IPOR USDT Index: Sustained Oracle Attack and Risk Mitigation
With the opening of the IPOR Protocol trading competition, the Protocol experienced its first prolonged attack.
Today, along with the opening of the IPOR Protocol trading competition the Protocol experienced its first prolonged attack. The nature of the attack is economic and is not smart contract related. The attack has been averted thanks to constant monitoring of the system and quick reaction by the core team.
The total loss to the USDT pool is less than 0.5%. Obviously, this is not an ideal situation, but it is well mitigated with a current average return of 88.51% APR for USDT liquidity providers (base APR) and an average APR of 96.56% with pwIPOR delegation (power up).
Below is a list of events, the on-chain activities, mitigation, and future considerations.
The Attack: Gigalong USDT Rates and Push up Interest Rates on DeFi Money Markets
Today February 2, 2022, between 8:43 am and 9:10 am UTC a user or connected group of users opened 10 different positions with notional values between $97m and $98m at an average IPOR USDT rate of 3.70%, the collateral value of which and total value at risk to the liquidity providers (LPs) was $984K.
The IPOR Index is a composite volume-weighted, mid-market rate of Compound and AAVE borrowing and lending rates. Through connected accounts the attacker(s) proceeded to manipulate the utilization rates of both AAVE and Compound for an extended period of time utilizing approximately $40m to borrow USDT and increase the utilization rates on the two markets, raising the interest rates and the IPOR index.
On-chain Actions
First USDT Index update to 4.884% during the attack.
Highest Index update to 45.976 % during the attack.
Primary Address (Rate manipulation, feeder to swap accounts):
0x71E343797a751555d9542A619a5d50fb757B9e6E
Secondary Addresses:
0x7c3335feD8B8ac41118d150Dc60995E6415fe8d0
0x79425316f68ecfa5ebea45434da3503f31920fff
0xc6D0F5a447b4A83d0cC0c79C86841B7D147C2ab3
0xd515774ffe8b22f24bb868fbb9109ffb015c738c
0xc3c118f459CD830867A7E6149291f303AD83D8eb
0x7884d86ede7336f01c97ffd3939720945a1241e4
0xd515774ffe8b22f24bb868fbb9109ffb015c738c
0x5073d6055bbdb7d7b02163d133a7dcee9cceb440
0xc6d0f5a447b4a83d0cc0c79c86841b7d147c2ab3
0x8f2427106d1a2bd026ad7d300ee650a605f3686a
0x6a79613377e54bc2433e43c5651f06edb5da069a
You can view the IPOR Protocol stats on Dune:
Attacker(s) Profitability breakdown
- Profit: $55K
- Cost (IPOR Fees): $14.8K
- Income fee to DAO: $6K
- Hourly cost of Attack estimated: 40m*20%/365/24= $913
A reduction in leverage would reduce the profitability by a factor of 10, and increase the relative fee by the same factor (fee is a % of collateral, so lower leverage is a higher effective fee in notional terms).
Attack Mitigation
The IPOR Protocol has been designed with several functions using upgradable proxy contracts which can be utilized in cases such as this.
As the nature of the attack was manipulative, and provable through on-chain transactions, the contracts have been closed before maturity which is a functionality of the circuit breaker mechanisms.
In order to mitigate a future exploit and dampen the effect the following actions have been taken:
- Leverage has been decreased from a maximum of 1,000X to 100X
- Pool utilization has been limited per swap leg
- The positions of the attacker(s) were closed
Note that an Interest Rate Swap is an exchange of cashflows over time meaning that the risk of leverage in swaps is very different than in perpetuals. An attacker would have to effectuate a prolonged attack for the position to reach maximum profit.
IPOR Index Guardian Phase and Decentralization
The IPOR Interest Rate Swap market’s function is to provide an efficient marketplace for traders to hedge interest rate risk across their debt positions. Liquidity providers are the service providers of the Protocol and the protocol’s #1 goal is to protect LPs against unnecessary loss, such as in the case of market manipulation.
Currently, the IPOR Protocol has been live on the Ethereum mainnet for fewer than 6 months. In the past week, the TVL has grown by 10X resulting in new users and widespread attention. The Protocol is currently under the guardian phase as described in the IPOR Protocol whitepaper, and will be gradually transitioned to DAO governance. The DAO design is currently underway, and in the meantime, the IPOR Labs team, IPORIANS, and DAO collaborators are entrusted with making the right decisions for the Protocol’s long-term functionality. Given the nature of the attack, we made the decision to protect LPs. In the future, the DAO will have to be sufficiently equipped to deal with such matters from subject matter experts, to technical capacity, to round-the-clock monitoring.
If you are interested in the formation of the IPOR DAO please join the Discord discussions.
Preventing Future Attacks
Reduction of leverage through parametric triggers
There is currently a workstream by the IPOR Labs' quants tackling this.
Slippage and utilization per direction
There is also a workstream to improve the market dynamics to discourage single-sided exposure by the pool without significant penalties to traders.
Lowered utilization per pool-max drawdown scenarios based on the cost of attack
More research needs to be done as the cost/profitability changes with market dynamics i.e. in low liquidity the capital requirement and therefore interest rate cost is less than in higher credit activity times.
Thanks for reading!
Leave a comment below if you have any questions. Be sure to join our community on Discord, so you receive the most relevant updates on the IPOR Protocol and Interest Rates in DeFi. Meaningful product discussions are highly valued and spam is strongly discouraged. Be cautious and don’t fall for impersonators.
Follow IPOR Labs on social media so you never miss a beat!
Website | DApp | Docs | Discord | Twitter | LinkedIn | Telegram | YouTube
