In light of DeFi’s recent economic attacks on the credit market, risk monitoring and management have become a key factor for success within the ecosystem. Appropriate procedures must be followed to ensure the future growth of the space. This article aims to examine Mango Markets’ recent economic attack, how it was orchestrated, and possible mitigation strategies.
To understand how sensitive DeFi protocols are to each specific type of risk, let’s look at the 62 largest incidents that have occurred to date. This includes hacks in the hundreds of millions for bridges, economic collapses of algorithmic stablecoins and outright theft of user funds.
Here’s the breakdown of the key risk factors behind the 62 biggest DeFi attacks. More than $50 billion in losses are accounted for for economic risks. This estimate includes the collapse of the infamous Terra ecosystem. While technical factors are responsible for the majority of attacks in DeFi, economic risks have caused a greater loss of dollar value.
In addition, the recent series of economic attacks on various lending protocols such as Mango and Moola has exposed the danger this poses to the ecosystem. In addition, many of these lending protocols were attacked with the same vector. The attack consisted of a highly complex strategy where the attacker identified the backed collateral with the lowest liquidity and market capitalization. Low liquidity assets are the most vulnerable to flash lending or price oracle manipulation attacks.
The indicator shown above is for educational purposes only; no live data is shown as it is for reference only. DEX Pools Liquidity Indicator is part of a series of mock-ups built for a proposal on the Euler forum.
By tracking the available liquidity for an asset in decentralized exchanges, we can estimate how prone it can be to being manipulated. A healthy level of available liquidity for backed collateral assets is an important safety factor. In the case of low liquidity tokens listed as collateral, stability issues in the protocol may arise. In addition, this could facilitate an easier path for price manipulation, where attackers abuse the protocol.
The main goal of an attacker who orchestrates this type of attack is to increase the amount he can borrow. This can be done by pumping up the spotted asset with low liquidity to be able to borrow large amounts of other backed, more stable assets.
The chart above depicts the MNG token price on the FTX exchange. In this case, the attacker combined the protocol’s lending functionality with its perpetual contracts. The attacker manipulated the spot price on Raydium, triggering an oracle update. This allowed him to borrow against another open position he had previously placed on the Mango Markets protocols. Finally, when the MNGO price recovered, the protocol was left with a default.
With regard to the indicators shown above, in which they try to identify weak links in the protocol, there are also ways to identify possible threats from the attacker side. Usually, economic exploits are carried out quickly; therefore, the indicators below are for educational purposes in assessing potential threats to the landing concentration of whales.
The indicator for the Whale Supply Concentration is also part of the proposal on the Euler forum. This indicator is useful to identify potential threats to the protocol depositors. For example, if one of the largest protocol depositors is in the least liquid asset that the protocol backs as collateral, it may be worth investigating the specific address further.
This indicator can be valuable to use along with the DEX Pools liquidity indicator shown above and is particularly worth checking if the whale token concentration is one of the weakest tokens supported by the protocol. This could help reveal potentially harmful events.
Mango Markets protocol TVL can be seen on the above indicator. A clear drop can be seen after the attacker borrowed money using his position on the MNGO token as collateral. In the end, the protocol was left with bad debts due to the price manipulation events.
Appropriate tools like the one shown above aim to bring the DeFi ecosystem one step closer in the right direction. These are just some of the early indicators that first describe recent events and then try to protect users from these types of incidents in the future. The goal is for users and protocols to take advantage of available on-chain information.