the date published or indicated and may be superseded by subsequent events or for other reasons. As events and markets change continuously, previously published information and data may not be current and should not be relied upon.

The opinions reflected herein are subject to change without being updated.