The Mango Markets manipulation from yesterday also seems to indicate that liquidity attacks represent a real risk to the protocol.
In this case the attack worked somewhat differently from attack described above in OP. General process (slightly different due to use of perps, but this would be the equivalent for spot liquidity market like Compound):
- Deposit stablecoins or other hard collateral with high collateral factor in account A
- Borrow/short low liquidity asset
XYZ
from account A - Transfer
XYZ
from account A to account B and deposit as collateral - Purchase a lot of
XYZ
across DEX/CEX to push price up significantly - (optional) Deposit additional purchased
XYZ
to account B - Account A may be pushed into liquidation, causing further upwards price pressure on
XYZ
- Borrow hard assets (stablecoins, ETH, etc) at max LTV from account B using inflated value of
XYZ
collateral
If amount borrowed in step 7 (XYZ
collateral * price * collateral factor) is greater than sum of collateral provided in account A (step 1) and cost of purchased XYZ
(step 4), then the attack will generate a profit. The largest risk factor for an attack like this being profitable is illiquidity of a prospective target XYZ
asset - this would allow the an attacker to move the price up significantly with relatively smaller amount of capital. Secondary risk factors include collateral factors for XYZ
asset and of other hard collateral assets that could be used to borrow XYZ
.
I’m working on a proposal that I think could reduce risk of these sort of liquidity attacks, while having minimal impact on capital efficiency and UX of regular / non malicious users. Hope to share more soon!