Olivia
Online
atiselsts.eth
@atiselsts_eth
Researcher | ex @chaoslabs
Joined February 2023
1K Following
2.3K Followers
1.8K Posts
Sources: I relied heavily (but not exclusively) on this excellent article by Justin Thaler (@SuccinctJT):
https://t.co/30J8ES7pYk
Image source (CC BY-NC 2.0): https://t.co/FCdaII30ZQ
On how Ethereum is tackling the risks: https://t.co/usTvqallEA
https://t.co/4KlcXZajls
My read of this is that IF we can build reliable prediction-market oracles (which seems like a much easier problem than building real time oracles) THEN we can unlock this.
Risk perspective: "liquidation hunting" will be replaced with "rollover hunting"
https://t.co/OS4JvFub28
Building index-tracking assets on top of options instead of debt
https://t.co/gFNEvCbHct
What if the use options as the base of defi, instead of CDPs and liquidations? So instead of extreme price movements creating a sharp and global "you get liquidated" effect, instead your exposure to the index diverges quadratically from your preferred exposure in a smoother way?
A key benefit is getting rid of the need for instant oracles, and instead making everything work on top of "slow oracles" (ie. the type that prediction markets use)
This design has a significant downside - the need to do regular rebalancing - and an open question of whether and how this rebalancing can be made slippage-resistant enough. But it's worth considering and trying IMO. I would feel much safer holding algostables inside something like this, than in something that depends on an oracle that has to give real-time answers (and therefore could be tricked into giving wrong real-time answers with no time for human recourse).
@cryptoeconprof Who do you think should be responsible for that execution?
@MattFiebach Also the "optimality" where it exists in tradfi is mostly limited to a very small set of actors. For the common guy it's very far from that.
@MattFiebach Mostly agree. DeFi - democratizing finance, not replacing it.
But disagree on it already being "structurally" optimal. Settlement remains strictly better in crypto - clear finality, no counterparty risk. Risk surface is smaller, and risk mgmt can be automated to a higher degree
@letsgetonchain @OriginProtocol exactly. and I kind of said that it's not matching the 3rd requirement
@mcp0x @binance @HyperliquidX The 10.95% APR number always seemed weird to me, thanks for digging deeper
@hrkrshnn the specifics absolutely not - they're pretty impossible to get right in foresight - but I feel I did get the general direction: https://t.co/5TUVcbjcgR
Let's put it this way - if I was writing something creative in English and had access to the GPT-3 API, I'd see no reason t not use GPT-3 to help with the writing. I expect GPT-3 to be super useful as a tool, in varied applications including coding.
@newmichwill Agree very much.
Posted before the latest hack: https://t.co/eljWMkuwdi
Low risk DeFi can't be the revenue engine for @ethereum if low risk DeFi does not exist. (Other than a couple of OG protocols like Uniswap)
EF is already doing plenty to make the core protocol more secure. Next step is including DeFi too, like Solana has https://t.co/d5qdz99E2S
On April 6, I ran an AI-assisted security scan on Kelp DAO and flagged their LayerZero DVN bridge config as an unresolved risk.
12 days later, that exact attack surface was exploited for $292M.
The tool didn't find a code bug. It found something code audits can't catch: a 1-of-1 bridge validator config that Kelp never disclosed publicly. One node compromised = $292M drained.
Kelp had 5+ code audits from top firms. None caught it — because it's not a code problem.
The tool is open-source. Anyone can run it on any DeFi protocol before depositing.
What it checks that code scanners don't:
→ Bridge validator thresholds
→ Governance gaps between core contracts and operational configs
→ Historical attack pattern matching (Ronin, Harmony, Drift)
What protocols are you exposed to that haven't disclosed their DVN config?
Low risk DeFi can't be the revenue engine for @ethereum if low risk DeFi does not exist. (Other than a couple of OG protocols like Uniswap)
EF is already doing plenty to make the core protocol more secure. Next step is including DeFi too, like Solana has https://t.co/d5qdz99E2S
Solana was built for security. As the ecosystem scales, so does our investment in the tools, standards, and support.
Today that commitment deepens with a new security program, active monitoring, formal verification for top protocols, and a new crisis response network.
Learn more 👇
@DefiIgnas this is literally the opposite of what crypto promised (no middlemen, permissionless access)
now middlemen will frontrun transactions, with their priority levels depending on how wealthy they are
no wonder this hasn't been tried out before
For one, I believe that audits (for code bugs) are one of the things that DeFi does get right.
And better audits or formal verification wouldn't have prevented most of the recent exploits:
Resolv, Drift > private key compromise + lack to timelock and other circuit breakers
Venus Protocol > economic attack, flagged by audits but ignored
Aperture Finance, Solv > bugs in unaudited contracts
Makina Finance > vault logic compromise, OOS for audits
In TradFi, companies are mandated to do thorough risk management by law. In DeFi, we're not. Solution? More social consensus that DeFi needs to learn to take better care of its risks. This already works with code audits - everyone believes that a protocol that doesn't have code reviewed by security experts can't be taken seriously. It also works for L2s because we have @l2beat.
Comparably, we don't have nearly as good insight into the admin control levels of major DeFi protocol deployments. Similarly, we know far more about how to exit L2s in times of crisis than how to exit major DeFi protocols if/when their admin decides to do something funky.
EF doesn't need to pick and choose some favorite protocols. But it would be nice to recognize that there's a crisis in "low-risk" DeFi and push for a more principled approach, where risk management goes beyond looking for bugs in the code.
For one, I believe that audits (for code bugs) are one of the things that DeFi does get right.
And better audits or formal verification wouldn't have prevented most of the recent exploits:
Resolv, Drift > private key compromise + lack to timelock and other circuit breakers
Venus Protocol > economic attack, flagged by audits but ignored
Aperture Finance, Solv > bugs in unaudited contracts
Makina Finance > vault logic compromise, OOS for audits
In TradFi, companies are mandated to do thorough risk management by law. In DeFi, we're not. Solution? More social consensus that DeFi needs to learn to take better care of its risks. This already works with code audits - everyone believes that a protocol that doesn't have code reviewed by security experts can't be taken seriously. It also works for L2s because we have @l2beat.
Comparably, we don't have nearly as good insight into the admin control levels of major DeFi protocol deployments. Similarly, we know far more about how to exit L2s in times of crisis than how to exit major DeFi protocols if/when their admin decides to do something funky.
EF doesn't need to pick and choose some favorite protocols. But it would be nice to recognize that there's a crisis in "low-risk" DeFi and push for a more principled approach, where risk management goes beyond looking for bugs in the code.
mostly two reasons:
- realization that LVR is only small part of what makes onchain liquidity challenging (vindication for us who said it all along)
- realization that AMMs are typically money sinks, not money generators (vindication for OB folks)
https://t.co/dL15svZ7gl
Do you know why you don't hear about LVR anymore? Because everyone lost.
@mud2monarch Good point. I said most hooks because i expect that most teams want some kind of beforeSwap/afterSwap logic, not custom delra accounting. The former should now be picked up automatically
Uniswap UI will finally pick up new hooks automatically.
This used to be a big friction point for teams looking to build on top of v4. Hooks were permissionless, but getting orderflow was not. Now most new hooks will be autorouted. https://t.co/zFCNzd82iG
Today we're launching hook auto-routing on the Uniswap Web App, Wallet, and API
That means no more allowlist process
Build your hook, deploy your pool, get distribution from day one
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers