FYEO & Ratio Finance: Form Web3 “Justice League” Offering “Security as a Service.”
Introduction
Without a doubt, the past week has been the most tumultuous in the history of crypto. However, for the Solana DeFi ecosystem, it has been even more distressing. Following the collapse and bankruptcy of FTX, the contagion was felt across all of Solana DeFi as assets such as Sollet BTC became unbacked, and collateral such as SRM and FTT experienced 50%+ drawdowns in value.
These catastrophic events underscore why security must take precedence for all Web3 participants, not as an afterthought. Post-FTX, it is paramount that projects adopt Security as a Service, not as a final "bolt-on". To this end, FYEO and Ratio Finance, as traditional security and financial risk auditors, are uniting to offer cohesive Risk Management Services.
To be insulated from the collapse of centralized exchanges, market makers, or lenders (e.g. 3AC, Celsius, Alameda); Decentralized Finance ("DeFi") projects require increasingly sophisticated risk management. DeFi will not function at scale if it cannot withstand extreme market events.
The FTX debacle hit virtually every protocol on Solana. The largest Solana DeFi platform, Solend, paused operations after its Total Value Locked ("TVL") dropped by more than -$360M. Solend is making commendable efforts to protect its users, offering a solid example of a responsible DeFi protocol. From Solend's experience, there are vitally important lessons for other DeFi platforms to learn and incorporate into their operations.
To explore the novel financial risks to which DeFi platforms must pay attention, Ratio Finance & FYEO together present this analysis of how the FTX insolvency affected Solend.
What is Solend?
Solend is an algorithmic, decentralized protocol for lending and borrowing on Solana. Lending and borrowing have proven themselves to be critical in the DeFi ecosystem. However, current products could be faster and cheaper. On Solana, Solend can scale to be more affordable than similar lending markets on ETH, such as Compound or AAVE. Solend aims to be Solana's most popular and secure DeFi platform.
Initial Troubles
One of the dangers of being an open-source protocol like Solend is that all oracles used are published. Before the FTX collapse, Solend was already experiencing troubles with a financial exploit of over $1M. The exploiter noticed that Solend was interpreting the price of USDH, a collateralized debt position ("CDP") on Solana, from a single oracle (i.e. Switchboard) and a single pool on Saber, a large stablecoin automated market maker ("AMM"). Additionally, this pricefeed was a deprecated version of Switchboard, further compounding the ability for someone to manipulate its data.
By manipulating the composition of the USDH/USDC pool on Saber, the exploiter was able to bring the price of USDH to over $8 for one block. In the same instance, the exploiter deposited USDH into the Solend protocol (which was interpreted by Solend as being worth a lot more), and borrowed over $1M worth of USDH. It is worth noting that on the Saber side, arbitrageurs brought back the price from $8 to $1 the very next block. The bad debt was later covered by the Solend treasury.
You can learn more about this event from Solana FM:
The clear takeaway for DeFi platforms from this are:
Use multiple sources of liquidity when consuming oracle data
Use time-weighted average prices (TWAPs) to insulate yourself from risk
Use price bands to limit the risk of flash loan attacks
How FTX/Alameda Research Affected Solend
The price of Solana, which was chasing recent highs of $39 after official announcements of Google Cloud running a Solana node, plummeted on November 9 to below $14, marking a >50% drawdown. This is because FTX/Alameda Research were seriously large investors in and holders of SOL. As FTX burned to the ground, so did Solana DeFi.
Historically, FTX/Alameda was known to take tokens in which they held a core stake and deploy them to any lending protocol that would allow FTX/Alameda to borrow against their indicated value, thereby leveraging the token asset. As long as the market value of the tokens thereby leveraged rose, this was a symbiotic relationship: protocols gained massive - if inflated - TVL and fees, and FTX/Alameda gained liquidity for their otherwise illiquid assets.
