Produced | NEST Fans (nestfans.com) has been authorized by the author to publish
Produced | NEST Fans (nestfans.com) has been authorized by the author to publish
On the afternoon of November 26, the price of the stablecoin DAI on the Coinbase exchange fluctuated violently. It once soared by more than 30% to $1.34 (Figure 1), and then fell back quickly. This led to a decentralized lending platform using Coinbase as an oracle to feed price information There has been a mass liquidation of Compound’s collateralized assets.
image description
On November 26, Compound mortgage assets were liquidated on a large scale.
image description
Figure 2 Data source: Dune Analytic
Mortgage lending platform total loan ranking
image description
Figure 3 Data source: Debank
The minimum mortgage rate requirements for different currencies in Compound are different, and DAI is generally 75%. The large fluctuations in the price of DAI led to large fluctuations in the mortgage ratio (debt value/mortgage asset value), which usually seemed relatively safe, and thus triggered the liquidation line.
For example, if a user borrows 210 DAI with 300 UDST, if the price of DAI and USDT can be stabilized at around 1 USD, the mortgage rate is 70%. When DAI rises to 1.34 USD, the value of the loan will increase greatly While the value of the mortgaged assets remains unchanged, the mortgage rate at this time will rise to about 93.8%, which is much higher than the minimum requirement of the mortgage rate, resulting in liquidation.This Compound oracle attack incident is not the first attack on the quotation system in the near future. Harvest Finance, Value DeFi, Cheese Bank, Origin Protocol, etc. have been attacked by similar oracle machines recently. There have been mass liquidations.
It is a typical oracle attack to manipulate the information sources that the oracle relies on for a short period of time to achieve misleading prices on the chain. Its essence is to manipulate the oracle, causing internal and external price
and use new financial tools such as flash loans to arbitrage them.
Compound needs oracle prices to determine borrowing capacity and collateral requirements, and for all functions that need to calculate account value. The Compound white paper mentions that the so-called oracle function is entrusted to a committee that aggregates prices from the top ten exchanges. The reality is that the DAI price data used by Compound only relies on Coinbase, a centralized exchange, to provide it. The price data source of the oracle machine is centralized and single, and the centralized source is easy to forge, tamper, modify or hide information.
The main disadvantages of using centralized oracle machines are specifically analyzed in the following three points:
2) Users need to trust the centralized platform or a third-party independent organization, which violates the basic principles of trustless and decentralized blockchain:
3) A single platform and a third-party organization have information on all user Query data and cannot guarantee user privacy.
secondary title
Decentralized oracles save the DeFi ecosystem: NEST Protocol
Compound is a typical DeFi project, which is decentralized. A decentralized lending platform has always used a self-built centralized oracle machine, which is very contradictory. So I think that using a decentralized oracle service that conforms to the essence of the blockchain is the best solution to avoid such incidents.An oracle is an infrastructure that can bring data from the off-chain world to the blockchain in a way that conforms to the blockchain consensus mechanism. DeFi has a great demand for off-chain information, and its development is inseparable from a price oracle machine with truly decentralized verification."Why NEST is the only one available for DeFi。
Oracle
image descriptionFigure 4: Comparative analysis of current major oracle projects
Chainlink, NEST Protocol, Band Protocol, and Tellor. These four oracle machines follow different design principles and have different degrees of decentralization, please refer to the articleAmong them, NEST Protocol adopts a brand-new incentive method to carry out the decentralized data on-chain process, and miners make bilateral quotations on assets through pledge quotation transactions.
For example, staking 30 ETH and 17400 USDT at the same time means that the miner's quotation for ETH is 580 USDT/ETH. When the quotation is incorrect, the arbitrageur can buy the tokens on either side pledged by the quoted miner within 25 blocks (about 5 minutes), thereby correcting the price. If the quotation is not challenged within 25 blocks, it means that the quotation cannot be arbitraged; the quotation will be called by the downstream DeFi protocol of NEST Protocol (Figure 5). There is no similar verification process in other oracles, so other oracles cannot guarantee that their price data will not be arbitraged by the market.
image descriptionFigure 5: The arbitrage mechanism of the NEST oracle makes the quotation within a calculable rangeThe verification mechanism of NEST Protocol makes it difficult for malicious offers to take effect.
If an attacker makes a malicious offer on NEST Protocol, it will be exposed to a large arbitrage space in the market. For the calculation of NEST oracle's anti-attack mechanism and attack cost, please refer toIt can be understood that the NEST oracle system generates the price data verified by the whole market on the chain, and uses the game between the verifier and the quotation miner to punish the wrong quotation miner, so that the wrong data will not be passed by NEST Recorded by the oracle system. Other oracles "upload" the off-chain price data to the chain, and the caller cannot verify whether the data is wrong or not. They are used first, verified later. If something goes wrong, the user's assets will be lost and then traced and punished. However, NEST directly prevents wrong data from being adopted, which is the essential difference between NEST oracle machines and other oracle machines.
DeFi developers: How to call NEST oracle price data
secondary titleanalysis Summary:The current DeFi protocol is essentially the blockchainization of traditional finance. Here's a "funny" fact:Most of the current DeFi developers do not use blockchain-based
Instead of developing in the way of the Internet, it runs counter to the spirit of the blockchain.I have seen some DeFi developers make blind compromises and compromises, chasing the bottom and chasing the end, and going further and further away.DeFi developers also need to realize that if they want to build a huge financial empire in the blockchain world, they must first solve the price oracle problem.For the price oracle itself,It must be achieved that the price data is generated on the chain in a way that conforms to the consensus mechanism of the blockchain. No matter how high the cost and how difficult it is, this is the only feasible and correct logic; instead of
