An update on the Algofi bug bounty case

Here is an update on the previous post about the Algofi bug bounty.

As I mentioned I addressed the Algofi team’s concern about interest rates and asked them to respond.

More importantly, I informed the Algofi team that

I identified a scenario with no market condition or price assumptions and solely based on Algofi internal protocols that the attacker/abuser takes zero risk, creates a real chaos in Algofi, makes a ton of money and causes significant losses to Algofi users, effectively stealing their money, and eventually this process leads to a spiral death. It should be reproducible on the testnet.

Here is the Algofi’s team response to the first attack scenario:

We’ve reviewed your variation on the original proposal where instead of borrowing the STBL (backed by USDC) the attacker purchases the STBL in the open market.

We do not find that this creates an exploitable situation and in fact somewhat simplifies the situation. As all STBL is overcollateralized in the lending market, the STBL the attacker has purchased in this scenario will continue to be backed by borrowers. As such as the attacker accumulates a growing share of the outstanding STBL they will be creating additional buy demand. As those who sold the STBL in the first place now have STBL borrow positions they need to repay in order to regain access to their collateral. When the attacker’s position begins to be liquidated, there will be an equal depth of STBL borrowers who are now able to buy back their STBL at a reduced price (as liquidations include a 7% premium). This buy pressure allows for liquidations to operate as expected at the expense of the attacker.

To put the above in a more straightforward order-of-events outline:

1) attacker purchases 50M STBL via the open market- after this is complete STBL borrowers are now in possession of at least 50M less STBL than they currently owe

2) attacker uses purchased STBL as collateral and max-borrows ALGO

3) At some point ALGOs price moves such that the attacker is now liquidatable (note liquidatable is not the same as undercollateralized)

4) Liquidators liquidate the attacker repaying ALGO and seizing STBL at a 7% premium

5) Liquidators sell seized STBL into AMM market where it is consumed by borrowers in order to cover their borrow positions at a discount- as the attacker would almost certainly have to pay at or above peg to accumulate the STBL position, borrowers are now covering their STBL short position taking profit

Additionally, given the scale of the proposed attack (50M STBL), it is fair to assume this is operating in an ecosystem at least 50x the current size as currently it would be impossible to accumulate more than ~1.5M STBL through direct AMM purchases without causing significant price deviation. As such it is also reasonable to assume that in this significantly larger ecosystem there will be proportionally greater liquidity for liquidations.

At this point the Algofi core team considers this bug report resolved as a non issue. We appreciate your continued attention and involvement with the Algofi protocol. Please let us know if you have any further questions or alternate scenarios you would like us to consider.

Here is my response including the new attack scenario:

Thanks for the response. This is what I expect to receive as part of a back and forth on this report.

What you described sounds reasonable at the high-level but missing important details which impact what can happen in reality.

Let’s establish a few basic arguments/facts:

1. First, the argument I’m trying to make is that STBL is not safe to scale and as soon as its market cap gets larger, which can happen in a short period of time, it poses a huge risk.

2. Borrowers (those who borrowed and sold) are trapped. Why? Because they cannot exit unless new borrowers come in. Let’s say there are 15M long and 15M short positions and 5M from this amount is in the swap pool. If borrowers want to pay back 6M, there must be new borrowers to the system. The current argument is that incentives (for example the lower interest rate, utility, etc.) are set in a way that new borrowers will emerge. However this is not true. Just knowing the fact that borrowers might get trapped and forced to pay much higher interest rates (see below), losing all their collateral, destroys all the appetite for STBL.

3. STBL holders are trapped. They cannot exist from their position because there is not enough liquidity at every moment in the pools. Yes, STBL is overcollateralized but it may take an arbitrary amount of time for them to be liquidated. If STBL gets depegged, the higher interest rates and eventual liquidation may not be a solution because depegging can cause bad debt in the system which broke the whole overcollateralized assumption.

4. STBL is considered $1 on both sides of lending no matter how depegged (positive or negative) it is, which poses a risk to the lending and liquidation protocol.

5. STBL creation can accelerate significantly by both rehypothecation and higher interest rates. There is a fundamental difference between STBL and other collateral. When borrowed it is not from the current circulation supply but creation of new supply.

Now here is an attack scenario:

An attacker uses the above facts, acquires a large amount of STBL (long position), uses three different approaches to constantly keep the price below .99 and increase the interest rate (the key here is that the inflow of USDC is way lower than STBL creation):

** Constantly sell the STBL interest received on his/her STBL holdings.*

** Borrow against the STBL position and set a sell wall at .99.*

** Use scenarios like the previous one (borrowing Algos) and force a liquidator to own a large STBL position.*

So the attacker keeps the sell pressure when there is no significant buy pressure and lets the price go up for short periods of time (so it doesn’t impact the interest rate that much) when there is a buy pressure and sells at higher prices pushing the price back down. So a reactive approach is used to keep the price most of the time below .99 and sometimes higher than 1.1 (or even higher depending on the buy pressure). Soon enough the appetite for STBL goes to zero as more participants understand the risks and significant price swings, which leads to STBL to get largely depegged. At this point not only an unlimited amount of STBL can be created (due to a very high interest rate) but it can be used to borrow assets with much higher values, which is used by the attacker as the exit strategy.

Please let’s have this moving forward fast rather than delaying it constantly.

Reddit

@Adri @JohnWoods @Daniel_Oon

Before allocating the Gov DeFi rewards to Algofi in the next cycle (gov7), which supposedly encourages people to use Algofi, the foundation should require the Algofi project

1. To become compliant for bug bounty matching program like other projects such as folks finance (tinyman, perra wallet), by open sourcing all their code.
2. To limit and eventually remove STBL from the platform.
3. Any mutable contract that can be manually updated by the Algofi team should be identified and listed. The following questions should be answered: Why are these contracts still mutable? What parameters or behaviors can be modified? What processes are used to audit these changes, inform the community ahead of time and prevent any unwanted issues?

open sourcing the smart contracts is on their roadmap for June 2023

For posterity, I just realized that the re-written scenario in the Algofi team response is missing a step in my original report.

1. attacker purchases 50M STBL via the open market- after this is complete STBL borrowers are now in possession of at least 50M less STBL than they currently owe.

1.5) attacker uses purchased STBL as collateral and max-borrows STBL
2) attacker uses borrowed STBL as collateral and max-borrows ALGO
3) At some point ALGOs price moves such that the attacker is now liquidatable (note liquidatable is not the same as undercollateralized)
4) Liquidators liquidate the attacker repaying ALGO and seizing STBL at a 7% premium
5) Liquidators sell seized STBL into AMM market where it is consumed by borrowers in order to cover their borrow positions at a discount- as the attacker would almost certainly have to pay at or above peg to accumulate the STBL position (not correct), borrowers are now covering their STBL short position taking profit.

Hi Sam. Thanks for posting this. I’m a bit unsure if this is really the right place to discuss an Algofi-bug issue. Having said that, I’m interested in learning more about this.
To make sure that we all can understand your bug bounty case, would it be possible for you to provide a visual demonstration of what you have described. And also listed down all of your assumptions?
I read through your posts and I find that the response from Algofi team is quite adequate. So I must be missing something?
Thank you.

Edit:
Just to add one more thing. You sound a bit unhappy with the Algofi team. I’m not sure if you closely follow their development progress or not but all the things that you “ask the Foundation to require the Algofi team to do” are already in their 2023 roadmap. STBL will also be sunset very soon and there’s already a portal for STBL holders to exchange 1:1 from STBL to USDC.
And one last thing. Algofi TVL is about 63% of the whole eco-system now. So I’m pretty sure a bunch of very fine people including the Inc. and Foundation are keeping their eyes on them and their platform. You can be reassured that if there’s just 0.1% of a chance for what you said in your bug bounty case to become reality, it’ll be assessed and resolved properly and in a very timely manner. I hope it helps. Thanks.

Hi nlh,

Thank you for the comment. From your account I’m not able to tell whether you work for the foundation or not. Could you please clarify your role?

I’m a bit unsure if this is really the right place to discuss an Algofi-bug issue. Having said that, I’m interested in learning more about this.

The Algofi team was informed ahead of time about each one of these posts. As fyi, I’m a supporter of Algofi project and already a top Algofi governor. The project has been very successful and I’m very optimistic it can have an even brighter future ahead. Having said that, the bug bounty process did not progress and concluded as I expected. Now, I have a few concerns (technical and non-technical) that I think they shouldn’t be overlooked. I do believe that addressing these concerns will eventually benefit and strengthen Algofi. FWIW, the Algofi team is working on preparing a response.

Would it be possible for you to provide a visual demonstration of what you have described. And also listed down all of your assumptions?

