Lending and borrowing are cornerstones of finance, and DeFi is no exception – it just looks a little different.

Demystifying DeFi: lending and money markets – Vol I

Lending and borrowing are cornerstones of finance, and DeFi is no exception – it just looks a little different. The DeFi revolution ushered in a new era for money markets, empowering individuals to pocket yields only banks were able to access. DeFi’s innate composability allows both users and protocols like 

 to leverage markets to enhance returns. Lending 

 are getting increasingly popular – stable returns and flexible collateral options with minimal 

have attracted thousands of DeFi investors.

 alone hold ~$6.5B, or nearly 50% of the total cross-chain liquidity locked in lending protocols (according to DefiLlama).

All of this sounds great in theory, but to truly eliminate the need for a trusted third-party intermediary, DeFi lending and borrowing must heavily rely on over-collateralization. This dependency and flexible approach to collateral 

 – which are often overlooked or rarely mentioned by even the most prominent DeFi investors.

Putting your crypto assets to work has many upsides, as long as you 

. We’ll examine the different types of lending markets and analyze a few notable exploits to see what DeFi investors can learn to better protect themselves.

A liquidity market enables two primitive functions for DeFi: permissionless lending and borrowing of assets. The basic mechanics involve a lender that deposits assets in exchange for interest income and borrowers who need to post excess collateral to borrow another asset. The lenders are net long in the asset, while borrowers seek to “short” the borrowed asset or lever up their position (e.g. deposit ETH as collateral, borrow USDC, and buy more ETH for >1x leverage on ETH). These markets have three parties involved: Lenders, Borrowers, and the Protocol itself. Examples of such protocols are Aave, Compound, and Euler.

Other liquidity protocols allow multiple types of collateral and let the user mint stablecoins, better known as entering a Collateralized Debt Position (CDP). This design was popularized by Maker to mint DAI. In this case, there are no third-party lenders and the protocol itself is creating or lending newly created stablecoins to borrowers. Borrowers are seeking either to unlock the liquidity of their long position (borrow DAI against ETH without losing exposure to ETH) or to lever up. Examples of such protocols are Maker, Liquity, Qi (MAI), Abracadabra, and Hubble.

The core view from our framework is that we want to score the

 of the protocol, not necessarily the protocol itself or the borrowers. In some cases, what’s best for the lender is not capital efficient for the borrower (e.g. small loan-to-value thresholds and high liquidation penalties benefit lenders but not borrowers).

In these protocols, borrowers can only post one asset as collateral to borrow one asset (e.g. post USDC as collateral to borrow ETH), while lenders need to choose the specific pair on which they want to earn income (e.g. lend ETH to borrowers that post USDC as collateral). The main benefit is that lenders can choose which market they are willing to lend to depending on their own perceptions of the risk of the collateral asset. A risk-averse lender might lend ETH only in the ETH/USDC pair, while a more risk-seeking lender might choose an ETH/SUSHI pair. If the collateral becomes worthless, only lenders in that pool/pair are impacted without harming the rest of the protocol. The main drawback here is that liquidity is fractured across all pairs, limiting borrowing activity and growth. Examples of fully isolated lending markets are Silo finance, and Sushi (Kashi). Since the risk is contained, these markets work best for highly volatile or thinly traded assets. Most CDP protocols are also isolated, including Maker, Liquity, Abracadabra, and Qi, as their goal is to minimize the risk of their stablecoins depegging.

Borrowers can post one asset as collateral and borrow multiple other assets at once, as though they had one single “cross-margin account” (e.g. post ETH as collateral and borrow BTC, USDC, and CRV, all at once). Lenders deposit in a “global” asset 

 that will lend to any borrower with valid collateral requirements. The main benefit is aggregated liquidity and capital efficiency for borrowers. The main issue is that lenders are exposed to the risks of every asset accepted as collateral, proportional to their share in the collateral 

. If the protocol were to accept a new dog coin as collateral, a sudden drop in its value vis-a-vis the loan would trigger liquidations (i.e. sell the collateral to repay the loans) potentially for less value than the overall debt. Consequently, all lenders would take a haircut on their deposits since the collateral wasn’t enough to cover the loan.

These markets work best for highly traded/liquid assets so that liquidations can be executed efficiently. Examples include Aave and Compound. CDP protocols rarely use this design type but we are aware of at least one: Yeti Finance, where users can borrow a stablecoin against the value of their overall portfolio.

There are multiple ways to mix these two market types. Some protocols list assets as borrowable only if the collateral is considered “blue-chip” (e.g. USDC, ETH, etc.), or some launch multiple isolated markets that accepted multiple assets as collateral (e.g. pool 1 accepts USDC, ETH, and DAI, while pool 2 accepts ETH, CRV, UNI, etc.).

These markets require the most trust assumptions and post the greatest risk due to there being minimal recourse for lenders in the event of default. In fact, these markets are more akin to TradFi than DeFi and require a significant amount of centralization to function. Examples of uncollateralized lenders include Clearpool, Maple Finance, TrueFi, and Goldfinch. We won’t dive deeper into this topic as the focus of this post is mainly around overcollateralized markets.

