Risks and Assets: DAO’s framework for accessing assets & contracts

Published in

Gearbox Protocol ⚙️🧰

8 min readJul 25, 2022

GM frens! In this article, risk members [amantay, ilgiz, & others] describe their framework & general approach to risk assessment in Gearbox Protocol. So if you ever wondered “How are new contracts (protocol integrations) and assets (to trade, farm, portfolio margin, etc.) are assessed before being voted on? And when is my bag going to be available on Gearbox?!”— you’ll like this article!

The magic is in Credit Accounts. TLDR: you can’t just randomly get x10 your capital (borrow on leverage) and syphon the $$ of the system into a malicious contract or an illiquid asset. Or rather, you shouldn’t be able to. The list of actions is restricted by the Allowed List of contracts and assets. So let’s dive into some specific risks the risk committee accesses…

First of all, let’s consider some of the potential risks

A sharp price change of an asset can lead to position insecurity and bad debt (bad debt = loss for LPs).
Illiquidity of Assets: liquidity especially in the bear market often degrades on DEXes, which can cause liquidity pools on Uniswap/Sushiswap and other exchanges to become quite thin. This lack of depth leads to the fact that it becomes impossible to liquidate a position without losses to LP funds. A potential example of this is the recent event in Solend.
Cascading liquidations: all protocol liquidations lower prices in the market, leading to more liquidations, and so on, as a death spiral.
Lack of liquidators: this can occur if the income from liquidation is less than transaction costs, for example, in case of high gas price peaks.
Smart contract risk and other technical risks (on both Gearbox and third-party protocols) could cause liquidity to be drained…

In this article, we won’t address the smart-contract risk as it’s a pure technical risk. If you want to know more about it, see more on audits and bug bounty programs here. V2 will have 3 more audits covering the entire system. But, no number of audits makes a protocol fully safe though, DeFi is a very risky area, please keep that in mind and understand the risks.

Token volatility analysis

First of all, currently whitelisted tokens in the Gearbox V1 Allowed List are blue-chip tokens that have sufficient liquidity and proven history of non-fraudulent emission. As always, a token can be whitelisted only after a proper discussion on the DAOForum and a subsequent formal voting proposal.

Gearbox Protocol uses Chainlink price feeds (as do Aave and Compound) to estimate a Credit Account’s Health Factors. The problem here is to set correct values of Liquidation Thresholds, so that while a liquidation is in progress (a liquidation always takes some time) — the price does not become too low, resulting in a loss of LP’s funds. For the set of tokens approved we gather on-chain prices and price feed updates.

All historical price and deviation data is presented in the report:

https://datastudio.google.com/u/0/reporting/ce9b69b3-3d9b-4aee-bb62-7baab90a0eca/page/Yk2hC

There have not been too many liquidations in Gearbox so far. However, the system works as expected, and liquidations happen on time (some stats can be seen here), maintaining zero bad debt so far!

Liquidity analysis on the DEX — assessing the illiquidity of assets and the likelihood of cascading liquidations

We collected data from decentralized exchanges and analyzed how much liquidity there is for supported tokens. This data allows you to assess how deep liquidity is on the exchanges (see here).

https://datastudio.google.com/u/0/reporting/a95186ae-29b4-4d72-8807-612bb5f54dd0/page/p_nm4zx1i4uc

At the same time, we look at positions that are open in Gearbox (see here), and also account for which tokens and on which pools/credit managers. This allows us to estimate the potential volume of liquidations (upper estimate).

for CRV token most of the liquidity is on Curve, so it’s good there too. Support of Curve pools for analysis of liquidity is in progress by some members, so there is potential for it being turned on later by DAO.

The product feature improvement includes a visualization of Health Factor positions to estimate at what price levels there will be maximum liquidation volumes and assess the risk of cascading liquidations. It should be noted here that we are just approaching this task — but the Gearbox Protocol alone is still too early to cause such serious price movements. The hypothetical case of amounts being traded via Gearbox becoming significant implies either adding very low-liquidity assets (which could be seen as a subpar idea) or the protocol growing to truly large utilization number.

V2 Stablecoin & LPs analytics approach

As you may have read in the previous article, the main focus of Gearbox Protocol v2 will be on leverage farming (as one of the product suites being pushed first, but composability doesn’t stop there!). You can see concrete numbers and product snippets in this Leverage Ninja teaser. Therefore, risk assessment of farming strategies becomes an important topic.

Let’s discuss the approach in more detail. What is important to note here:

Stability of a peg: how the peg is maintained, what price stabilization mechanisms are there, how robust was a peg historically.
Exit liquidity: is there enough liquidity on DEXes to support a position unwrap.
Withdrawal slippage: whether a user incurs losses when unwrapping the position.

