Abstract
Lending pools are decentralized applications which allow mutually untrusted users to lend and borrow crypto-assets. These applications feature complex, highly parametric incentive mechanisms to equilibrate the loan market. This complexity makes the behaviour of lending pools difficult to understand and to predict: indeed, ineffective incentives and attacks could potentially lead to emergent unwanted behaviours. Reasoning about lending pools is made even harder by the lack of executable models of their behaviour: to precisely understand how users interact with lending pools, eventually one has to inspect their implementations, where the incentive mechanisms are intertwined with low-level implementation details. Further, the variety of existing implementations makes it difficult to distill the common aspects of lending pools. We systematize the existing knowledge about lending pools, leveraging a new formal model of interactions with users, which reflects the archetypal features of mainstream implementations. This enables us to prove some general properties of lending pools, and to precisely describe vulnerabilities and attacks. We also discuss the role of lending pools in the broader context of decentralized finance and identify relevant research challenges.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
ERC-20 token standard (2015). https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20.md
Understanding the DAO attack, June 2016. http://www.coindesk.com/understanding-dao-hack-journalists/
Parity Wallet security alert, July 2017. https://paritytech.io/blog/security-alert.html
A Postmortem on the Parity Multi-Sig library self-destruct, November 2017. https://goo.gl/Kw3gXi
Aave maximum liquidation amount (2020). https://github.com/aave/aave-protocol/blob/efaeed363da70c64b5272bd4b8f468063ca5c361/contracts/lendingpool/LendingPoolLiquidationManager.sol#L181
Aave v1 flashloan receiver interface (2020). https://github.com/aave/aave-protocol/blob/efaeed363da70c64b5272bd4b8f468063ca5c361/contracts/flashloan/interfaces/IFlashLoanReceiver.sol#L11
Aave v1 implementation (2020). https://github.com/aave/aave-protocol/tree/efaeed363da70c64b5272bd4b8f468063ca5c361
Aave v1 simplified interest (2020). https://github.com/aave/aave-protocol/blob/efaeed363da70c64b5272bd4b8f468063ca5c361/contracts/libraries/CoreLibrary.sol#L423
Aave valuation of atokens (2020). https://github.com/aave/aave-protocol/blob/efaeed363da70c64b5272bd4b8f468063ca5c361/contracts/lendingpool/LendingPoolDataProvider.sol#L114
Akropolis Defi attack (2020). https://cryptonews.com/news/defi-akropolis-drops-20-following-a-usd-2m-heavy-hack-8299.htm
bzx fulcrum website (2020). https://fulcrum.trade
Coindesk: Value DeFi attack (2020). https://www.coindesk.com/value-defi-suffers-6m-flash-loan-attack
Compound comptroller setter (2020). https://github.com/compound-finance/compound-protocol/blob/a5591d5f9a7f6f7ad3601ec89b126a8c2af159f6/contracts/CToken.sol#L1152
Compound implementation (2020). https://github.com/compound-finance/compound-protocol/tree/a5591d5f9a7f6f7ad3601ec89b126a8c2af159f6
Compound maximum liquidation amount (2020). https://github.com/compound-finance/compound-protocol/blob/a5591d5f9a7f6f7ad3601ec89b126a8c2af159f6/contracts/ComptrollerG5.sol#L510
Compound oracle attack (2020). https://news.bitcoin.com/100-million-liquidated-on-defi-protocol-compound-following-oracle-exploit
Compound simplified interest (2020). https://github.com/compound-finance/compound-protocol/blob/a5591d5f9a7f6f7ad3601ec89b126a8c2af159f6/contracts/CToken.sol#L423
Compound valuation of ctokens (2020). https://github.com/compound-finance/compound-protocol/blob/a5591d5f9a7f6f7ad3601ec89b126a8c2af159f6/contracts/ComptrollerG5.sol#L753
dydx website (2020). https://dydx.exchange
Harvest Finance flashloan attack post-mortem (2020). https://medium.com/harvest-finance/harvest-flashloan-economic-attack-post-mortem-3cf900d65217
Makerdao website (2020). https://makerdao.com
Origin Dollar attack (2020). https://cryptonews.com/news/4th-major-defi-hack-in-a-month-origin-dollar-loses-usd-7m-8331.htm
Uniswap oracle template (2020). https://github.com/Uniswap/uniswap-v2-periphery/blob/dda62473e2da448bc9cb8f4514dadda4aeede5f4/contracts/examples/ExampleOracleSimple.sol
Aave markets website (2021). https://app.aave.com/markets
Aave website (2021). https://www.aave.com
Compound markets website (2021). https://compound.finance/markets
Compound website (2021). https://www.compound.finance
Curve statistics (2021). https://www.curve.fi/dailystats
Curve website (2021). https://www.curve.fi
Defi pulse website (2021). https://defipulse.com
Starkware (2021). https://starkware.co/
Tornado (2021). https://tornado.cash/
Uniswap statistics (2021). https://info.uniswap.org
Uniswap website (2021). https://www.uniswap.org
Angeris, G., Chitra, T.: Improved price oracles: Constant function market makers. arXiv preprint arXiv:2003.10001 (2020), https://arxiv.org/abs/2003.10001
Angeris, G., Kao, H.T., Chiang, R., Noyes, C., Chitra, T.: An analysis of uniswap markets. Cryptoeconomic Systems Journal (2019). https://ssrn.com/abstract=3602203
Arusoaie, A.: Certifying Findel derivatives for blockchain. J. Logical Algebraic Methods Programm. 121, 100665 (2021). https://doi.org/10.1016/j.jlamp.2021.100665
Atzei, N., Bartoletti, M., Cimoli, T.: A survey of attacks on ethereum smart contracts (SoK). In: Maffei, M., Ryan, M. (eds.) POST 2017. LNCS, vol. 10204, pp. 164–186. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54455-6_8
Bartoletti, M., Bracciali, A., Lepore, C., Scalas, A., Zunino, R.: A formal model of Algorand smart contracts. In: Financial Cryptography (2021). (to appear) https://arxiv.org/abs/2009.12140
Bartoletti, M., Zunino, R.: BitML: a calculus for Bitcoin smart contracts. ACM CCS (2018). https://doi.org/10.1145/3243734.3243795
Buterin, V.: Ethereum: a next generation smart contract and decentralized application platform (2013). https://github.com/ethereum/wiki/wiki/White-Paper
Cao, Y., Zou, C., Cheng, X.: Flashot: a snapshot of flash loan attack on DeFi ecosystem. arXiv preprint arXiv:2102.00626 (2021). https://arxiv.org/abs/2102.00626
Baum, C., David, B., Frederiksen, T.: P2DEX: Privacy-Preserving Decentralized Cryptocurrency Exchange. Cryptology ePrint Archive, Report 2021/283 (2021). https://eprint.iacr.org/2021/283
Cecchetti, E., Yao, S., Ni, H., Myers, A.C.: Compositional Security for Reentrant Applications. arXiv preprint arXiv:2103.08577 (2021). http://arxiv.org/abs/2103.08577
Chitra, T.: Competitive equilibria between staking and on-chain lending. arXiv preprint arXiv:2001.00919 (2019). https://arxiv.org/abs/2001.00919
Chitra, T., Evans, A.: Why stake when you can borrow? Available at SSRN 3629988 (2020). http://dx.doi.org/10.2139/ssrn.3629988
