1/
@synthetix_io
Market Manipulation
We've received outreach about today's market manipulation. This incident is isolated to the $TRB market, resulting in a ~2m loss to $SNX stakers. Let’s give some background before diving into the attack.
Thank you to everyone who reached out over the last three days. The
@chaos_labs
team landed in Israel last weekend, where our R&D headquarters are based, just before the nightmare of Hamas terrorist attacks began.
As of this morning, we are all accounted for - our American,…
1/ Excited to share that
@chaos_labs
has partnered with
@GMX_IO
to launch the GMX GLP Risk Hub! 🥳💥
V0 is live for
@arbitrum
@avax
and focuses on margin at risk, real-time metrics, alerting, and VaR simulations.
Let's dive into the platform below! 👇
We’re excited to announce the launch of the
@BenqiFinance
$veQI calculator! This tool completes our analysis of Benqi’s new $veQi model and how
@avalancheavax
validators can benefit from it.
Link:
1/3
1/
@chaos_labs
is proud to launch the
@Uniswap
V3 TWAP Oracle Risk Portal, in collaboration with
@UniswapFND
.
The Portal highlights real-time cost of of TWAP manipulation across V3 pools.
1/ Compound V2 Oracle Failure Causing Bad Debt
@compoundfinance
V2 accrued over ~500k in Bad debt from the UNI +40% candle, driven by the
@UniswapFND
proposal to activate the fee switch. The issue? The Oracle didn’t update fast enough.
1/ Today,
@chaos_labs
unveils the Benqi Parameter Recommendations Platform, a cutting-edge risk management tool we created as part of our ongoing partnership with
@BenqiFinance
, an
@avalancheavax
native borrow and lend protocol.
1/ Real-time DeFi risk management relies on observability and alerting mechanisms. To this end, we have integrated live alerts, offering users real-time data and enabling informed decision-making. This new feature is available on the
@AaveAave
and
@BenqiFinance
Risk hubs 💥✨
1/ Low Liquidity Weekend + Low mktcap asset = highly profitable trading strat?
@DriftProtocol
's $RLB LP DLP pool is down -162.00% over the past several hours.
Let's dive in 👇
1/ After months of rigorous research, and simulations, we're excited to share the
@GMX_IO
V2 Risk Framework and Methodologies.
@chaos_labs
is pioneering research in the DeFi derivative space, and bridging the gap between theory and practicality.
Stay tuned more soon 🙏
🫐
@GMX_IO
V2 Genesis Risk Framework is Live 🫐
1/ Over the past few months, we've collaborated closely with
@GMX_IO
core contributors. Our collaboration has focused on rigorously researching, evaluating, and refining the forthcoming V2 launch.
Working closely with the
@BenqiFinance
team, we've conducted an in-depth economic analysis of their new $veQi model and how $AVAX validators can benefit from it
1/ Ethena's Protocol Launch
First of all - hats off to
@leptokurtic_
and the team.
@ethena_labs
launch has been spectacular and well-deserved after months of hard work.
the next chapter of the
@chaos_labs
<>
@chainlink
partnership 🥁
oracle tooling for
@terra_money
! this is critical for allowing devs to build high-quality chainlinked smart contracts 💥
it is also a core piece of infra for simulations on terra 😎
The heart of
@chaos_labs
will always be a best-in-class, product-driven Risk Platform for DeFi.
Our product teams hail from
@Meta
,
@instagram
,
@Google
, and more. We apply the same user-centric ethos to building the Chaos platform.
Check out the newest release! 🚀
1/ Oracle Risk and Security Standards: An Introduction
Today,
@chaos_labs
announces the open sourcing of our Oracle Risk and Security Standards Framework after extensive research and audits for leading DeFi teams.
