Omer Goldberg: The DeFi Exploit That Exposed a Bigger Problem
AI Summary
This discussion addresses a recent DeFi exploit involving the USR stablecoin, highlighting broader issues of risk management, oracle design, and the vault/curator model in decentralized finance.
The exploit occurred when a hacker gained control of Resolve's keys, minting 80 million USR stablecoins and swapping them for approximately 25 million in ETH and Bitcoin. Beyond this initial breach, losses were magnified due to the configuration of different vaults in DeFi lending protocols. Arbitrageurs exploited the mismatch between USR's market price and the price reflected in vaults on platforms like Morpho, Euler, and Fluid, leading to further losses.
Chaos Labs detected the exploit through its monitoring systems, initially identifying a de-pegging event where USR's value plummeted on secondary markets. The immediate concern was contagion, as USR was integrated across various applications like Morpho, Curve, Fluid, and Venus. A common attack vector involves obtaining a de-pegged stablecoin, depositing it as collateral in protocols that still value it at par, and then extracting high-quality assets.
A critical aspect of the exploit on Morpho was its "public alloc" feature, which allows vault curators to whitelist certain pools. While intended to capture high yields when market utilization is high, in this case, it acted as an "unlimited credit line" for attackers. Initially, the affected Morpho vaults had only $5,000 of exposure. However, the automated system, designed to supply capital when yield exceeded a certain threshold, interpreted the sudden surge in demand (due to the exploit) as a legitimate high-yield opportunity. This caused the exposure to balloon to around $10 million in bad debt, whereas on Fluid and Venus, the issue was primarily due to pre-existing liquidity in pools where USR had been listed for a long time.
This incident underscores a recurring problem in DeFi: oracle issues where the real-time market price of a de-pegged stablecoin is not accurately reflected in lending protocols. While some argue against real-time price reflection due to potential mass liquidations from volatility, there are solutions. Risk oracles can be designed to understand an asset's use case and expected behavior, updating prices with a controlled cadence. For instance, a stablecoin's price might only be updated after a sustained period (e.g., 10 blocks) at a lower value, or by algorithmically weighing prices across multiple venues to avoid reacting to isolated, temporary market movements. The immutability of markets in protocols like Morpho, where oracle configurations are set permanently, exacerbates this issue, as the oracle for USR was effectively hardcoded to one dollar before, during, and after the attack.
The argument that reflecting actual market prices might lead to greater losses is countered by the fact that in this specific USR exploit, reflecting the true price (as low as 2-25 cents) would have significantly reduced the window for arbitrage and the amount extracted by the attacker. The challenge lies in balancing the need for accurate pricing during volatility with preventing cascading liquidations, a problem that dynamic oracles and thoughtful pre-configured trade-offs can address.
Regarding the initial key issue with Resolve, despite 18 audits, the vulnerability was missed. This is attributed to several factors: audits often cover different parts of a protocol, not necessarily the entire codebase multiple times; audit scopes can exclude operational security aspects like key management; and audits are point-in-time assessments, meaning systems can change materially afterward.
Lessons for asset issuers include implementing robust key management (e.g., multi-sigs), having proof-of-reserve oracles to pause systems if backing falls below circulating supply, and establishing minting limits (e.g., 5 million mints per hour) to prevent large-scale infinite mints. For integrated protocols, rigorous asset onboarding processes are crucial, including individual risk and smart contract assessments, and incrementally increasing credit lines in line with demand, rather than blindly supplying capital.
Vault curators, acting as on-chain hedge fund managers, also bear significant responsibility. While they aim to capture market opportunities, automatically supplying capital without checking underlying demand or market conditions is risky. The current incentive model, where curators are paid by fees on yield generated, can create a misalignment, potentially encouraging riskier strategies. This mirrors traditional finance fund management but lacks the oversight and transparency. While some vaults are marketed as low-risk or "core assets," the underlying complexities and potential for de-pegging events are often not transparent to depositors, highlighting the need for better risk rating systems and clearer labeling.
The discussion also touches on the tension between managing risk and maintaining decentralization and immutability. Solutions like on-chain boundaries for oracle updates (requiring governance approval beyond certain thresholds) and time-locks for changes can offer a balance. While some prefer strict "code is law" immutability, most users desire transparent, accessible, and safe financial products, even if it means some level of dynamic adaptability.
Regarding Morpho's stance as a "permissionless platform" and "neutral infrastructure," while philosophically sound, it presents challenges. Users must navigate multiple layers of trust (Morpho, curators, vaults, underlying markets), making it harder to understand the overall risk. This contrasts with protocols like Aave, which have established, transparent processes and a strong track record. The current state is a "weird limbo" where Morpho is a known brand, but the actual risk is tied to less visible curators and their vault configurations. For DeFi to be ready for the mainstream and fintech integration, there needs to be a clearer, more cohesive product experience where users interact with a trusted brand that effectively manages the underlying complexities and risks.
Ultimately, while the technology is robust, the industry needs to mature in its operational practices and risk management. Exploits like the USR de-pegging are not new, and better solutions exist, but it's the responsibility of all players—asset issuers, lending protocols, and vault curators—to implement them.