Links

User Beware

We are exposed to an array of market risks when we borrow and lend token assets. Silo Finance isolates money markets by design and implements conservative collateral factors to mitigate various types of market risks.
However, you should never assume your deposited token assets are risk-free.
Below we provide a hypothetical scenario of an exploit that accrues bad debt. The purpose of this exercise is educate the community and showcase how Silo Finance might get impacted.

Hypothetical Scenario

So you ask yourself, what are the risks you should assume when you use Silo Finance.

Security by design

First, let’s take a look at how Silo Finance is designed to work.
  1. 1.
    Each silo (market) supports only 2 assets, the bridge token (let’s assume it is ETH), and a unique token. Example: UNI-ETH, BAL-ETH.... You get the picture.
  2. 2.
    A silo can only borrow the bridge asset. This means, if you deposit $UNI in UNI-ETH Silo to borrow $BAL, you create two borrow positions:
    • Borrow position #1 in UNI-ETH Silo: Deposit $UNI > Borrow ETH
    • Borrow Position #2 in Silo BAL-ETH: Deposit your borrowed ETH in position#1 > borrow $BAL
Position 1 and 2 are created automatically for you in 1 transaction. Both ETH positions approximately cancel each other out.
3. As you can see, ETH has moved behind the scenes from UNI-ETH Silo to BAL-ETH Silo.
Your $UNI tokens stay in the UNI-ETH Silo. Users who have deposited in the BAL-ETH Silo are protected with your ETH collateral in position #2.

Price manipulation exploit

With the above example in mind, you ask yourself the following:
  1. 1.
    What can go wrong for depositors in UNI-ETH Silo?
  2. 2.
    What can go wrong for depositors in the BAL-ETH Silo?
  3. 3.
    What can go wrong for depositors in other Silos in the protocol?
Let’s start with question 3:
If anything goes wrong in UNI-ETH Silo, users in other Silos are totally isolated.
To answer questions 2 and 3, let’s assume the price of $UNI goes up significantly all of a sudden and then crashes (this happens when a price oracle is manipulated).
Event 1: Price of $UNI goes up significantly high all of a sudden.
  1. 1.
    $UNI goes up in price, increasing the value of your $UNI collateral. You decide to borrow more ETH on top of the amount you’ve borrowed in position#1. You keep those newly borrowed ETH.
  2. 2.
    You know your $UNI collateral is now worth much less than what the protocol thinks (the price oracle feeds the price to the protocol). You can run away with your newly borrowed ETH if they are worth more than the $UNI collateral you leave behind.
Event 2: $UNI price then crashes way below the market rate prior to the manipulation.
3. Your $UNI collateral you deposited in Position#1 is now eligible for liquidation but your deposited $UNI collateral cannot cover your borrowed ETH. The protocol does the following:
  • Try to liquidate your $UNI collateral in position 1 to settle your borrowed ETH.
  • But your $UNI collateral is not enough to cover the debt so bad debt accrues. The bad debt is socialized proportionally across ETH depositors in the UNI-ETH Silo . If the bad debt was 50% worth of ETH deposits, every depositor lost 50% of the deposit. $UNI depositors did NOT experience bad debt.
Back to question 1:
1- What can go wrong for depositors in UNI-ETH Silo?
ETH liquidity providers might lose their deposits if the other asset in the Silo crashes faster than the system can liquidate the other asset.
Question 2:
2- What can go wrong for depositors in the BAL-ETH Silo?
Nothing - they are safe. your ETH collateral in position #2 protects the borrowed $BAL.

The above scenario has happened before

In May 2021, Venus Protocol, the largest lending protocol on Binance Smart Chain, experienced a price oracle manipulation of its biggest collateral asset $XVS. The entire protocol accrued $100M of bad debt.
The exploit impacted the depositors of BTC, ETH and more. It was a protocol-wide exploit because Venus, like Compound, Aave, pools all tokens in one bucket hence the name shared-pool lending protocol.
A similar attack to Venus' would not cause system damage to Silo Finance's money market but rather it would only pose risk to depositors of ETH in $XVS-ETH Silo.