Vendor Finance: Lesson on oracles and operations.
Recently, the Lodestar lending market suffered an exploit due to the manipulation of the on-chain price of plvGLP. We would like to express our deepest regrets about what happened and we hope for the soonest resolution of the situation. We hope that all or at least part of stolen funds are recovered and Lodestar can get back to operation as soon as possible!
$plvGLP is also listed on Vendor as both a lending and borrowing token. Given that this situation sparked many questions about whether funds of Vendor users are at risk, we decided to address them and explain why Vendor is NOT susceptible to this sort of attack.
TLDR, users’ funds are unaffected by this type of exploit!
Vendor is an isolated lending market.
First, it is important to highlight that Vendor is a fully isolated lending market. Each pool created by a lender is an individual contract, The lending or borrowing positions in one pool can not affect positions in another pool.
What are oracles used for on Vendor?
Second, it is important to mention that oracles are NOT essential for Vendor Finance and operations. As a lender you choose how many lend tokens you wish to lend per 1 unit of collateral. That number is fixed and can not be changed during the life of a loan.
If both assets (borrow & lend token) have an on-chain oracle supported by Vendor, then each borrow contract checks whether the value of the lend token that is about to be sent is less than the value of collateral that is about to be deposited. If that is not the case, the borrow transaction will revert.
At the same time lenders can disable borrowing manually at any point beforehand under the “My Pools” tab.
Let’s consider an example:
Alice creates a pool that accepts $wETH as collateral and lends 900 $USDC for each 1 WETH deposited. Assuming that 1 WETH is worth $1000 each borrow transaction will be over-collateralized.Now imagine wETH price dropped to $800. In this case Alice would be lending more than she would get in collateral. Since both wETH and USDC have oracles (chainlink) on Vendor those borrow transactions will revert and borrowing is paused automatically.
Alice could have disabled borrowing at any time, even before it became under-collateralized by manually pausing borrowing as well! All is good!
TLDR; when both assets have oracles, borrowing is paused automatically when the pool becomes under-collateralized as long as under-collateralized borrowing is not enabled by the lender. If there is no oracle borrowing can be paused manually by the lender.
What oracles does Vendor use?
Vendor currently uses Chainlink oracles, but since this is just a convenience feature rather than a foundational aspect we are considering using other price sources as well. We will ensure that we are transparent about what oracles we use and will provide this information to our lenders.
What if we listed an asset with a manipulatable oracle? What is the worst that could happen?
The worst that could happen is that a pool with borrowing being disabled by the price check will be re-enabled and borrowing will be possible again.What is important is that borrowing will still be enabled at the rate set by the lender, so less collateral tokens will NOT give you more lend tokens or anything of that sort. But again, this can be completely avoided by the lender by just pausing the borrowing manually and withdrawing any available lend funds as those pool terms are no-longer profitable for them anyway.
Oracle is not required for an asset to be listed.
This is correct — oracles act as a convenience mechanism for the Lender on Vendor. In fact, the most popular collateral asset on Vendor is cmUMAMI and it has no on-chain oracle. (shoutout @UmamiFinance).
Lenders fully accept that and have to enable the “Under-collateralized” toggle when lending against it. They understand that borrowing will not be disabled for them automatically and just keep an eye on the pool a little more to pause it manually if necessary. Some lenders write off-chain scripts that monitor the price and can pause borrowing when collateral price drops more than a certain threshold.
We hope that this article was helpful in understanding how Vendor Finance is protected against attacks involving price manipulations. We will continue working towards increasing security of the protocol and in the meantime if you think you found a possible issue in operation of the protocol please reach out to us on Discord for a bounty.