1/ Another week, another launch! We're thrilled to announce the latest addition to our roster of offerings at
@chaos_labs
: the
@AaveAave
Asset Listing Portal. This platform is specifically engineered to facilitate and optimize the integration of new assets into the Aave protocol
1/ Today
@chaos_labs
launched the
@osmosiszone
Liquidity Incentive Optimization Hub in collaboration w/
@HathorNodes
✨
This will allow the Osmosis community to make data-driven decisions on incentive allocation. Here is a quick thread on how it works 👇
@chaos_labs
is really excited to partner with
@AaveAave
to build a Collateral At Risk and User Metric dashboard!
this is a small taste of the impact we hope to drive for the community moving forward 🥳 👻
thanks
@AaveGrants
for being a great partner!
1/ 🎉
@chaos_labs
is thrilled to announce a new strategic partnership with
@tapioca_dao
, centered around risk management and parameter optimization for the upcoming launch of the
@LayerZero_Labs
powered, omni-chain money market protocol and USDO.
1/
@chaos_labs
has been selected by
@UniswapFND
for a grant to create an innovative simulation experience for users to test sophisticated liquidity pool strategies on Uniswap V3
1/ During
@AaveAave
v3 Risk app dev, the
@chaos_labs
data pipelines detected that v3 subgraphs were returning incorrect data. This details the research, bug, mitigation, and collaboration with the AAVE team to deploy a fix. For more check out our blog:
1/
@chaos_labs
, in collaboration with
@compoundfinance
and
@compoundgrants
, has launched the Cross-Chain Analytics and Observability platform that offers risk analytics and monitoring across all EVM-compatible Compound deployments. Let's dive into the features below 👇
@chaos_labs
is partnering with
@leptokurtic_
and
@ethena_labs
to develop the USDe stablecoin. Ethena's vision is ambitious and innovative, building on the massive adoption of LST's like
@LidoFinance
's $stETH post merge.
Our mission? Securing Ethena from day one.
Stay tuned 🤝
crvUSD is novel and efficient in design. As the protocol scales, monitoring and observability is critical in enabling data-driven decisions in real-time.
Excited to begin contributing to the
@CurveFinance
community! 🙏
1/ Proud to announce the launch of the
@CurveFinance
crvUSD Risk Monitoring and Alerting Platform, supporting the new stablecoin on
@ethereum
.
Check out the portal here:
Let's dive into the features below👇
1/ The early growth of the
@dYdX
Chain, driven by the community and the Launch Incentive Program, has been phenomenal. As Season 1 nears its conclusion in the next 10 days, let's dive into some exciting initial numbers.
1/4 Happy to share the expansion of the
@AaveAave
Risk Dashboard, which now supports Aave V2 on Ethereum. This complements the existing support for all V3 markets and
@GHOAave
on the Goerli testnet, allowing users to track their risk exposure across various assets and markets.
1/ RWA tokenization and on-chain exposure boost blockchain growth, but what do they mean for on-chain risk and capital efficiency? A key distinction of RWAs is a weak correlation with crypto assets, reshaping risk dynamics.
Proud to share that
@chaos_labs
is joining the
@AaaveAave
community as a full-time contributor focusing on risk for v3 markets following the successful on-chain vote!
We are building a state-of-the-art risk platform to empower the community to make data-driven decisions.
1/5
Advanced tooling for
@Uniswap
V3 LPs is critical in driving broader institutional adoption.
Extremely proud to partner with
@UniswapFND
, focusing on tooling for LPs.
@DefiLab_xyz
,
@RaffiSapire
,
@jason_of_cs
- thank you for the guidance and feedback 🙏
More soon 👀
1/ We're proud to share the
@Uniswap
V3 LP Simulator that helps identify profitable LPing strategies.
This
@UniswapFND
collaboration enables potential market makers to find the most lucrative pools to provide liquidity to based on the LP's preferences.
10/ Oracles are not a one-size-fits-all solution. An Oracle risk methodology that made sense once may not make sense in the future due to shifts in market dynamics, as we see above.
@chainlink
proposed disabling this feed months ago.
Proactive risk management is critical.
Decentralized insurance is one of the most promising frontiers of DeFi.
@chaos_labs
is excited to partner and collaborate with the
@NexusMutual
@NexusMutualDAO
community to ensure the economic robustness of the planned Ratcheting AMM.
