Nima's notes

Logo

Nima Kamoosi's public notes

View on GitHub nimakam/nimakam-notes

Security

Other sections:

Attacks

Dishonest price feed attack

Performance degradation DoS attack

Mitigations:

Honest price feed compromise attack

Liquidation front running attack

A front runner can detect the liquidation request sent by another actor, and copy that request, submit it for execution in the same block, while jumping the line by offering miners a larger transaction fee. The aim of the attacker is to take all the profit of the liquidation away from the initial liquidator, by breaking a few common rules around submitting transactions.

Mitigations:

Issuing currency right before large price drop update

Drops of 40% or more are not expected to occur frequently, however in case they do happen, there is an opportunity to profit by issuing currency against a newly created loan, right before the price is updated on-chain, thus hurting other stakeholders by leaving the system with a worse collateralization position.

For example, let’s assume ETH is at $150, and suddenly drops to $80, a drop of 46.6%. If attacker were to issue maximum currency against a new loan backed by 100 ETH, the system would assume a collateral value of $15,000, and with a collateralization limit of 150%, attacker could issue as much as $10,000 of currency. This is compared to the $8,000 real value of collateral, which results in a profit of 20% which can be linearly scaled up depending on the amount of ETH under the attacker’s control.

Mitigations:

Price feed provider collusion attack

All top allocated price feed providers can collude to defraud other stakeholders by a coordinated effort to report artificially lowered market prices, then proceeding to liquidate a large number of the loans under the new artificial collateralization threshold.

Mitigations:

Top feed provider issuing currency right before artificial large price hike update

Let’s assume a top feed provider reports an incorrect hike of 40% or more on-chain, and profit by issuing currency against a newly created loan, thus hurting other stakeholders by leaving the system with a worse collateralization position.

For example, let’s assume ETH is at $160, and the provider reports it to be at $300, a rise of 87.5%. If attacker were to issue maximum currency against a new loan backed by 100 ETH, the system would assume a collateral value of $30,000, and with a collateralization limit of 150%, attacker could issue as much as $20,000 of currency. This is compared to the $16,000 real value of collateral, which results in a profit of 20% which can be linearly scaled up depending on the amount of ETH under the attacker’s control.

Mitigations:

Other risks

Price feed fault

Terms

Medium trust price feed - Price feeds either in the top 20 in weighted allocation, or allocated at least 4% of all loans’ weighted value. The historical prices from all these feeds are used in weighted form to determine the median daily historical price. High trust price feed - A select group of price feeds either in the top 5 in weighted allocation, or allocated at least 20% of all loans’ weighted value. Through social contract, High trust feeds will be, expected to report price changes of more than 5%, on the blockchain within a minute. All high trust feeds are also considered part of the medium trust collection. Low trust price feed - Simply any non-zero feed that is not medium trust. Any price feed that is allocated a non-zero % of a loan with non-zero ETH deposits, which is not a medium trust feed.