Algofi Response:
Thanks for your patience as we considered your recent email. Our response below:
I think many of the themes in this alternate formulation are very similar so I am going to focus on the primary difference which is your claim that the attacker will be able to manipulate the interest rate strategically so that STBL2 trades primarily under 0.99 despite the fact that the attacker has bought up a significant fraction of the STBL2 float (this is again assuming a much larger ecosystem than is currently present as it would be impossible to accumulate a STBL2 position greater than about 1M without materially moving the current market). That seems to be the crux of this argument as without some kind of manipulation STBL would continue to trade over peg and the interest rate would fall.
There are a couple issues here with your proposed methodology for peg manipulation and they collectively represent a layered approach to algofi protocol security.
The price used for peg adjustment is volume weighted not time weighted. As such, the attacker would need to be doing more trading volume below peg than above. Given a market condition where the attacker has accumulated such a large STBL position and the associated upward price pressure from borrowers it is our belief that this would prove very difficult if not impossible as it would likely eat any possible upside.
Interest rate modulation is a gradual (though predictable) process, but by no means is the current interest modulation mechanism set in stone and modifying that process is one of the many levers at the DAOs disposal. Attacks of any kind that depend on long term manipulation of this mechanism are addressable in a fairly straightforward manner by DAO action. Replacing the mechanism with one resistant to whatever novel approach is being taken to manipulate results.
We believe that this formulation allows for a secure interest rate modification mechanism, but in the interest of maximizing protocol security we have thought about how the volume weighted mechanism could be manipulated. The most straightforward approach here would be self-trading in order to create “fake” volume at a different price point. This is not a free process, it takes a significant trade to materially move prices in the stable-swap markets and there are associated fees (0.1%) so the manipulator would (in this expanded ecosystem) be incurring costs in the range of 10-100k per a day in fees to carry out self-trade manipulation. We believe that given the knowledge that DAO intervention could easily prevent the continued use of this strategy it would likely present an insurmountable risk to a prospective attacker. At the high end, moving the interest rate just 1% (over 4 days) could represent a 500k liability.
My Response:
Thanks for the response.
The issue with STBL is that the rate of USDC entering the pools does not keep up with the STBL expansion and contraction cycles. It is an inherent issue.
USDC enters the swap pools in 3 ways:
- Providing liquidity (USDC+STBL) to the pool
- Buying STBL with USDC
- Collateral liquidations and repaying borrowed STBL (only if USDC is used for buying STBL, and for example liquidator doesn’t hold STBL already)
STBL can expand rapidly and its creation (new loans and interest) can significantly exceed the rate of USDC entering the pools. There will be cycles of expansion and contraction and they can be quite extreme. As the contraction starts and the volume of #1 and #2 declines or stops completely and therefore #3 becomes the only option. However, assuming that borrowers immediately jump in and liquidate themselves is not true. For many reasons that may not happen. So, there is an arbitrary delay until the collateral is liquidated.
The contraction-expansion cycles may happen at 10M, 25M or 1B STBL market cap but they will happen and can be extreme and that’s where the huge risk is. The DAO being able to adjust the rates or change the mechanism provides some flexibility but doesn’t solve the inherent problem. When dealing with large numbers and conflicting scenarios, the only real solution is to provide significant liquidity. Assuming that’s an option (When that’s not an option for Algofi, at 10M or 1B?), in most cases it sets up for an even bigger issue down the road.
STBL borrowers and short term STBL holders take the immediate risk. However, the larger and more concerning risk is its impact on the lending ecosystem as destabilization breaks many assumptions. Please note that the larger the ecosystem gets the consequences of such an event would be more catastrophic.
A few other points:
- The first scenario still needs a response, though I noticed that you attempted to cover it with the general case.
- The concern is not necessarily that an attacker or a single large STBL-holder attempts to destabilize STBL but you can consider all long STBL holders as an imaginary single entity where it benefits from higher interest rates. The only difference is that when there is a single real entity, they can coordinate their action in a way that destabilization happens quicker.
- Impacting the STBL price shouldn’t be necessarily done with swaps and therefore paying fees. The most effective approach is to add/remove liquidity from the pools first and then move the price.
Please let me know if any part is unclear. I also plan to update the forum post assuming there is no objection from your side.