I believe both scenarios can be reproduced on testnet. The first one assumes a specific market condition. The second one is independent of market conditions but more tactical. Since STBL is at the core of the issues, you can start with understanding the STBL issues listed in the above post.

STBL will also be sunset very soon

Here we discuss STBL2 (the version doesn’t matter).

Algofi TVL is about 63% of the whole eco-system now. So I’m pretty sure a bunch of …

Terra Luna and FTX were 100x bigger and both failed!

Algofi Response:

Thanks for your patience as we considered your recent email. Our response below:

I think many of the themes in this alternate formulation are very similar so I am going to focus on the primary difference which is your claim that the attacker will be able to manipulate the interest rate strategically so that STBL2 trades primarily under 0.99 despite the fact that the attacker has bought up a significant fraction of the STBL2 float (this is again assuming a much larger ecosystem than is currently present as it would be impossible to accumulate a STBL2 position greater than about 1M without materially moving the current market). That seems to be the crux of this argument as without some kind of manipulation STBL would continue to trade over peg and the interest rate would fall.

There are a couple issues here with your proposed methodology for peg manipulation and they collectively represent a layered approach to algofi protocol security.

1. The price used for peg adjustment is volume weighted not time weighted. As such, the attacker would need to be doing more trading volume below peg than above. Given a market condition where the attacker has accumulated such a large STBL position and the associated upward price pressure from borrowers it is our belief that this would prove very difficult if not impossible as it would likely eat any possible upside.

2. Interest rate modulation is a gradual (though predictable) process, but by no means is the current interest modulation mechanism set in stone and modifying that process is one of the many levers at the DAOs disposal. Attacks of any kind that depend on long term manipulation of this mechanism are addressable in a fairly straightforward manner by DAO action. Replacing the mechanism with one resistant to whatever novel approach is being taken to manipulate results.

We believe that this formulation allows for a secure interest rate modification mechanism, but in the interest of maximizing protocol security we have thought about how the volume weighted mechanism could be manipulated. The most straightforward approach here would be self-trading in order to create “fake” volume at a different price point. This is not a free process, it takes a significant trade to materially move prices in the stable-swap markets and there are associated fees (0.1%) so the manipulator would (in this expanded ecosystem) be incurring costs in the range of 10-100k per a day in fees to carry out self-trade manipulation. We believe that given the knowledge that DAO intervention could easily prevent the continued use of this strategy it would likely present an insurmountable risk to a prospective attacker. At the high end, moving the interest rate just 1% (over 4 days) could represent a 500k liability.

My Response:

Thanks for the response.

The issue with STBL is that the rate of USDC entering the pools does not keep up with the STBL expansion and contraction cycles. It is an inherent issue.

USDC enters the swap pools in 3 ways:

1. Providing liquidity (USDC+STBL) to the pool
2. Buying STBL with USDC
3. Collateral liquidations and repaying borrowed STBL (only if USDC is used for buying STBL, and for example liquidator doesn’t hold STBL already)

STBL can expand rapidly and its creation (new loans and interest) can significantly exceed the rate of USDC entering the pools. There will be cycles of expansion and contraction and they can be quite extreme. As the contraction starts and the volume of #1 and #2 declines or stops completely and therefore #3 becomes the only option. However, assuming that borrowers immediately jump in and liquidate themselves is not true. For many reasons that may not happen. So, there is an arbitrary delay until the collateral is liquidated.

The contraction-expansion cycles may happen at 10M, 25M or 1B STBL market cap but they will happen and can be extreme and that’s where the huge risk is. The DAO being able to adjust the rates or change the mechanism provides some flexibility but doesn’t solve the inherent problem. When dealing with large numbers and conflicting scenarios, the only real solution is to provide significant liquidity. Assuming that’s an option (When that’s not an option for Algofi, at 10M or 1B?), in most cases it sets up for an even bigger issue down the road.

STBL borrowers and short term STBL holders take the immediate risk. However, the larger and more concerning risk is its impact on the lending ecosystem as destabilization breaks many assumptions. Please note that the larger the ecosystem gets the consequences of such an event would be more catastrophic.

