WBTC's (and others) pricing mechanism on Aave

Governance
6

BTC vs. WBTC Oracle Analysis

Disclaimer: This is an initial analysis conducted by the Chaos Labs team with primary consideration on oracle manipulation costs and the market liquidity for WBTC. We are continuing to investigate potential concerns and areas of analysis to better inform the community with regards to switching the oracle from BTC/ETH to WBTC/ETH.

Risk Assessment Methodology

Our primary objective for this analysis was to understand the risk involved with switching the oracle feed for WBTC pools on Aave from BTC/ETH to WBTC/ETH, specifically:

  1. Research WBTC-specific attack vectors
  2. Identify the liquidity sources behind the WBTC/ETH Oracle
  3. Estimate the cost of attack in each scenario
  4. Determine if the attack is feasible under the current state of liquidity

Motivation

Historically, the WBTC/BTC has been relatively stable at 1:1, but recently it has begun to decouple. We have no reason to believe there is a risk of the underlying assets held with Bitgo, but the gap in price impacts the economics for users interacting with the asset on Aave.

If a depeg were to occur, it would likely happen too fast for the protocol to appropriately respond if using the BTC/ETH oracle price. Together with the risk to the protocol (infinite supply of worthless WBTC as collateral based on incorrect prices, which could, in theory, allow a user to drain all assets from the protocol), it has a low probability but a huge impact.

WBTC/ETH Oracle Migration Considerations

High volatility that converges back to the peg can cause WBTC collateralized position to get liquidated when the peg is broken for a short time significantly enough, e.g., supply WBTC, withdraw USDC if we assume that the BTC rate stays relatively unchanged and position health is 1.1. If WBTC/BTC falls to 0.85 and then returns to 1, in the short period the peg broke to 0.85, the position would be liquidated.

The primary risk of switching is from oracle manipulation due to the relatively lower volume than BTC (as @ebaodo noted above). Oracle manipulation has become a higher-priority concern in the market due to falling market caps and depressed liquidity. Still, it is not one that we view to be very likely. Unfortunately, the details are hard to assess precisely because AAVE uses Chainlink Oracles, whose composition needs to be clarified. We assume the Chainlink Oracle uses a volume-weighted average price across the different CeFi and DeFi venues with the deepest liquidity.

WBTC Daily Trading volumes have been ranging around $100M-$500M during the past six months with minor exceptions.

Screen Shot 2022-11-28 at 13.48.49
Screen Shot 2022-11-28 at 13.48.491512×690 77.6 KB

Oracle Risk

We would appreciate more community feedback around the risk appetite for these types of attacks, but we can provide data to help quantify the risk of oracle manipulation:

  1. We can see there’s little liquidity on CeFi vs. DeFi for WBTC.
  2. Moreover, the constant product of the v3 infinite-range position on uni v3 makes it hard to manipulate, as described by Seraphim in his post on the Euler forum. Because the oracle price is a weighted average of the most liquid venues, to manipulate the oracle price, the attacker must manipulate the DEX price, so it is most relevant in the case of WBTC.

Lack of WBTC liquidity in CeFi Venues

It is easy to see that there is not much depth in CeFi:

Screen Shot 2022-11-27 at 17.20.34
Screen Shot 2022-11-27 at 17.20.341453×339 115 KB

Binance WBTC/BTC is centralized exchanges’ only truly active pair (>$1m in daily volume).

Below we can see the Binance WBTC/BTC Order Book, which is the most liquid CeFi order book of WBTC. There is a cumulative sum of 677 BTC bids and around 1.2K BTC asks within a range of 7.6% from the current price (pegged). This is thin liquidity and the price can be shifted drastically up or down with $10Ms demand or supply.

Screen Shot 2022-11-27 at 17.24.54
Screen Shot 2022-11-27 at 17.24.54877×461 14.3 KB

Conversely, we can find more liquidity with around 7.3% slippage on Ethereum Uni V3:

Screen Shot 2022-11-27 at 17.40.43
Screen Shot 2022-11-27 at 17.40.43565×630 113 KB

But also liquidity beyond the range. As we can see below, there is wide liquidity in the UNI V3 Pool WBTC/ETH covering the entire price range.

Screen Shot 2022-11-27 at 17.30.03
Screen Shot 2022-11-27 at 17.30.031287×638 163 KB

Conclusion

As we can see, the majority of liquidity is in Uniswap and any oracle pricing should be significantly based on DeFi venues, not CeFi. We will confirm that this is the case with the Chainlink oracle for WBTC.

Ideally, we believe that using UNI V3 TWAP Oracle would be the best solution in this case, as it further mitigates the risk of manipulation by looking at the DEX pool only. If chainlink oracle also relies on CeFi books, manipulating them could affect the aggregated price. There are more technical considerations to this change that need further exploration, but it would provide a healthy alternative to CEX-dependent Oracles depending on the Chainlink configuration.

Attack Analysis and Profitability

Dump Attack

The maximum losses AAVE can suffer from a WBTC price drop to zero can be $400M (total available borrows). However, the cost of manipulation on Uniswap v3 is very high, as shown below:

  • Dropping the price of WBTC 80% down will incur a $320M loss to the protocol ($400*0.8)
  • The upfront cost of such a dump is $20K BTC (>$320M at the time of writing).

Therefore, such an attack will likely be unprofitable for the attacker as they will only liquidate other positions but not make any personal gains. We can assume such an attack will be carried out as part of a price manipulation that profits from a leveraged short position elsewhere and AAVE is used as a proxy to increase capital efficiency, i.e. - borrow a huge amount of an asset, dump the asset, then profit from the short position and withdraw nearly all collateral when he borrowed asset price drops.

Screen Shot 2022-11-27 at 17.50.45
Screen Shot 2022-11-27 at 17.50.45594×531 39.1 KB

Pump Attack

The losses that AAVE can suffer from a WBTC pump attack is the depletion of assets from the protocol. Still, the cost of manipulation on Uniswap V3 is much higher than other assets, which makes the attack not likely. As we can see, pumping WBTC 90% will cost over $600M.

Screen Shot 2022-11-27 at 17.56.21
Screen Shot 2022-11-27 at 17.56.21597×509 41.2 KB

The Risky Scenario

In the case of a WBTC depeg, a depletion of liquidity is possible, leaving the asset susceptible to manipulation. However, AAVE is better off with a WBTC Oracle than with a BTC Oracle that will provide inaccurate prices.

Conclusion

In summary, we believe a WBTC/ETH Oracle is less vulnerable to manipulation than most price oracles used by the AAVE protocol currently. For example, using Uniswap V3 as a cost benchmark, we can estimate the following:

  • ~600M to pump WBTC 90%
  • ~$330M to dump 80%

Despite the small likelihood of a black swan event (WBTC de-peg), we believe the benefits of migrating to a WBTC oracle are advantageous to retaining a BTC/ETH price feed and therefore support migration to the WBTC/ETH oracle.

6 Likes