Aave gets serious about $GHO stablecoin, Mars Protocol showcases risk framework and price manipulation attacks wreak havoc at Moola and Mango Markets
Issue #11 of The State of DeFi Lending newsletter
Welcome to issue #11 of The State of DeFi Lending, a newsletter covering the highlights of lending markets in DeFi.
In this issue we cover
Aave releases update on its native stablecoin $GHO
Mars Protocol showcases its risk framework
Moola Markets gets exploited for $8.4m
Mango hacker speaks up & claims $47m bounty
Read below for more…
News
Lending behemoth AAVE releases a long-awaited update on its new stablecoin $GHO
With TVL of $5.2bn, Aave is one of the leading lending markets across DeFi. The protocol has been exclusively focused on matching lenders and borrowers across its money markets and is now setting sights on using the protocol’s liquidity to spin up its own stablecoin.
What’s interesting is their multi-asset approach: $GHO will be backed by a basket of assets and strategies that comprises pretty much the entirety of DeFi assets. This puts the TAM at a multiple of single asset collateral strategies and could solve the scaling dilemma that many other stablecoin protocols have run into. It’s noteworthy that $GHO could also be “backed” by undercollateralized or algorithmic strategies which would dilute the backing from underlying collateral.
The collateral types and strategies will be managed by appointed Facilitators who set risk limits and manage the pools. Aave DAO will be the first Facilitator for $GHO.
Here is a talk about $GHO at DevCon Bogota (the link takes you straight to the relevant section):
Key characteristics of $GHO are:
$GHO is minted on demand when a user initiates a borrow
The oracle price is fixed to $1
Interest rates are defined by Aave governance
Repaid interest is directed to the DAO
Discounts are available to borrower staking Aave in the safety module
Multi-collateral positions
Earn interest on collateral
This thread goes into further details and summarizes the whitepaper.
Mars Protocol, a soon-to-launch lending protocol, has released its risk framework
In a recently published blog post, Mars Protocol outlines their approach to risk management. Given that Mars Protocol focuses on “portable leverage”, there are novel protocol-level risks: Mars’ assets will be used in other protocols whose vulnerabilities need to be detected and mitigated before contracts are approved.
The two-step approach first screens for the protocols’/assets’ technical and centralization risks. In the second step, the framework defines how risk parameters should be set for assets/protocols based on market & liquidity risk metrics.
At its core, the risk framework should help to:
Minimize the risk of shortfall events
Encourage MARS staking by giving participants more confidence in the protocol’s stability
Eliminate politics and ensure objectivity in the governance process
It is interesting to note how the framework accounts for general finance risk factors and DeFi risk components such as decentralization and oracle risks.
The Mars Protocols’ risk policy will be supervised by the Martian Council. The full framework can be found here.
Moola Market gets exploited for $8.4m in a price manipulation attack
Lending protocol Moola Market, an Aave fork that’s deployed on the Celo blockchain, got exploited for $8.4m in an attack that looks eerily similar to the recent Mango Markets exploit.
The attacker funded the wallet with 243k $CELO token. 60k $CELO were lent to Moola and 1.8m $MOO token borrowed to be used as collateral. The attacker then went on to pump the $MOO price with the remaining $CELO. The inflated $MOO were deposited into Moola as collateral to drain all other tokens.
The attacker singled out $MOO as a micro-cap asset where the price was easy to manipulate, with only $121k in DEX liquidity,
However, the attacker has returned most of the borrowed funds to Moola.
Mango Markets attacker speaks up and claims $47m bounty
The group of attackers behind the $112m Mango Markets exploit, led by Avi Eisenberg, came forward to publicly justify their actions. Avi states that he believes their actions were legal as they used the protocol as designed.
In an interesting twist of events, Eisenberg’s group agreed to return ~$65m to the DAO. These funds and the DAO treasury will suffice to make users whole. In return, the DAO vouches not to bring legal actions, which experts think would not have stood a chance in court anyway.
The group around Eisenberg will keep a “bounty” of $47m which led them to describe their actions “as a highly profitable trading strategy”.