1/ Chaos Labs is proud to partner with
@NexusMutual
@NexusMutualDAO
to ensure the economic robustness of the Ratcheting AMM (RAMM) design.
Chaos will collaborate with the Foundation Engineering and DAO R&D teams as the new tokenomics development progresses.
1/ Thank you,
@aave
community, for your vote of confidence in Chaos Labs and the unanimous support for our renewal! We look forward to continuing our hard work in securing Aave and maintaining the protocol’s position as market leader 🚀👻
Proud of the
@chaos_labs
team for supporting
@GHOAave
w lightning ⚡️ speed pace of shipping.
A huge leap forward for the
@AaveAave
community 👻!
This is just the start for our stablecoin support. More soon 👀
🧵 AAVE's GHO Mainnet Risk Hub is LIVE 🎉
1/ 🚀 A monumental week for
@AaveAave
as
@GHOAave
launches! We're proud to support GHO from the start, and introduce the GHO Mainnet Risk Hub.
Let's explore the features below 👇
@chaos_labs
is super excited to release the
@Uniswap
v3
@HardhatHQ
plugin. We've been collaborating closely with
@uniswapgrants
and have built this on top of our previous grant work.
So what does our plugin enable?
1/3
4/ This isn’t a
@chainlink
issue; instead, it’s a risk issue. Risk monitoring is critical, and liquidity is a core risk indicator on the
@chaos_labs
platform, as seen on the
@aave
Risk portal. Let’s dive in👇
The strongest indicator of the future of DeFi is the quality of builders drawn to crypto.
Working with the
@OstiumLabs
is a testament to that.
Excited to see
@kaledora
@contrarianmarco
lead the new wave of builders, and excited to build alongside them 🙏
1/ We’re thrilled to announce our partnership with
@OstiumLabs
!
We’re collaborating to enhance mechanism design and economic security through a risk modeling and monitoring platform.
1/ Excited to share the
@AaveAave
v3 Risk Bot!
A crucial requirement for risk monitoring is alerts and notifications for significant events. We’ve launched v0 of the AAVE v3 Risk Bot to increase visibility across risk events.
Our collaboration with
@Uniswapfnd
continues 🥳
We are proud to have received a grant to continue our earlier research on TWAP vulnerabilities. We'll explore different attack vectors exposed by Ethereum's transition to PoS, including pricing & block manipulation.
1/6
7/ OI caps exist in these markets - however, they weren’t properly configured, allowing 12.5m USD in OI. It looks like the team set the OI caps denominated in TRB tokens, not the notional USD value amount, fully exposing the market to the $TRB pump.
Really proud of the recent simulation work we’ve been doing with
@MakerDAO_SES
!
Join our
@MakerDAO
community call tomorrow to learn more.
In the meantime - here’s a written update :)
11/ For those focused on Oracle Security, we've built a platform to navigate these risk vectors and will share more soon 👀
Interested? Feel free to DM and connect on how
@chaos_labs
can secure your protocol🛡️
3/ By utilizing simulations and data models, our Param Recs Platform recommends risk parameters to
@BenqiFinance
and provides transparent recommendations for the parameters that best protect the protocol.
2/ The platform provides real-time simulation results to manage risk more effectively on
@avalancheavax
within the
@BenqiFinance
protocol. Our team has worked hard to design a critical component of the risk stack that streamlines the process and improves transparency
3/ But this is even more critical in leveraged perp markets, where price movements and risk are amplified. For instance, a 1% price increase with 100x leverage translates to 100% gains, making low-volume markets attractive targets for manipulators.
collaborating with
@Uniswap
on tooling for v3 twap oracles was a great experience. ty
@uniswapgrants
🙏
twaps are powerful on-chain oracles. our goal here is to make them accessible and easier to work w in dev.
check out the deep dive here:
4/ We're confident that this cutting-edge tool will be an invaluable resource for managing risk. We're excited to partner with
@BenqiFinance
to deliver innovative solutions that grow the
@avalancheavax
DeFi ecosystem.
For more, check out our blog!