A few other points:

• The first scenario still needs a response, though I noticed that you attempted to cover it with the general case.
• The concern is not necessarily that an attacker or a single large STBL-holder attempts to destabilize STBL but you can consider all long STBL holders as an imaginary single entity where it benefits from higher interest rates. The only difference is that when there is a single real entity, they can coordinate their action in a way that destabilization happens quicker.
• Impacting the STBL price shouldn’t be necessarily done with swaps and therefore paying fees. The most effective approach is to add/remove liquidity from the pools first and then move the price.

Please let me know if any part is unclear. I also plan to update the forum post assuming there is no objection from your side.

Reddit

My recent emails to the Algofi team:

The recent unfortunate events, the theft from multiple Algo wallets and its negative impact on myalgo’s brand and future, reminded us how challenging it is to safely and securely operate, scale and survive in the crypto space. Unfortunately no project is immune from such threats. I hope that Algofi sees my follow-ups on the bug bounty reports as an effort to increase the Algofi immunity against similar threats.

Given the ongoing depegged USDC (right now it is .92c) story I realized there is yet another scenario that STBL can make the situation worse. STBL is pegged to USDC and therefore now is .92c. One key difference with the only-USDC case is that STBL can be borrowed/minted at any amount (at least up to the platform limit) and then used as a $1 collateral. In other words it can exacerbate the problem. For example if there is only $10M USDC in Algofi then the damage is limited to that $10M, However, the damage with STBL can be multiplied as it is borrowed against the existing collateral.

My latest email to the Algofi team:

Any estimated time of response here? I’m hoping that we get to a conclusion before the start of the next governance round.

Given the recent events and extreme market conditions very much relevant to this bug bounty report and described scenarios, I hope the value and criticality of the report is now clear. Among all options I think a reasonable and less controversial option (without getting too much into the debate of STBL benefits vs. its costs/risks) is to decouple STBL from lending by lowering its collateral factor from 80% to 0% over time. STBL deposits still receive an interest. This decreases a little bit of STBL utility but avoids the large risk factor associated with it.

I haven’t heard back from you for a while. This doesn’t leave me any other option but to escalate my concerns to appropriate parties and authorities.

There have been many stable coin failures until now with severe irreversible and costly consequences. I have already explained fundamental flaws and risks of STBL and demonstrated them in a number of scenarios. I have also proposed an immediate action by decoupling STBL from the lending protocol which removes the risk for the majority of Algofi users. At this point, after four months from sharing the original report and exchanging tens of emails, I’m not able to justify the lack of appropriate action by the Algofi founders, which makes me seriously concerned about the narrow mindset driving some of these decisions that could adversely impact thousands of Algofi users.

@JohnWoods @Adri IMO it is irresponsible to encourage people to use Algofi (with including the governance rewards) unless the concerns in this thread are addressed. At minimum STBL must be decoupled from the lending protocol by lowering its collateral factor to zero.

@Sam171921 Would you be able to use your attack vectors on MakerDAO’s Dai in combination with Aave, Compound or Euler? If not, explaining how AlgoFi is different from those protocols could be very helpful.

One key difference with Dai is that 50+% of Dai reserve is USDC. It doesn’t mean that Dai wouldn’t suffer from some of similar issues but that practically reduces the chances in lower market caps. At the end all stable coins that are not fully backed by USD could suffer getting depeg during expansion/contraction end cycles, when most people want to exit but not enough USDC enters the pools, particularly as the MC increases and the gap between the total USDC in the pools and total MC increases.
Also note that both STBL borrowers and supplier are trapped. borrowers cannot exit unless new borrowers enter. suppliers cannot exit (in a timely manner) unless new USDC enters.

@Sam171921 Is the core of your argument that AlgoFi’s mechanisms are fine on paper, but current STBL2 liquidity in AMM pools is low enough that you think it is ripe for exploitation?

It is not fine on paper because you can create an unlimited amount of STBL by borrowing (there is a platform limit but that’s temporary and still much higher than the pool size). For example you can deposit $20M algo and borrow $15M STBL immediately. That’s new money. So, it is not only that the liquidity of both USDC and STBL are limited in the pools compared to the overall MC but even if there is enough liquidity an imbalance can be easily created by borrowing more STBL. The core argument is that you cannot claim STBL is pegged to USDC when not enough USDC enters the system. As the MC cap increases the pool looks more and more like a small entry/exit for a very large room. As soon as more people want to exit or enter there will be chaos.

