DeFi’s Mt.Gox Moment

bZx is an Ethereum-based lending protocol. Fulcrum is a margin trading platform that sources liquidity from bZx. The products share the same team. 

And that team is having a bad week. 

Catastrophes come in threes.

On Valentine’s Day, some unidentified person was studying source code, unearthing an oversight that, under certain conditions, allows a leveraged position to be opened even if it immediately enters into a state of negative equity. Having mastered the rules of atomic transactions, said unidentified person proceeded to exploit this oversight, using borrowed capital to skew the ETH/BTC ratio in their favor to the tune of $300k. 

On President’s Day, some unidentified person manipulated the synthetic USD/ETH Uniswap market, artificially boosting the value of their sUSD collateral $CLAM-style. Said unidentified person proceeded to borrow Ether against this inflated collateral value and, er, I don’t get the impression they have any intention of paying it back. This time, an estimated loss of $645k. 

On Tuesday Fulcrum’s website briefly went offline because, er, some unidentified bZx employee forgot to renew the domain. No money was lost this time . . . just any remaining credibility.

A quick word on flash loans! 

Commonly known as ‘floans’, flash loans allow anyone to borrow capital without first depositing collateral under the condition that borrowed funds are returned within the span of a single transaction. Both the Valentine’s and President’s Day attacks were enabled by flash loans, the first source from dYdX, the latter from…bZx, ouch. Now everyone hates flash loans.

Anyway, we now have a bank run on our hands. Like Compound, bZx uses a pooled liquidity model for its lending protocol. Users deposit, say, ETH and instantly earn a variable rate, which is a function of the utilization rate. As utilization rises, rates rise, incentivizing more lenders to enter the pool. In peacetime, this dynamic rate system has two nice properties: it ensures that there is sufficient supply to meet demand and it guarantees some margin of liquidity for lenders to exit the pool at will.

In bZx’s Valentine’s Day post-mortem, CVO (Chief Visionary Officer) Kyle Kistner noted that the first exploit “has resulted in an undercollateralized loan on the platform. Note that this is not yet a loss, but has the potential to become a loss.“ And he’s right. The loss itself is only realized once all liquidity exits the pool.

But that’s also problematic! A fair-ish resolution here would be to socialize losses among lenders on a pro-rata basis. Lending isn’t risk-free, which is why we see rates at a premium to cost of capital. These exploits are the types of risks that lenders have to endure and for which they are compensated for. When the risk event actually occurs, it seems right that lenders should have to pay up.

The problem, however, is that the lender left with the bill will be the lender who is last to exit the bZx ETH pool. And so capital providers on bZx have rationally rushed for the exits, spiking the utilization rate to 100% and effectively pausing withdrawals. If you’re feeling particularly ambitious you can now lend ETH on bZX at 100% APR, although I wouldn’t necessarily recommend it. Give it a matter of hours and you can probably pick up bZx ‘certificate of deposit’ tokens for pennies on the dollar on Uniswap — distressed debt on the blockchain, yay! 

The loudest criticism of DeFi voiced at Consensus last year was around the risky nature of these decentralized loans and their nascent infrastructure.

So, bZx is likely going to be feeling some pain for some time, but what does this mean for the DeFi space overall going forward? How should all non-affected protocols proceed? 

Audit contracts. Audit them again. Audit them thrice. Then audit the contracts of all your dependencies. Next, use robust price oracles. More specifically, don’t use price oracles that can be manipulated within the span of a single transaction. Chainlink is probably acceptable in the very near term but is in itself riddled with dependencies — namely, a handful of trusted data providers — and, given enough of an incentive, may find itself the target of an exploit. 

Uniswap v2’s time-weighted average price oracle, which stores the exchange rate of each pool after the last transaction of each block, feels more suitable although there seems to be a fairly binary trade-off between robustness and time sensitivity, which may not be suitable for lending protocols supporting volatile, illiquid collateral types. 

Overall, I think this teaches the DeFi space an important lesson the cryptocurrency community has had to learn over and over. It sucks but is net positive even at this point in Ethereum’s life cycle:

These wily interpretations of deficient rulesets are always painful to witness, especially if you are one of the users that finds themselves directly impacted, but it is a natural part of the maturation process. Those blockchains and markets and applications that take the time to understand these exploits, adapt, and design against them will be successful over the long term. 

The ultimate goal is to make these protocols as boring as possible. Whether that’s a good thing or a bad thing really depends on where you fit into them. From a utility perspective boring is positive. But if you consider that a major part of the allure of the cryptocurrency world is its liminal spaces, and, concurrently, society’s innate thirst for instant gratification, boring (and safe) might just be the thing that keeps the industry from growing to its threshold of no return.