Proposal: Increase the Security of Strike Protocol

Summary

Currently, any funds deposited into the Strike protocol face several risks, which may severely hamper Strike’s wider adoption as a successful money-market protocol. However, there are several easy steps that can be taken to make Strike a more attractive money market for larger sums of capital including users from Compound, Aave, and CREAM.

Background

Strike is a recently-launched decentralized money market that is a fork of Compound. Strike currently has 10 assets available for lending and borrowing. At time of writing, almost $19m is supplied to the protocol, ~60% of which is in the form of STRK token.

While most assets available to supply on Strike have a 60% collateral factor (amount that a user may borrow against an asset), STRK has a CF of 40%.

Problems

There are several issues with the current setup of Strike’s money market:

  • Admin of the comptroller and timelock is currently set to Strike’s deployer, meaning a single wallet controls everything in a system of upgradeable proxies.

  • STRK makes up a disproportionate share of the value supplied to the money market, and this is primarily supplied by a single wallet. As seen below, this one wallet makes up ~80% of all supplied STRK, valued at greater than >$8m.

  • STRK has extremely low liquidity and volume, making the price susceptible to manipulation.

Previously, I mentioned in the Strike telegram channel the potential of a similar attack as what happened to Venus (read about here: BSC’s Venus Protocol Left With Bad Debt After Liquidations - The Defiant - DeFi News).

Having so much collateral in the form of a highly illiquid token (STRK liquidity is very low on all exchanges) and held predominantly by one wallet is a recipe for disaster as it would be trivial for that wallet to borrow assets and never pay them back, because they could never easily dump ~$8m of STRK anyway. Currently, this wallet could borrow ~$3.2m of ETH, stablecoins, or other far more liquid tokens than STRK and never look back.

Solutions

  • With a quick check this evening, it appears that the deployer has already moved to set admin for the comptroller to a timelock contract, which is exactly what Compound’s current setup is. This is a fantastic step in the right direction. The next step would be to now set admin for the timelock as governance, to ensure that control of governance truly is in the hands of the community, and gives us sufficient time to vet any changes or upgrades to the protocol.
  • Regarding the ability for a single user to borrow large amounts of assets against STRK—I think the safest move is setting STRK collateral ratio to 0 for now. There is no way to guarantee that a similar exploit won’t happen as happened to Venus, and until we get a higher ratio of non-STRK funds into the markets (or STRK gets better liquidity), I think this is the only viable option.
  • However, I think it would also be great to allow higher CFs for stablecoins and the other blue-chip tokens that Strike has as markets. By allowing CFs as high as 90% for stablecoins, 80% for WBTC and ETH, and 75% for LINK, UNI, and COMP, we can entice holders of these coins to come deposit to borrow against their assets. With more aggressive CFs, this may also lead to a greater chance of liquidations, which would bring more users (to participate in the liquidation process) and revenue to the protocol itself. Strike needs a way to differentiate itself to give users a reason to use the protocol; I think by offering aggressive CFs on blue-chip tokens we can do this.

I’m happy to hear any feedback or discussion on this proposal, and am looking forward to being an active participant in Strike’s emerging governance!

In addition to what I raised in the post, I think it’s also worth mentioning that the low liquidity of STRK makes it very difficult to liquidate a user who is borrowing against a substantial amount of STRK holdings.

For instance, there is currently a user 0xe01514D108F84e7D4e57200C907464B50b917e21 who is about ~$10k underwater on their ETH borrow against STRK. Even though a potential liquidator would get ~$1k bonus, they would need to offload ~23 ETH worth of STRK to do so, which would encounter massive slippage.

Thus, having STRK enabled to borrow against isn’t just risky or users of the protocol, it’s risky for the protocol itself, as having a lack of liquidators is a very dangerous game.