STBL can be depegged for other reasons too, for example during the recent event of USDC depeg, STBL was at the USDC price (.86c-.99c) while its value as a collateral is always considered $1 in the Algofi lending protocol. STBL exacerbates the USDC depeg issue because an unlimited amount of STBL can be created and deposited as collateral immediately. In the recent event the Algofi team had to manually stop all USDC deposits in order to prevent its very unforseen consequences.

If I see you buy 15M stbl2 from the usdc/stbl2 pool, I am bridging 2m usdc and asking borderless and wintermute for the other 13m if nobody else does in the meantime. I will then replenish the starved pool (or whatever pools you starved to get the stbl2 off the open market).

idk why usdc is hard coded like that. I agree that needs to change. But stbl2 hard coded is fine.

The STBL holders (long positions) are definitely in a much better position than those who borrowed (short positions). They know that they will get their money eventually (can take a very long time though) and meanwhile can enjoy receiving the interest. Depending on how much they control the STBL market they can even increase the interest rate in certain conditions.

Borrowers don’t have any way out unless new borrowers enter. Let’s say there is 10M STBL short position and there is only 5M STBL in pools. The last 5M cannot get out no matter what price they wanna pay until someone borrows STBL and provides that to the pool. There is no way out of the system and as MC gets bigger the number of trapped people gets larger.

The minimum solution I’m proposing doesn’t solve STBL issues but at least removes its risk for all other lending users who may never have anything to do with STBL.

idk why usdc is hard coded like that. I agree that needs to change. But stbl2 hard coded is fine.

STBL is pegged to USDC so when USDC is depegged (Which wasn’t really expected) STBL is dpegged too as happened recently. The issues with STBL are way more severe than issues with USDC because of the ability to create new money and use it as collateral immediately. Given all these issues there is no real good reason to give any collateral value to STBL as most of the claimed benefits will be still there:

1. More USD-equivalent liquidity for pools.
2. The Algofi/DAO income from the difference between interests paid/received on deposited/borrowed STBL.
3. Suppliers still receive the same interest.

Again, the above solution doesn’t address STBL inherent flaws but at least limits the risk to whoever directly uses it not the whole platform.

Algofi Response:

We’ll revert to your latest email by the end of the week. The team feels that we’ve been clear in answering your concerns and disproving proposed attack vectors during this process. What has been the community response to your proposed attack vectors?

My Response:

We’ll revert to your latest email by the end of the week.
I sincerely hope that the outcome is a reasonable and responsible action by Algofi.

What has been the community response to your proposed attack vectors?

They are concerned based on my direct interactions. Comments do agree with the flaws. Aside that, Upvotes/Downvotes on Reddit are not representative as manipulated based on various incentives. Stepping back, the community response doesn’t matter but the Algofi actions when there is a systemic risk to users.

Algofi Response:

The purpose of this email is to address the latest formulation of your proposal as well as the team’s perspective. Before getting into your proposal we would like to touch on the issue of USDC de-pegging during the SVB turbulence. As is publicly available, Algofi pegs USDC (as well as USDt) to $1.00. This was a decision reached while considering the relative stability of USDC as compared to the relative risk of error in any floating price. This is not a decision unique to Algofi and in fact is a decision that many large protocols have landed on both sides of. That being said, the issue around USDC is not fundamental to your proposed issues with STBL and is not going to factor into this analysis.

In your latest communication you intimated that your primary concern with STBL2 was that there is no concrete connection between the volume of USDC and the volume of STBL2 as STBL2 may be borrowed with other collateral. I don’t quite understand how this differs from the initial assertions that in a liquidation event there may not be sufficient liquidity immediately if the size of STBL2 is significantly greater than AMM liquidity. In the most recent communication you talked about a contraction-expansion cycle. As far as I can tell that doesn’t really change the underlying claim. That claim being, in the event that STBL2 collateral greatly outpaces available AMM liquidity the interest rate modulation mechanism is insufficient to ensure eventual successful liquidation.