In the process, many protocols that fell for this trap became overexposed to these assets and Alameda as a counterparty. When the initial outflow of capital from Alameda occurred in Solana DeFi in October 2022, the TVL halved overnight. The drop in liquidity was a warning sign of things to come: many protocols faced an immediate liquidity crunch, as Alameda was their largest, sometimes only, liquidity provider. Even so, protocols continued to accept FTX/Alameda assets (e.g. soETH, soBTC, SRM, FTT), growing the overexposure and overreliance on FTX.
The liquidity contagion quickly spread to the Solana network, as traders began to abuse illiquid markets still trading on FTX. Some oracles on Solana, such as Pyth, were still publishing price feeds from FTX/Alameda as data publishers. This led to irregular price reports across Solana, making it difficult for many platforms that accept volatile assets to function. Virtually every derivative market on Solana shut down as a result.
For Solend, low liquidity and irregular pricing from oracles manifested in seriously low liquidity for one of the largest borrows against SOL on the Solend platform. A single SOL-borrow position has borrowed more than $8M USDC against what had now become a $2M SOL deposit.
Although Solend has permissionless liquidation bots enabled, network congestion, low liquidity and oracle issues meant that the underwater position could not be covered through traditional liquidations. Solend began a campaign where others could pay back the whale’s debt at a premium. Eventually the position was liquidated, netting a >6M USDC hole of bad debt for the Solend Treasury. They covered this a few days ago.
The clear takeaway for DeFi platforms from this are:
Make sure the amount of 'good quality' debt that is outstanding is higher than the 'bad quality' debt
Make LTV/Interest a function of slippage (i.e, if there’s higher slippage, increase interest rates to encourage people to pay back debt)
Do not overexpose yourself to any singular asset, despite what the initial payoff may be
Understand what the credit risks are off each asset that is onboarded on your platform
Conclusion
In many ways, FTX and its CEO, Sam Bankman-Fried, were the faces of trust and mainstream adoption of cryptocurrencies. Institutions, pension funds and individuals lost billions of dollars from FTX's collapse. While Solend did not insulate itself from the FTX collapse, viewing it as an unlikely event, it is important to state that Solend has handled this crisis well, recently announcing that the protocol will be using its treasury funds to pay back all bad debt.
The FTX/Alameda meltdown is not indicative of the fragility of the technology, or the opportunity DeFi presents to produce net societal good, not just profits. Neither is it a statement on whether exchanges should be centralized (“CEX”) or decentralized (“DEX”). Our analysis here is meant to highlight the esoteric risks for DeFi. The red flags in Solend and other Solana DeFi projects should have been spotted and corrected early on. The combined effort of FYEO and Ratio Finance can aid other platforms to avoid these devastating pitfalls going forward.
FYEO & Ratio Finance: Keep DeFi Safe, Secure from Harm
We know blockchain moves fast, and so do we. FYEO, in collaboration with Ratio Finance, focuses on reviewing your DeFi and crypto code and analyzing and detecting financial attack vectors. Combined, we offer a complete Security as a Service offering.
Ready to get started? Use this link and fill out a quick form, and we'll get back to you.
About Ratio Finance
Ratio Finance has built a "Risk Oracle" on top of Solana. Its first use case of its risk oracle is a Collateralized Debt Position called USDr. People can deposit various yield-bearing assets into the Ratio Finance dApp and borrow USDr against them while still collecting yield. USDr has been circulating for over eight months, with no liquidations and highly capital-efficient loans.
Part of the reason that Ratio Finance as a protocol did not accept assets like FTT and SRM is down to our risk assessment. All assets on Ratio Finance undergo rigorous credit checks and are then assigned a 'Ratio Risk Rating' (“RRR”).
Key RRR factors include, but are not limited to:
Return Distribution, Market Capitalization, Liquidity, Volume, Fair Price, Macro Market Impact, Liquidation Impact, De/centralization, Funds used as Collateral, Peg Type (if stablecoin), and Liabilities.
