License: Creative Commons Attribution 4.0 International license (CC BY 4.0)
When quoting this document, please refer to the following
DOI: 10.4230/LIPIcs.AFT.2023.27
URN: urn:nbn:de:0030-drops-192164
URL: http://dagstuhl.sunsite.rwth-aachen.de/volltexte/2023/19216/
Arjmand, Alireza ;
Khabbazian, Majid
Liquidity Management Attacks on Lending Markets
Abstract
Decentralized Finance (DeFi) continues to open up promising opportunities for a broad spectrum of users, with lending pools emerging as a cornerstone of its applications. While prominent platforms like Compound and Aave maintain a large share of the funds in lending pools, numerous other smaller pools also exist. Many of these smaller entities draw heavily from the design principles of their larger counterparts due to the complex nature of lending pool design.
This paper asserts that the design approaches that serve larger pools effectively may not necessarily be the most beneficial for smaller lending pools. We identify and elaborate on two liquidity management attacks, which can allow well-funded attackers to exploit specific circumstances within lending pools for personal gain. Although large lending pools, due to their vast and diverse liquidity and high user engagement, are generally less vulnerable to these attacks, smaller lending protocols may need to employ specialized defensive strategies, particularly during periods of low liquidity. We also show that beyond the six leading lending protocols, there exists a market value exceeding $1.75 billion. This considerable sum is dispersed among over 200 liquidity pools, posing a potentially attractive target for bad actors.
Furthermore, we evaluate existing designs of lending pools and suggest a novel architecture that distinctly separates the liquidity and logic layers. This unique setup gives smaller pools the adaptability they need to link with larger, well-established pools. Despite encountering certain constraints, these emerging pools can leverage the considerable liquidity from larger pools until they generate sufficient funds to form their own standalone liquidity pools. This design cultivates a setting where multiple lending pools can integrate their liquidity components, thus encouraging a more diverse and robust liquidity environment.
BibTeX - Entry
@InProceedings{arjmand_et_al:LIPIcs.AFT.2023.27,
author = {Arjmand, Alireza and Khabbazian, Majid},
title = {{Liquidity Management Attacks on Lending Markets}},
booktitle = {5th Conference on Advances in Financial Technologies (AFT 2023)},
pages = {27:1--27:21},
series = {Leibniz International Proceedings in Informatics (LIPIcs)},
ISBN = {978-3-95977-303-4},
ISSN = {1868-8969},
year = {2023},
volume = {282},
editor = {Bonneau, Joseph and Weinberg, S. Matthew},
publisher = {Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
address = {Dagstuhl, Germany},
URL = {https://drops.dagstuhl.de/opus/volltexte/2023/19216},
URN = {urn:nbn:de:0030-drops-192164},
doi = {10.4230/LIPIcs.AFT.2023.27},
annote = {Keywords: Lending Pools, DeFi, Interest Rate, Liquidity Management Attack}
}
Keywords: |
|
Lending Pools, DeFi, Interest Rate, Liquidity Management Attack |
Collection: |
|
5th Conference on Advances in Financial Technologies (AFT 2023) |
Issue Date: |
|
2023 |
Date of publication: |
|
18.10.2023 |