As we have previously described, the formulation of STBL2 is such that in the event of a liquidity issue the interest rate modulation mechanism provides ample incentive for liquidators to hold STBL2 as interest rates increase providing guaranteed income vie STBL2 interest as well as incentive for supply to contract as borrowers repay their borrowed STBL2 bolstering the price of STBL2. This formulation does not change based on the borrowed assets in question and while you have pointed out that at much larger ecosystem sizes (1B STBL2) this formulation would meet issues it is the Algofi Team’s opinion that you have not accurately factored in the growth of all aspects of the ecosystem in that scenario. In other words, STBL2 will not reach 1B market cap without multiple orders of magnitude growth in all other aspects of the Algorand ecosystem.
Obviously, these are heuristic assessments and thoughtful parties can disagree on the relative value tradeoff. One proposal you made was to decommission STBL2 as a collateral asset. This would be relatively easy and from our cursory assessment minimally impactful on the current Algofi ecosystem. STBL2 only represents ~222k of collateral on the Algofi protocol at present as the vast majority of supplied STBL2 is in lending pools. A gradual (say over a two month period) drawdown of the STBL2 collateral factor would not be likely to cause significant disruption. As such the Algofi Team would encourage the creation of a proposal for consideration by the Algofi DAO.

The steps to do this would be:

1. Create a “Temperature Check” post on the algofi governance page (gov.algofi.org)
2. Allow for ~1 week of discussion by the community
3. Apply any desired edits to the proposal based on discussion and promote to “Proposal Discussion” and create a proposal using the Algofi webapp

Let us know if you think that seems like a reasonable route forward at this point.

Note: When looking at the webapp you will see ~4.64M STBL2 supplied but this does not show that only 222k of that is “as collateral” the rest is supplied in exchange for the bAsset token which is utilized in lending pools.

My Response:

Thanks for the response.

That being said, the issue around USDC is not fundamental to your proposed issues with STBL and is not going to factor into this analysis.

Agreed. USDC de-pegging demonstrated a few interesting facts and that’s why it was mentioned in my recent emails:

• There is yet another way that STBL can be de-pegged and hence the greater potential risk for the lending protocol.

• If USDC, which has only 1-degree distance from USD, can be de-pegged, there is a higher chance that STBL with 2- degree distance from USD, STBL= USDC=USD, will be de-pegged.

• A very unexpected event like USDC de-pegging can happen and when it happens it is fast with unforeseen consequences.

I don’t quite understand how this differs from the initial assertions that in a liquidation event …

• The first scenario was about an attacker attempting to create a particular de-pegging condition and benefit from that.

• The second scenario was about an attacker/market-manipulator/large STBL-holder taking advantage of the STBL interest rate adjustment algorithm to arbitrarily increase the interest rate (or price).

• The third scenario (cycles) was about explaining that it is not about attackers or market manipulators but the inherent STBL flaw that ensures de-pegging for an extended period eventually happens at some point in the future. As the STBL market cap increases the liquidator argument becomes weaker since the risk and required liquidity for the liquidator goes higher. Why does the risk go higher? Because STBL MC cannot go up forever and there is a turning point (expansion/contraction) and any liquidator caught up in that turning point at minimum needs to wait a long time to get back their money, which also means being exposed to all other DeFi risks during that period.

you have pointed out that at much larger ecosystem sizes (1B STBL2) …

I used 1B as a sufficiently large number to make the understanding of the situation easier. I think much lower numbers (in order of tens of millions) would cause a real issue. In comparison look at how much USDC algofi has been able to attract.

The Algofi Team’s opinion that you have not accurately factored in the growth of all aspects of the ecosystem in that scenario …

Neither the 1B MC nor the ecosystem size matter that much except that they might delay the problem manifestation. The issues are fundamental to STBL. I’d argue that consequences would be greater (and scarier) when the STBL MC and ecosystem are much larger. Just look at all the interventions different central banks need to make to stabilize their currencies. For example, look at many countries that try to keep a stable ratio with USD and many challenges they have. Some of their problems are related to their currency inflation or weaker/stronger economies, but a part is also because of the difficulty of adjusting incentives, the mechanics of the market, etc.

One proposal you made was to decommission STBL2 as a collateral asset…

That was also my impression that there shouldn’t be too much collateral and seemed like the most beneficial and agreeable solution right now. In general, I think Algofi would benefit substantially from internalizing and re-using the risk isolation concept in more areas.

The plan LGTM. I’ll go ahead and create the proposal.

Happy to move discussion to the temperature check when it’s up but ill continue here. Why do you say that USDC is pegged to STBL? I don’t think that’s true.
They are both $1 in the protocol, yes. The usdc+stbl2 pool uses the stableswap invariant. Do people consider that a peg? I dont.
If usdc used oracle pricing in the lending protocol, would you no longer consider stbl2 pegged to usdc?

Temperature check post: This is the post: Change STBL2 collateral factor to 0% - Temperature Check - Algofi Governance