Stablecoin analysis and LP farming cannot be done without a deep study of Curve and Convex (because they absorb the main liquidity of stables). And keep in mind that for on-chain systems, it’s generally not a good idea to have trust assumption in place. That is if USDT goes to .95 cents — the system should liquidate an affected user, and not hard peg their Health Factor at USDT = 1. Yes, the peg can come back, but it’s not up to resilient on-chain systems to make such assumptions. What is important though is to make a system that can’t be easily manipulated in such cases.

The analysis of peg stability is basically the same as the analysis of volatility in the section above. A more interesting question is what happens in a negative scenario when a stablecoin starts to depeg: does this lead to cascading liquidations and a further peg collapse, or will the system (and positions in Gearbox) come to some kind of new equilibrium?

First of all, the analysis in Gearbox is complicated by the fact that Gearbox allows a user to independently choose the leverage ratio and, accordingly, the level of risk — and this affects the Health Factor of the position and the liquidation price.

*This figure represents how health factor depends on Leverage level and price of underlying asset for stETH/ETH Curve LP position.*

So primarily, we look at what will happen when positions are liquidated in the event of a depeg. It is important to take into account not only positions in Gearbox, but also in other protocols:

Next, we conduct stress tests during the implementation of such events — what kind of slippage will occur due to the simultaneous liquidation of large positions. For example, the chart below assumes that 5% of the Curve of the stETH/ETH pool will be liquidated — what price change will this lead to.

Since the amount of stETH in the pool is directly determined by the ETH/stETH exchange rate, we can calculate how much stETH would be liquidated in the described scenario, based solely on the price (blue dashed line). This is plotted against the price impact from that amount of stETH being liquidated (green line).

Such an analysis allows us to select parameters to make the system robust for various scenarios. We check what positions are available on the market, how this can affect the price and will a liquidation in Gearbox be safe in the case of large liquidations on other protocols.

Adjusted Total Value/Debt ratio here is calculated as a scenario where 5% liquidity from Curve (~32k stETH) was liquidated before liquidating this position.

Monitoring system

An additional level of system protection is a real-time monitoring system. The Gearbox infrastructure allows collecting all the protocol-related on-chain data, including underlying tokens’ events and allows monitoring the system security. The automatic notification system provides actionable alerts in case of a significant change of liquidity or price.

The on-chain risk monitoring system also scans all actions with credit accounts and pools and, if fraudulent behavior is detected, it can auto-pause contracts and inform the dev team / multisig / any user — about potential threats. This role has been designated to the emergency multisig function, and it can only do that one function. It’s all fully non-custodial.

Keep in mind this is a system used by some devs to help detect potential issues, and not a guaranteed safety backstop. You and anyone can run their own tools, all data is on-chain. Think through the risks yourself!

What are the examples of such cases? After the UST depeg and the frantic Luna printing, which value rapidly dropped to ~$0, the Chainlink price-feed returned 0.01$ value as it was the minimum value of the circuit breaker function that was automatically triggered on its smart contract. Multisig quickly forbade opening UST positions and later replaced the Chainlink price feed with a custom 0-price oracle to prevent any possible risks.

Fund are safu, all reports and actions can be found here:

Audits and Risks

Keep in mind that no number of audits can guarantee full safety. However, the largest expenditure item of Gearbox Protocol & now the DAO has always been and will continue to be security. We started with a preliminary audit back when we had the v0.1 version, then run numerous audits with the full release of v1 and DAO launch in December 2021, and have been continuing to do multiple audits in 2022. See here. More is coming.

Next to that, we have a security bug bounty initiative with Immunefi which we would like to upgrade through the DAO to a larger payout in the coming weeks. Please find the details here.

There are plenty of risks associated with DeFi, as many platforms are composable and depend on each other. There is no guaranteed return on Gearbox — you have to understand the possible risks. You can find them in the docs. Please suggest whatever you think is missing.

Further, it would be interesting to implement quantitative simulations and stress tests under various scenarios. We are not pioneers here — a good benchmark for us is Gauntlet, RiskDAO, Chaos Labs, etc. This is just a brief dive into how we (some of the members, again, there is no full control of any process in Gearbox DAO) use mathematical tools for risk analysis and assessment. If you want to join - jump into our risk-analytics Discord!

If you would like to join — just get involved on Discord. Discuss, research, lead and share. Call contributors out on their bullshit and collaborate on making things better. Here is how you can follow developments:

Website: https://gearbox.fi/
dApp: https://app.gearbox.fi/
User Docs: https://docs.gearbox.finance/
Developer Docs: https://dev.gearbox.fi/
Forum: https://gov.gearbox.fi/t/start-here-forum-rules/
Blog: https://medium.com/@gearboxprotocol
Github: https://github.com/Gearbox-protocol
Twitter: https://twitter.com/GearboxProtocol
Snapshot page: https://snapshot.org/#/gearbox.eth
And, of course, the DAO working docs:

Gearbox DAO

In this house, we are making leverage composable. Let's build together! DAO Committees Monthly Reports If you want to…

gearboxprotocol.notion.site