TL;DR - Our analysis shows that an oracle manipulation-based attack analogous to the one that cost Mango Markets $117m is much less likely to occur on Aave V2 ETH due to collateral assets having much deeper liquidity than MNGO and Aave requiring loans to be over-collateralized.
Aave relies on Chainlink Price Feeds to report prices for collateral assets, which should be much more expensive and difficult to manipulate due to the many layers of aggregation logic run by independent parties, each of which is running a different proprietary algorithm observing multiple sources of liquidity. A successful attack would require manipulating the price on multiple liquid venues over an extended period of time. This is a stark contrast to the Mango attack, where price discovery largely occurred on a single illiquid venue, or typical flash-loan attack where the oracle price is instantaneously determined by a single Uniswap v2 style DEX pool.
However, out of an abundance of caution, we wanted to open community discussion on whether the Aave DAO should turn off certain illiquid assets as collateral given the risk/reward tradeoffs and these assets’ usage. Liquidity statistics are provided below.
Rather than delisting these assets entirely, it may cause less user friction by turning off the assets as collateral instead (e.g., changing LTV to 0% and gradually reducing LT).
We are targeting a Snapshot vote for Friday, 10/21/2022 for a temperature check on whether the community would like to turn off the below assets as collateral (and which assets if so).
We welcome thoughts from the community.