Alpaca Finance Publishes a Review on Their Oracle Guard and Updates on Future Functionalities on its Platform

Alpaca Finance reviews its Oracle Guard and explains how the security protocol prevents further losses when exploitation happens and how the protocol can be improved.

Reigning in the Greed

In an asset class – Decentralized Finance (DeFi) – that is extremely volatile, leveraged positions amplify that volatility. Traders can be liquidated and suffer massive losses when leveraged yield farming. Alpaca Finance launched its Oracle Guard which is meant to protect the Alpaca community from potential price manipulation, flash liquidation, and market failure. Following a shocking market day on June 22, the team wanted to update their community on the health of their protocol.

In its reviewAlpaca Finance acknowledges that human greed and emotions are sentiments that influence trading decisions. These predictable sentiments become targets for professional traders to make a killing and pocket the profits. 

The main feature of the Alpaca Oracle Guard is when it enters Protection Mode, a series of protocols that are activated to protect liquidations. The guard enables a protection mechanism that will disable liquidations, opening and closing positions while adding collateral. This is meant to protect the users from trading at bad prices and taking an unjust loss. The review is clear on two points: first, the oracle guard works by slowing down liquidation, but it cannot entirely prevent liquidation. 

Secondly, there are additional protocols in progress that improve the overall effectiveness of the Oracle Guard. The two features allow additional collaterals when the Oracle Guard has been activated and stop loss-loss order before liquidation. 

Review of the Oracle Guard 

The Alpaca price dropped 53% in less than 30 minutes. This is an extreme dip that will trigger liquidation. The price has since recovered by 86%, but liquidation has been kept minimal. 

Approximately $900k of position was eliminated by liquidation compared to billions in the market. In the review, if the Oracle Guard had not been activated, the cascading liquidation would have been more drastic and with much higher losses. The Oracle did not manage to prevent liquidation entirely, but it protected as many as it could.

Source 

In an example that Alpaca Finance provided, the exploit can happen as follows:

1. Attacker swaps 2k BUSD, receiving 66.67k RTOKEN (2,000*100,000/(1,000+2,000)). The pool now has 3k BUSD + 33.33k RTOKEN. The spot price becomes 0.09, which means the attack pumps the market by 9x.

2. Attacker opens a position by supplying 2k BUSD and borrowing 2k BUSD from the lending protocol. The protocol does the optimal swap, so 1,582.58 BUSD swaps to (1,582.58*33.33k/(3,000+1,582.58)) = 11,511.45 RTOKEN; Hence, after the swap, the pool has 3,000 + 1,582.58 BUSD = 4,582.58 BUSD AND 33.33k — 11,511.45 = 21,821.55 RTOKEN. 

Then, the protocol adds the position’s liquidity to the pool.

The pool now has 4,582.58 + 2,417.42 BUSD and 21,821.55 + 11,511.45 RTOKEN = 7k BUSD + 33.33k RTOKEN (RTOKEN remains the same as the protocol swaps and puts it back to the pool) so the spot price becomes 0.21; the attacker pumped another 2.33x. And the attacker holds sqrt(7,000*33.33k) — sqrt(1k*100k) = ~5265 LPs.

3. Attacker swaps 66.67k RTOKEN back to BUSD, (66.67k* 7,000)/(33.33k+66.67k) = 4,667 BUSD. At this step, the pool now has 2.33k BUSD + 100k RTOKEN. And the position is now worth around ~1,600 BUSD (5625*2.33k/15275) = 858 BUSD, and (5625*100k/15275) = 36,824 RTOKEN = 846.95 BUSD at spot price.

Result:

Cost: 2,000 BUSD for manipulating the DEX + 2,000 BUSD for opening the position = 4,000 BUSD

Gross Gain: 4,667 BUSD

Net Gain: 4,667–4,000 BUSD = 667 BUSD drained from the lending vault

ROI On Exploit: approximately 16.7%

The process can then be repeated to drain the vault continuously. The Oracle Guard prevents further collateral, and without lenders, there will not be any borrowing.

Source

Adding New Features to Alpaca Finance

The first feature in the development plan is adding collateral without borrowing and allowing participants to prevent liquidation. However, this has to be done securely to avoid any vulnerability that may be exploited. 

The second feature is to implement a stop-loss feature before liquidation can take place. This mechanism is common on trading platforms rather than leveraged yield farming platforms. 

For this feature, the user can allow for a predetermined price to cut loss rather than allow liquidation. The user gets to manage their own safety buffer. This will be done through a whitelisted bot that will assist the user in closing their position if the stop-loss price is triggered. 

High APY Is Not the Only Consideration 

The recent exploitations are the results of vulnerabilities in the protocols. Users have to be cautious in providing liquidity to risky protocols. Finding the highest Annual Percentage Yield (APY) is not the main criteria. In a less favorable market, capital preservation is essential and must be balanced with risks. With their measures in place, Alpaca Finance helps make the bear market more bearable while farmers can still farm, or as Alpacas say: keep on grazing. 

About Alpaca Finance

Alpaca Finance is the largest lending protocol allowing leveraged yield farming on Binance Smart Chain. It helps lenders to earn safe and stable yields, and offers borrowers undercollateralized loans for leveraged yield farming positions, vastly multiplying their farming principles and resulting profits.‌

Furthermore, Alpacas are a virtuous breed. That’s why, Alpaca Finance prides itself on being a fair-launch project with no pre-sale, no investor, and no pre-mine. So from the beginning, the project has always been a product built by the people, for the people. Or as they like to say: by the Alpacas, for the Alpacas.

Source : bsc.news

Leave a Reply

Your email address will not be published. Required fields are marked *