The collateralization and liquidation ratios are dynamically adjusted based on the RRR. The RRR also controls another key safeguard mechanism: Asset caps. Based on the risk of the asset, the amount of USDr minted from that asset is limited. Some of the critical metrics that Ratio examines are variables such as the FDV of a token, token float, and concentration of holders. As all of these factors were high for all FTX/Alameda assets, we believed the exposure risk to be too high to accept as collateral.
Based on Ratio's DeFi ecosystem experience as a protocol and risk manager, the Ratio team has begun to offer financial risk audits. In these audits, Ratio Finance observes and detects possible economic attack vectors. Of late, in particular, the bulk of exploits conducted have been financial attacks, not smart-contract attacks. Examples of these attack vectors include:
Governance Risks (e.g. Beanstalk).
Oracle Manipulation Risks (e.g. Mango).
Protocol Design/Architecture (e.g. Crema).
Collateral Risks (e.g. Terra).
Asset Liquidation Impact (e.g. Maker, Solend).
These attacks have cost protocols hundreds of millions of dollars. As such, DeFi needs to undergo more rigorous financial-risk audits if it wishes to avoid these exploits and regain consumers' trust in these novel markets.
About FYEO
FYEO is a chain-agnostic Web3 cybersecurity platform with three central pillars: Security Audits, Threat Monitoring and Intelligence and Decentralized Identity Management. While FYEO's services don't directly protect projects and users from the fallout stemming from the demise of FTX, the FYEO Platform helps protect against the billions of dollars and economic value lost from the other major pain points impacting the Web3 universe - namely, poor security.
To stop the growing number of hacks in the Web3 space, ecosystems and projects building on them need a robust and comprehensive approach to ongoing security, to ensure that what they create is stable. Security starts with a code audit but continues with ongoing threat monitoring to prevent and be alerted to other potential cyberattacks. FYEO incorporates a multi-pronged approach to keep projects and ecosystems safe.
A thorough and process-driven approach to audits is a necessary starting point. While it may be a prevalent view that security audits become fool-proof through using automation, this is a false hope–something every seasoned auditor knows. Put simply, the idea that a tool would replace the artisans as in other repetitive industries remains a pipedream. As we evaluate every tool available on the market today, we know this. Instead, we employ automation for parts of the audit process to optimize the workflow so as not to lose time from the actual review work.
There is no analogue for human attention when it comes to smart-contract analysis. Our mission is to remove all other steps and create an environment where the reviewer can excel. In essence, our view is that "A fool with a tool, is still a fool!" or, more candidly, "Automation will, at best, create low-quality reviews!". Our clients deserve to be secure.
Today our Senior Cryptographers, Cybersecurity Analysts and Cybersecurity Engineers test and analyze the complete system for potential vulnerabilities based on a thorough Threat Modeling process. The Threat Model methodology is an industry-standard methodology of creating a map of all entry points, ways to affect the system and what effects that would have. The Threat Model is one of the many inputs to the comprehensive cryptographic-, logic-, code-, and functionality review when advanced distributed systems, e.g. Distributed Ledger Technologies or Blockchains.
However, a robust security framework must continue beyond a code audit.
Our experience dictates that ongoing threat monitoring, such as our own FYEO Domain Intelligence, is no longer a 'nice to have' but a 'must have' to stop the hacks resulting from primarily phishing attacks and unauthorized access to internal systems as a result of poor password management and leaked credentials. As we have seen, several other attacks can bring an ecosystem or project to its knees (roughly 35% of hacks result from security breaches).
In client talks, we focus on educating them on the big picture when it comes to cybersecurity to address the current and future security vulnerabilities facing Web3 companies. We say, "what's the point of installing a state-of-the-art security system if you leave your door wide open?”
Our learnings over our team's decades of experience in cybersecurity and analysis of industry attacks have taught us that the best defense is a constantly vigilant offense.