Bandot breaks the routine-builds a new defensive core for liquidity management

Harvest Finance hacking incident

On October 26, 2020, an unknown user invaded Harvest Finance’s liquidity pool using a technique that you may have guessed: the attacker executed transactions to suppress the USDC price in the Curve protocol liquidity pool to reduce The latter price enters the Harvest liquidity pool, and then reverses the previous transaction to restore the price, and then exits the Harvest liquidity pool at a higher price. This caused more than $33 million in losses to the Harvest liquidity pool.

yVault vulnerability

The first yVault allows users to use USDC to provide liquidity to the MUSD/USDC liquidity pool in the Balancer agreement to earn income. When users provide liquidity to the Balancer pool, they will receive BPT in return, which can be exchanged for a portion of the assets in the liquidity pool. Therefore, yVault calculates its holding value based on the amount of MUSD/USDC that can be redeemed using BPT.

This implementation seems correct, but unfortunately, the dangerous principle we mentioned earlier also applies: the state of the Balancer liquidity pool during the transaction is unstable, and its price cannot be trusted. In this case, due to the joint curve chosen by Balancer, users will not get a 1:1 exchange rate from USDC to MUSD, but will actually leave some MUSD in the liquidity pool. This means that the value of BPT can temporarily inflate, which gives attackers a loophole for malicious manipulation of prices, and then drains the treasury.

The above case cited the well-known white hat Sam Sun’s article detailing why DeFi frequently launches price oracle manipulation attacks

In summary of all the above cases, it is not only the price oracle manipulation problem that is involved, but also the malicious scrubbing of transaction pairs in each pool, resulting in a rapid increase in the price of tokens in one of the fund pools, and hackers profited from this. . You can look at the following case:

Just like Uniswap’s functional formula for retained assets. Its internal quotation is calculated based on the amount of assets held by the reserve, but as users trade between ETH and USD, the reserve assets are constantly changing. What if a malicious user executes a transaction before and after obtaining a loan from your platform?

Before users get a loan on your platform, they buy 5,000 ETH for $2 million. Uniswap exchange now calculates the price as 1 ETH = 1733.33 USD. Now, their 375 ETH can be used as collateral, which can lend up to 433,333 US dollars in assets, and then they exchange the original 5000 ETH for 2 million US dollars to reset the price in Uniswap. The result is that your loan platform agrees that the user has lent an extra $333,333 in unsecured loans.

why is Bandot able to resist the attack probability of price oracle operation?

A key function of Bandot in the entire economic system is vAMM. The vAMM system is composed of two core parts. One is a virtual multi-currency fund pool. The second is an index fund generator. The index fund generator consists of internal and external components. The price oracle machine forms a 2-of-2 quotation mechanism. Later, we will upgrade to the M-OF-N quotation mechanism. This method is now adopted by many large-scale projects: Maker runs a set of price sources operated by trusted entities, Compound creates special quoters such as Open Oracle and Coinbase, Chainlink Aggregate price data from Chainlink operators and publish it on the chain.

The mechanism of our Bandot vAMM (Virtual Automated Market Maker Protocol) mortgage attack:

Prevent the physical fund pool from being maliciously washed

vAMM is composed of two fund pools to form a physical fund pool and a virtual fund pool. If you don’t know much about it, you can review our previous article for a detailed introduction.

In vAMM, the virtual capital pool and the physical capital pool coexist, and the virtual capital pool is an important “buffer pool” in the range of the physical capital pool.

When the supply of tokens increases, it does not just flow into the real capital pool field. The virtual capital pool will diverge part of it, and sometimes even the vast majority. That is, when the money supply increases, the physical capital pool does not increase the amount of money too much, not only there is no inflation, but there may even be continuous deflation. In the virtual capital pool system, these funds will flow out of the virtual capital pool when the physical capital pool is needed, and flow into the virtual capital pool when not needed. In the entire system, the token supply of each physical pool will be instantaneous Rebalance.

