• Chutoro

Lender Beware Pt. 1 - Lending Risk

Updated: Feb 15

Lending is a great way for holders to earn money on tokens sitting idly on an exchange or a wallet. However, choosing a lending platform is not as simple as finding the one with the highest interest rate. Several factors determined by bad actors, the platform itself, or governance approach can affect the safety of your deposits. This article aims to go through some of those risks so that lenders can be more informed about earning interest safely.


TL;DR

​Risk

Description

Bad Debt Risk

Borrowers failing to repay loans resulting in lenders being unable to withdraw the full value of their deposits

Collateral Risk

Collateral provided by borrower cannot be sold effectively; may exacerbate bad debt

Systemic Risk

Risk implicit in shared-pool lending (e.g. Aave, Compound); exploit in a single token introduces bad debt to all lenders on a platform

Governance Risk

Risk associated with interest of governance (party responsible for changing lending market factors) not being aligned with users of platform; may generate markets with conditions dangerous to users

Smart Contract Risk

Vulnerabilities in code itself that can expose any aspect of the protocol to risk

 

Bad Debt Risk

The key concern of any lending platform is bad debt where borrowers fail to repay their borrowings which can result in the loss of a lender’s deposited funds. The first line of defence is over-collateralization where a lending market’s Collateral Ratio is < 1. This means that borrowers must put up more assets as collateral than they are actually borrowing. If a UNI lending market has an LTV of 0.5, borrowers must put up $1K UNI as collateral to borrow $500 ETH.


Over-collateralization means that lenders in general are protected since the borrower’s collateral can be seized and liquidated to compensate lenders — since these positions are over-collateralized (i.e. value of collateral exceeds borrowable amount), borrowers themselves are disincentivized from non-repayment. This is compounded by a liquidation fee paid by borrowers to liquidators in the event of liquidation.


$XVS experienced significant price manipulation which allowed borrowers to borrow a severely inflated amount of BTC and ETH from the Venus Protocol shared-pool lending platform. When the price suddenly declined, liquidations were insufficient to fully compensate lenders, resulting in $100m bad debt accrued across the platform.


Collateral Risk

If liquidations go smoothly, bad debt is not accumulated since collateral is sold to compensate lenders for unpaid debt. However, if collateral cannot be liquidated effectively then insufficient funds may be raised to fully compensate lenders.


This can occur if the collateral in question has insufficient liquidity on its primary decentralized exchange to support its liquidation. Alternatively, the price of the collateral may have depreciated quicker than the protocol could liquidate and even if the collateral was sold the funds could be insufficient to fully compensate lenders.


Systemic Risk

Evidently, the chosen collateral has a central role in the amount of risk that lenders take on. But who chooses the collateral that a lender is exposed to?


This will depend on the underlying approach of the lending platform in question. In a shared-pool approach, any token in the pool may be accepted as collateral which could be 10 or even more tokens. This means that collateral risk in a single token results in systemic risk to the entire pool and all lenders can be exposed to bad debt. Lenders must understand the collateral risk of every token in the pool since risk is not isolated — more on this in shared-pools.


The other primary approach is lending pairs, where lenders specifically choose the collateral token they accept. By choosing a token which has high liquidity and relatively low volatility, they can ensure that liquidations will be smooth. In addition, issues in tokens other than the one chosen as collateral does not affect their ability to redeem their deposits. In other words, risks are isolated — more on this in lending pairs.


The Venus Protocol uses a Shared-Pool lending approach where tokens on the platform are pooled and any token can be used to borrow any other token. Subsequently, an exploit in a single token (XVS) exposed every token in the pool to bad debt risk — the protocol as a whole suffered $100m bad debt.


Governance Risk

Governance risk refers to the risk associated with the person or party responsible for modifying factors that control the lending markets. This can include factors such as LTV ratio, liquidation penalties, and accepted collaterals. The entity in charge of governance differs between lending platforms.


Centralized governance is where a party can unilaterally make decisions that can affect a lending market. In Rari and Kashi, the person creating the market can select LTV, collateral(s), and choice of oracle. However, since these people are external to the protocol, their interests are not aligned with the platform or its users which can result in undesirable outcomes.


Decentralized governance is where a platform’s token holders independently vote to modify features on the platform. Since token holders benefit from high TVL and usability, they benefit if they can attract lenders and borrowers to the platform — in this way, user and governance interests are aligned. Whilst the decision making process is far more laborious in decentralized governance, it provides greater protection for lenders.


Rari Capital’s lending factors are controlled by individuals who are not incentivized to maintain ideal oracle choices. An exploit of VUSD price last year by manipulation of its Uniswap v3 price ranges allowed malicious actors to run away with $3.5m of borrowed tokens.


Smart Contract Risk

Smart contract risk refers to vulnerabilities in the underlying code of a protocol which may allow malicious actors to siphon from deposited funds. This risk may extend beyond the protocol itself — since lending protocols are reliant on oracles to feed them price information, an exploit in their chosen oracle may have flow on effects to users of the platform. For example, an exploit that inflates the value of a collateral asset may result in the accrual of bad debt if borrowers borrow against an inflated amount and the collateral asset fails to be liquidated.


This is a little more difficult to assess for those without a technical background but regular audits from reputable auditors can give some insight about the smart contract risk of a platform. In addition, a history of exploits may not predict the likelihood of future exploits but should also be taken into consideration.


Smart contract vulnerabilities on Wild Credit allowed a hacker to freely mint fake tokens to themselves and used them to borrow 125K worth of BNT (~650k). Fortunately it was a white hat hacker who returned funds to the developers — however, a malicious actor would have had free reign over all deposited funds.


 

Tips for Mitigating Risk

  1. Choice of lending platform: There are a few questions you should ask yourself before choosing a lending platform:

  2. What is the underlying lending mechanism? Lending pairs isolate risk to chosen collateral whilst shared-pools expose to systemic risk (these will be explored in later articles)

  3. Who controls lending factors? Decentralized governance’s interests are (typically) aligned with interests of users whilst centralized governance’s interests are external.

  4. Has the project been audited? A previous audit indicates code has been verified by a qualified 3rd party — note that audits are not fail-safes and may not mean a protocol is 100% risk-free.

  5. Does the project have a history of exploits? Not predictive of future performance but gives an indication of track record.

  6. Insurance: Insurance can be taken out on large positions that can compensate against bad debt and smart contract risk. Certain platforms such as Aave also have internal insurance provided by stakers.

  7. Diversification: Splitting positions across several lending platforms may reduce risk compared to using a single platform which could be a single point of failure.



Parting Words

Lending provides an opportunity for lenders to earn interest on their idle assets. As with much of the Defi space today, it also introduces a series of risks that can be difficult to identify and even more difficult to navigate.


The next article will explore the notion of Systemic Risk in the context of Shared-Pool lending platforms


Read more in this series (Lender Beware):


Find us: Twitter | Discord| Governance |Docs | Website

108 views0 comments

Recent Posts

See All

Date: 6 February 2022 Exploit Type: Bridge and Oracle Exploit TL;DR Meter.io experienced an exploit which allowed uncollateralized minting of BNB.bsc This resulted in significant price dump of BNB.bsc