6/ What should
@synthetix_io
do in response? Ultimately, limiting trading to top-tier assets isn't the solution. Instead, it's about finely tuning risk levers in relation to asset risk profile, market liquidity and volumes.
Proud to be featured as one of
@BusinessInsider
's most promising startups for 2022 🙏🥳
The year is still young and we're excited to keep on shipping and share more of what we've been working on 😎
Go
@chaos_labs
✨
9/ At
@chaos_labs
, we derive OI cap values while considering manipulation costs, ensuring:
payoff fn << manipulation cost
We build models to estimate and monitor the manipulation cost, which is a crucial consideration for the parameter optimization engine.
Here’s an example:
looking for a tool to interact with the
@dYdX
api? check out the dydx-trading-cli 😎
we spent the last few weeks hacking on this and are excited to release it today for the ecosystem
Check out the blog post:
@dydx_grants
@dydxfoundation
🙏🥳
5/ So, how do
@compoundfinance
v2
@Uniswap
Oracles work? They integrate Chainlink feeds but add a twist by using TWAPs as a safety net. The idea?
@chainlink
's updates must fall within Uniswap's TWAP bounds or be rejected. This is aimed to serve as a risk mitigation guardrail.
@chaos_labs
is proud to contribute to advancing the
@dYdX
vision by introducing the Launch Incentives program. The program allocates up to $20 million in $DYDX to the platform's early participants, focusing on makers and takers, primarily emphasizing trading volume.
2/ This seems to be due to the
@PythNetwork
$RLB feed quoting inconsistent pricing. This analysis is based on empirical observations, which we will share below.
RWA Tokenization is a driving catalyst for the next crypto bull market.
While RWA assets present massive potential, they have unique risk profiles. If you're building in RWA, reach out!
@chaos_labs
had a pleasure collaborating on research w/
@redstone_defi
🤝
Enjoy! 🧵👇
📕 "RWA Report: The Deep Dive into 2023 Market" 📕
We're thrilled to co-publish with
@chaos_labs
the most comprehensive RWA market overview featuring 31 projects, which is the fruit of over 1 month of research 🧐
Here's a glimpse of what's inside🧵👇
@chaos_labs
has been growing at an incredibly rapid clip since pivoting 9 mo ago. As an engineer in a highly complex space - tech was my number one priority.
building a world-class eng team was going to be a challenge! How do I attract the best engineers from web2 giants?
1/n
a quick update on our journey so far collaborating with
@makerdao
@MakerDAO_SES
we're onboarding core units to utilize chaos cloud for liquidation testing under adversarial market conditions and high volatility.
MIP coming soon 🥳
Today,
@osmosiszone
spends over 500k $OSMO on liquidity incentives per day. We are super excited to partner with
@Hathornodes
and
@OsmosisGrants
to optimize this spend for more efficient long-term growth utilizing the
@chaos_labs
simulation engine.
1/2
@chaos_labs
has been collaborating closely with
@Uniswap
to improve v3 TWAP dev tooling
Part 2 of the TWAP Deep Dive reviewing architecture, storage layout, and our implementation for configuring oracle return values
Why does oracle config matter?
1/3
5/ The research is focused on market risk; there are additional risks, such as regulatory and operational which are out of scope.
For a deep dive, check out the research here:
11/ DeFi Protocol Risk Management - 24/7/365
Setting risk parameters across multiple markets involves managing hundreds, if not thousands, of variables.
Imagine a DEX with 30 markets, each with 20 parameters (like funding rates, caps, and borrowing rates).
📣 Speaker Announcement!
We're excited to announce Omer Goldberg as a Speaker on our Panel titled:
"Beyond the Code: Building a Successful Ecosystem"
@omeragoldberg
is the Founder and CEO of
@chaos_labs
, a risk management platform for DeFi protocols.
12/ That's 600 parameters to adjust, which becomes even more complex when market listings balloon.
Effectively managing these parameters is only possible with an automated risk engine with a streamlined governance process.
3/
@leptokurtic_
realizes that much of the protocol’s success and stability is contingent on the protocol's ability to understand and manage risk; therefore,
@ethena_labs
engaged
@chaos_labs
for a pre-launch genesis risk assessment.