Notable exploits, and what DeFi investors can learn from them

One of the most significant oracle attacks occurred on 11/26/20 when the price of DAI was manipulated on Coinbase Pro, resulting in Compound having to liquidate ~$90M of assets. At the time, Compound was using Coinbase as its sole price oracle. Blockchains don’t know the current prices of each asset and must rely on oracles to check the prices live from an exchange. It is suspected that a malicious actor manipulated the price of DAI on the Coinbase Pro exchange to as high as $1.30, for a stablecoin intended to be pegged to $1. This led to massive liquidations for DAI borrowers on the platform. For example, if a user borrowed $100 of DAI, and the price subsequently increased to $1.30, his borrowed amount would then rise to $130. If the user’s collateral was only worth $125, then his position would be under-collateralized and liquidated by the system.

Relying on one oracle as the sole source of truth exposed lenders to price manipulation on the Coinbase Pro exchange. A more robust oracle like Chainlink would have prevented this exploit as it uses multiple price feeds.

On 5/18/21, attackers used a significant amount of capital to push the price of XVS (the native token of Venus protocol) to nearly 2x its original price from $80 to $145 and left the platform with ~$100M in bad debt. The main account involved in this attack bought ~1M XVS on Binance, which was enough to substantially increase the price given its low liquidity. It then supplied those tokens to Venus as collateral at its peak price, which allowed the attacker to borrow 4200 BTC (~$168M at the time). When people started selling to secure profits on XVS, the price of XVS plummeted back to around its initial price of $80. This led to all of the XVS collateral being liquidated, leaving Venus with around $80M of bad debt, or the attacker with a net profit of $88M!

One of the critical events that led up to the attack was just prior on 5/8/21 when Venus increased the collateral factor for XVS from 60% to 80%. This meant users could borrow up to 80% of the value of their XVS collateral. In practice, this means a user who puts up $10K worth of collateral can borrow up to $8K worth of a different asset. The loan is then generally paid off with interest over time. However, if a user borrows the full $8K and the value of the token put up as collateral proceeds to drop below $8K, a liquidation event is triggered such that the original collateral is used to pay back the outstanding debt. In the case of Venus, the attackers knew the price of XVS was artificially inflated and would be better off defaulting on their loan and keeping the borrowed assets instead. This resulted in Venus accumulating over $100M in bad debt as the loans became under-collateralized (e.g. the value of the collateral fell so much that even when sold it was less than the original loan amount).

Accepting a thinly traded asset as collateral exposed lenders to price manipulation. The quality of collateral matters – not just oracle robustness. The oracle here (Chainlink) worked as intended.

On 10/12/22, a whale successfully drained over $100M from Mango. Similar to Venus, the attacker exploited the protocol’s low liquidity and volume to manipulate the price of MNGO (the native token of Mango Markets). The whale began by funding ~5M USDC collateral into account A, which was used to take out 483M units of MNGO perpetual position. He then funded account B with another ~5M USDC collateral to purchase the MNGO perps for $0.0382 per unit. By counter-trading against the position on three separate exchanges, he succeeded in spiking the spot price of MNGO massively from $0.03 to $0.91. At its peak price, account B had an unrealized profit of ~$423M! Using the unrealized profit from the long perp as collateral, the attacker was then able to take out a $116M loan and effectively drain all available liquidity on Mango.

Once again, the quality of the collateral is what exposed lenders on Mango. The use of a protocol’s own token as collateral is also risky as it introduces a higher potential for the team to use it as exit liquidity.

On 11/22/22, the same Mango exploiter deposited $35M USDC in Aave as collateral to borrow ~17M in CRV tokens (~$8.5M). The whale starts selling CRV on-chain to move the price down and loops his sold CRV to deposit more USDC as collateral and repeat. However, on the same day, the Curve team released a new whitepaper detailing Curve’s new stablecoin, which caused the price of CRV to increase by 75% within 2 hours (from $0.41 to $0.72). This led to the whale’s position on Aave being flagged for liquidation (i.e. a bot sells the USDC collateral to buy CRV and repay the loan). The problem was that CRV liquidity wasn’t large enough to absorb a large buy order without slippage, and ultimately the collateral wasn’t enough to repay the full loan. Overall, Aave CRV lenders absorbed $1.6M in bad debt as a result (

Aave V2 similarly accepted several thinly traded tokens as collateral, had no restrictions on the borrowed asset, and used a poor liquidation mechanism that led to greater price slippage.

DeFi money markets have come a long way since their inception in 2018. Lending and borrowing services have become a staple in the DeFi ecosystem and continue to serve as a major use case. The 

 led to an explosion in the amount of value locked in these protocols as it was a highly appealing way for investors to compound their assets. There is no free lunch though, as we’ve seen with the exploits. Investors must be aware of a variety of factors – from the collateral types to the liquidation mechanism. As technology and protocols evolve, new challenges and solutions will emerge. Despite a recent decline in overall TVL across money markets, the demand for incorporating blockchain technology to revolutionize traditional finance remains strong.

In our next post, we’ll discuss how Exponential is building the bridge to a decentralized future by helping investors 

. We believe DeFi is here to stay, and with the right tools, can unlock financial freedom for all.

Demystifying DeFi: lending and money markets – Vol II