As for the virtual capital pool, we belong to a multi-currency virtual capital pool, and give priority to the inclusion of highly liquid tokens in the virtual capital pool: because the virtual capital pool first aggregates various tokens into different virtual capital pools, and then Different token funds pools are virtually converted into a total amount of stable coins (such as bUSD, DAI). For example: “For example, if you have a value of 1,000 USD in ETH; 5,000 USD in BTC and 3,000 USD in DOT, then the total balance of the virtual fund pool is 9,000 USD in bUSD or DAI. Users can only see virtual funds. The total amount of the pool, but the liquidity model of the tokens that make up the virtual fund pool is not known, which prevents hackers from performing targeted malicious washing capabilities.

The funds stranded in the virtual fund pool are always flowing out and in, which gives it the function of allocating funds. This kind of fund pool configuration function is challenging the traditional fund pool configuration mechanism.

Then why are we a multi-currency virtual capital pool?

Example of calculation of multi-currency liquidity coverage ratio: There are 1100 bUSD deposits in the physical fund pool and 1000 DAI deposits.

Calculation of the total current coverage ratio: From the perspective of the total calculation method, even if the deposits of bUSD and DAI each have 1,000, the two are not completely offset. If the current weight of the inflow of bUSD funds is 20%, and the weight of the outflow of DAI is 25%, that is, when the inflow and outflow are equal, there will be a 5% difference in the total due to the difference in weight.

That is: the physical capital pool needs to arrange high-quality liquidity of bUSD 50 under the total calculation.

Price oracle discovery mechanism

What chemistry can the index fund generator and virtual fund pool produce?

An index fund is an investment tool that is composed of multiple asset targets in a corresponding proportion, and is used to track certain market indicators or asset prices. For example, the commonly referred to as the S&P 500 or the Shanghai and Shenzhen 300 are two large-market indexes that track the trend of the market.

Tracking the cryptocurrency market situation can be composed of Bitcoin (which can be realized by using WBTC or HBTC cross-chain to Ethereum), Ethereum and DAI; tracking the DeFi ecosystem can be composed of the native tokens of the DeFi protocol, we understand through a case the whole process.

Assuming that the current market price is 1 BTC = 10000 USDC, we create a liquidity pool consisting of 50% Bitcoin and 50% USDC on Bandot, trying to track the price of U.S. dollars and Bitcoin.

If, on a certain day, the BTC market of the physical fund pool is maliciously brushed, the fair price increases by 20% and reaches 12000 USDC, then the two assets in the fund pool account for the value of the fund pool according to the latest market price. Corresponding adjustments have taken place, 55% and 45% respectively.

However, the exchange ratio of the fund pool remains on the constant product curve of 1 BTC = 10000 USDC. For external traders, the price in the fund pool deviates from the market price, and external traders are profitable.

Calculated according to the constant product model, the arbitrageur can invest $500 in the capital pool in exchange for 0.0476 Bitcoin (equivalent to 1 BTC = 10,504 USDC). The price of this BTC is much lower than the market (1 BTC = 12000 USDC). Users can Sell 0.0476 bitcoins on the open market and get 571.2 USDC.

Then we combine the price discovery mechanism of Bandot’s index fund generator with the automatic adjustment mechanism of vAMM’s liquidity supply, which is equivalent to carrying out the “rebalance” of the physical fund pool and restoring it to the value set at initialization Index allocation ratio to resist a large number of malicious disk washing.

The index fund generator cooperates with vAMM to be able to resist hackers’ malicious brushing attacks. The liquidity control of virtual assets is conducive to deter malicious speculation opportunities and avoid their impact on the overall economic pool.

Bandot is Polkadot’s first stable coin unsecured lending system. ERC-20 holders can use their mobile digital assets for mortgage to realize cross-chain token circulation. Bandot focuses on cross-chain DeFi, and it attempts to unlock the liquidity of pledged assets outside of Ethereum.

Bandot community

Official website:

Twitter: @hellobandot