9/ This isn’t to say that TWAPs are always wrong; context matters, and it depends on the use case. Understanding price-changing capital requirements allows you to quantify which type of liquidity and market shifts are dangerous for your protocol.
7/ The rest of the thread will address the most commonly echoed concerns thus far
However, it’s important to understand what Ethena is before discussing risk. The tokenized strategy being employed by Ethena is extremely common in tradition finance; let’s explain 👇
2/ At Chaos Labs, our focus is rooted in blockchain protocol risk and security – an area we consider critical for DeFi adoption.
Oracles, securing over $50 billion in value, are at the core of many protocols, forming an essential component of any protocol risk framework.
4/ In 2022,
@chainalysis
revealed that Oracle exploits caused over $400 million losses across more than 40 attacks.
Getting Oracle security right is critical from a developer's perspective. When exploited, Oracle failures and manipulations are typically fatal.
8/
@chaos_labs
denominates OI caps in USD. Otherwise, constant real-time monitoring is required. For reference, other perp DEXes have OI caps for
@avax
, a higher volume/market cap asset set at ~2.5m USD, so this was definitely not intended by the
@synthetix_io
team.
6/
@ethena_labs
is an innovative protocol that pushes the boundaries of what’s possible for a CeFi/DeFi hybrid structured product. It’s highly complex, with risks involved; users are right to treat it skeptically and seek clarity before getting involved.
4/ The
@chaos_labs
assessment is thorough, culminating in over ~100 pages of research, and is split across 3 core pillars:
- LST Market Risk, w/
@LidoFinance
- Historical Perpetual Funding Rate Analysis
- Onchain Stablecoin Liquidity Analysis
2/
@synthetix_io
powers various perp markets. Asset listing and monitoring are critical - factors like liquidity, volatility, and holder distribution must be monitored to gauge manipulation feasibility.
@chaos_labs
automates observability w the Risk Portal.
2/ While the launch has been positive, as is evident in the rapid growth of USDe supply, concerns and questions have been raised regarding the protocol’s scalability and overall risk.
Excited to expand the
@GMX_IO
partnership to V2. Collaborating over the past year has us incredibly excited for everything that’s in store for the community.
Big thanks to
@coinflipcanada
and team for being great partners and relentlessly focusing on execution.
1/ Chaos Labs is thrilled to unveil the
@GMX_IO
V2 Risk Portal. Dive into the new perp dex with isolated markets, granular risk controls, and diverse market listings.
We're live for both
@arbitrum
and
@avax
✅
Let's dive into the platform below👇
@galaxyhq
has had incredible impact on the
@chaos_labs
since the earliest of days. Truly lucky to partner with the best in the business.
Thank you to the amazing
@CJ_Huntzinger
and the whole platform team, who have been vital at every step along this journey 🙏
8/ TWAP Manipulation is often framed from a security perspective - how much capital is required from an attacker to move TWAP price from x→y? This modeling still applies to outlier market events, causing violent price wicks.
8/ To begin with, it's worth discussing asset hedging strategies in general.
Opposing positions in correlated instruments to reduce exposure to risks is the most common structure in finance. They have existed for decades are not a new crypto invention.
9/ Depending on the specifics of the structure and how it is accounted for, a significant attraction often is above risk-free returns with minimal volatility - this is Tradfi “alpha.”
3/ Yesterday, $UNI pumped, causing the borrow's value to exceed the collateral's value, creating bad debt.
Changes are typically observed quickly by oracles, and position health is updated accordingly for liquidations. However, V2's Oracle was slow to reflect the $UNI price.
2/ Let’s break down what happened. Several accounts deposited stables into V2 and borrowed $UNI against those collateral positions. In DeFi, borrow positions are overcollateralized, incentivizing borrowers to maintain positions' health.
6/ Securely integrating third-party APIs is vital to mission-critical applications in Web2. It prevents data breaches and upholds software reliability. High-trust, centralized strategies like SLAs ensure data integrity and compliance with standards.