History of Exploits - Rari Capital

Date: 2 November 2021

Exploit Type: Oracle Manipulation

TL;DR

• Rari Pool #23 used Uniswap v3 VUSD/USDC oracles for pricing VUSD

• Malicious actor bought out all available VUSD which pushed the oracle out of range and added own VUSD/USDC liquidity which inflated price of VUSD as per v3 oracles

• Using the inflated price of VUSD, the malicious actor was able to drain funds from other lenders in Pool #23

• This resulted in bad debt accruing to Rari Capital

Background

Rari Capital is a lending platform that allows the permission-less creation of isolated shared-pools that can be composed of any tokens since risk is isolated to a specific pool. This sets it apart from traditional shared-pool platforms such as Aave which have stringent whitelisting requirements since the inclusion of high risk assets exposes the entire protocol to risk. Whilst inclusion of long-tail assets makes for a robust ecosystem that allows all token holders to take advantage of lending markets, in its current form it can create high risk scenarios with limited safeguards.

This is further compounded by Rari's governance approach which allows the lending market creators to unilaterally select parameters such as oracle choice. Since oracles dictate the perceived price of tokens on the platform, if chosen poorly or not properly managed it can have significant consequences for lenders and borrowers.

How did it happen?

1. Rari Pool #23 used Uniswap v3 VUSD/USDC feeds to determine price of VUSD.

2. Exploiter purchased all VUSD to push that market out of range.

3. Exploiter added their own liquidity consisting of 0 VUSD and 1 USDC which gave VUSD an observed price which tended towards infinity.

4. Exploiter was able to use VUSD as collateral to borrow from Rari Pool #23.

5. Since VUSD had an astronomically high perceived value, the exploiter was able to empty the Rari pool of $3.5m worth of tokens including WBTC, DAI, USDC, SPC, and VSP.

Outcome

The exploiter manipulated VUSD price so that it was perceived by Uniswap v3 oracles to be worth a value tending towards infinity. Using this falsely inflated borrowing power, they were able to drain the Rari Pool #23 of funds. Rather than repaying their borrowings, they chose to forgo their VUSD collateral (which was astronomically overvalued) and keep the borrowed funds. This means that lenders in Pool #23 were unable to withdraw their deposits regardless of which token they deposited - the VUSD left behind as collateral could not be liquidated to repay the borrowings.

Loss from Exploit: $3.5m

Lending Platform Risk - Isolated Shared Pools

Rari's isolated pool design is a unique innovation of the traditional shared-pool approach that permits the creation of lending markets for long-tail assets. Regardless, allowing a single high-risk token into a shared-pool lending platform means that every pool that contains that pool is at risk. Rari Pool #23's exploit of VUSD meant that WBTC, DAI, USDC, SPC, and VSP lenders within that pool experienced bad debt perhaps because they did not fully understand the risk of the pooled approach.

The second risk of isolated shared-pools is that the creator of the pool unilaterally controls core parameters such as collateral ratios and choice of oracle. The pool creator is an external party to Rari and thus does not necessarily have a vested interest in the safety of users of their pool. In this scenario, the use of Uniswap v3 oracles for VUSD that had low TVL means that a single malicious actor could easily manipulate the price of VUSD for their benefit at the expense of lenders.

What can Silo learn from this?

There were two core issues behind the Rari Capital Pool #23 exploit:

1. Shared-pool approach draining of multiple tokens from lenders who may have been unaware of risks associated with the lending

2. Use of Uniswap v3 oracles on low TVL pairing allowed for easy manipulation of VUSD prices

Silo employs a bridged lending approach as opposed to a shared-pool approach. This means that if the same exploit were to occur on Silo, only bridge asset lenders that chose to support BNB.bsc would have been at risk of bad debt - all lenders in other silos would have been unaffected. Whilst Rari's separation of pools allows for some isolation of risk, in theory every pool that houses a toxic asset (in this case VUSD) could have been susceptible to bad debt.

Silo does not claim to be able to avoid oracle exploits. However, as opposed to Rari, control of pool parameters in Silo is controlled by $SILO holders whose interests are aligned with the users of the platform - safer lending environments translates to higher TVL which translates to greater value to $SILO holders.

What Silo needs to do is ensure that oracles are properly updated to accurately reflect the 'true' price of tokens. Factors such as TVL, liquidity, and liquidity centralization must also be made clear since these contribute to how easily token prices can be manipulated. Bridge lenders must ensure they are well informed about these parameters and invest carefully since they are the true risk-bearers on the platform.

Read more on the risks of lending (Lender Beware series)

• Lending Risk

• Shared-Pools

• Lending Pairs

• The Siloed Solution

Read more on this series (History of Exploits)

• Hundred Finance

References:

• https://medium.com/vesperfinance/on-the-vesper-lend-beta-rari-fuse-pool-23-exploit-9043ccd40ac9

• https://etherscan.io/tx/0x89d0ae4dc1743598a540c4e33917efdce24338723b0fabf34813b79cb0ecf4c5

• https://twitter.com/VesperFi/status/1476713007526957065

Find us: Twitter | Discord | Governance | Docs | Website