The Standard

DeFiHardhat

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Lack of Sufficient Risk Policy Parameters in Contracts May Lead to Protocol or Liquidator Losses

khramov

[HIGH]

Summary

The protocol uses a common collateralRate parameter for all collaterals, currently set at 110% in production. Top protocols like Maker, Aave, and Compound have independent collateral rates for each type of collateral. The absence of a borrow limit also poses a risk that could lead to the emergence of bad debt.

Vulnerability Details

Bad debt note

The main invariant of collateralised stablecoins: Issued stable coin value <= collateral value * collateral factor (or euro value < collateral value / collateralRate in terms of The Standard protocol), where 0 <= collateral factor <= 1. This invariant should be valid both for each position and for the whole protocol.

There are two cases of invariant break for a position:

collateral value * collateral factor < Issued stable coin value <= collateral value - in such cases, the position is liquidated, collateral is sold, and its value is enough to repay (burn) all issued stablecoins.
Issued stable coin value > collateral value - in such cases, the position is also liquidated, collateral is sold, but its value is not enough to repay (burn) all issued stablecoins:
- X - issued stablecoins, Y - repaid and burnt during liquidation stablecoins where Y < X. X-Y is the protocol's bad debt. It means if all users close their positions, X-Y stablecoins are still issued. But this amount is backed by nothing.

When the protocol has bad debt, the fair price of a stablecoin = (Issued stablecoins - Bad debt) / Issued stablecoins and it is < 1. It means that the stablecoin tends to be unpegged.

To return the peg, the protocol must buy stablecoins from the market and burn them. It means that Bad debt is the direct protocol loss.

Collateral Rate

Volatile assets like BTC or ETH can drop in price by tens of percent in minutes. There is no guarantee that liquidation will be triggered immediately after a small price change due to network conditions (huge gas prices, full blocks, etc). With a collateralRate of 110% (set in production), a price drop of >10% will lead to bad debt.

Recent example: BTC/USD price dropped from 44357 to 41463 (~7%) in 25 minutes (see 03.01.2024 12:00 https://www.tradingview.com/chart/?symbol=BITSTAMP%3ABTCUSD). There have been many deeper drops in the history of BTC or ETH.

Non-top assets (with low liquidity) could drop even deeper.

So, it is necessary to implement a separate collateralRate for each collateral and use higher values depending on the volatility of the collateral.

Examples from top borrowing protocols:

Aave
- BTC max LTV = 73%, in terms of The Standard protocol collateralRate = 137%.
Compound
- BTC collateral factor = 70%, in terms of The Standard protocol collateralRate = 143%.
Maker: Collateralisation ratio is 150%.

Borrow Limit

In case of liquidations, the liquidator repays vault debt with their EUROs and receives collateral. The liquidator must be able to sell the received collateral and buy EUROs again (with some profit).

Example:

Market PAXG liquidity is 1_000_000 PAXG, meaning the maximum amount of PAXG that could be sold (in all DEX pools and in all CEX) is 1_000_000 PAXG.
Someone deposits 2_000_000 PAXG and mints the maximum amount of EUROs.
In the case of liquidation:
- If there are enough EUROs in the liquidation pool: holders receive 2_000_000 PAXG and cannot sell all PAXG to get their EUROs back, leading to holder losses.
- If there are not enough EUROs in the pool: part of the collateral is sent to LiquidationPoolManager.protocol (EOA/multisig of the team), leading to bad debt.

Examples from top borrowing protocols:

Aave
- Borrow cap = 28000 BTC.
Compound
- BTC total capacity = 18000 BTC.

Impact

Bad debt could appear, or liquidators could lose part of their funds.

Tools Used

Manual review

Recommended Mitigation

Implement separate collateralRate for each collateral.
Use more conservative collateralRate for volatile collaterals.
- !important, setting higher than current collateralRate could liquidate existing vaults. Need to be careful and warn vault holders before changing parameters.
Implement a borrow limit.
Introduce a protocol risk policy for setting collateralRate and borrow limits depending on market conditions.

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

Bad-debt

hrishibhat Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

Bad-debt

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

609

33 USDC / LOC

High Medium

17,500 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.