Daian, P., et al.: Flash boys 2.0: Frontrunning in decentralized exchanges, miner extractable value, and consensus instability. In: IEEE Symposium on Security and Privacy, pp. 910–927. IEEE (2020). https://doi.org/10.1109/SP40000.2020.00040
Darlin, M., Papadis, N., Tassiulas, L.: Optimal bidding strategy for maker auctions. arXiv preprint arXiv:2009.07086 (2020). https://arxiv.org/abs/2009.07086
Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)
Eskandari, S., Moosavi, S., Clark, J.: SoK: transparent dishonesty: front-running attacks on blockchain. In: Bracciali, A., Clark, J., Pintore, F., Rønne, P.B., Sala, M. (eds.) FC 2019. LNCS, vol. 11599, pp. 170–189. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-43725-1_13
Gu, W.C., Raghuvanshi, A., Boneh, D.: Empirical measurements on pricing Oracles and decentralized governance for stablecoins. Available at SSRN 3611231 (2020). http://dx.doi.org/10.2139/ssrn.3611231
Gudgeon, L., Pérez, D., Harz, D., Livshits, B., Gervais, A.: The decentralized financial crisis. In: Crypto Valley Conference on Blockchain Technology (CVCBT), pp. 1–15. IEEE (2020). https://doi.org/10.1109/CVCBT50464.2020.00005
Gudgeon, L., Werner, S., Perez, D., Knottenbelt, W.J.: Defi protocols for loanable funds: Interest rates, liquidity and market efficiency. In: ACM Conference on Advances in Financial Technologies, pp. 92–112 (2020). https://doi.org/10.1145/3419614.3423254
Qin, K., Zhou, L., Gervais, A.: Quantifying Blockchain Extractable Value: How dark is the forest? arXiv preprint arXiv:2101.05511 (2021). https://arxiv.org/abs/2101.05511
Kao, H.T., Chitra, T., Chiang, R., Morrow, J.: An Analysis of the Market Risk to Participants in the Compound Protocol https://scfab.github.io/2020/FAB2020_p5.pdf
Bartoletti, M., Chiang, J.H., Lluch-Lafuente, A.: SoK: Lending Pools in Decentralized Finance. arXiv preprint arXiv:2012.13230 (2020). https://arxiv.org/abs/2012.13230
Bartoletti, M., Chiang, J.H., Lluch-Lafuente, A.: A theory of Automated Market Makers in DeFi. arXiv preprint arXiv:2102.11350 (2021). https://arxiv.org/abs/2102.11350
Moin, A., Sekniqi, K., Sirer, E.G.: SoK: a classification framework for stablecoin designs. In: Bonneau, J., Heninger, N. (eds.) FC 2020. LNCS, vol. 12059, pp. 174–197. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-51280-4_11
Perez, D., Werner, S.M., Xu, J., Livshits, B.: Liquidations: Defi on a knife-edge. In: Financial Cryptography (2021). (to appear) https://arxiv.org/abs/2009.13235
Qin, K., Zhou, L., Livshits, B., Gervais: Attacking the DeFi Ecosystem with Flash Loans for Fun and Profit. In: Financial Cryptography (2021). (to appear) https://arxiv.org/abs/2003.03810
Lamela Seijas, P., Thompson, S.: Marlowe: financial contracts on blockchain. In: Margaria, T., Steffen, B. (eds.) ISoLA 2018. LNCS, vol. 11247, pp. 356–375. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03427-6_27
Tolmach, P., Li, Y., Lin, S.W., Liu, Y.: Formal analysis of composable DeFi protocols. In: 1st Workshop on Decentralized Finance (2021), (to appear) https://arxiv.org/abs/2103.00540
Vandin, A., Giachini, D., Lamperti, F., Chiaromonte, F.: Automated and Distributed Statistical Analysis of Economic Agent-Based Models. arXiv preprint arXiv:2102.05405 (2021) https://arxiv.org/abs/2102.05405
Wang, D., et al.: Towards understanding flash loan and its applications in defi ecosystem. arXiv preprint arXiv:2010.12252 (2020). https://arxiv.org/abs/2010.12252
Wang, Y.: Automated market makers for decentralized finance (defi). arXiv preprint arXiv:2009.01676 (2020). https://arxiv.org/abs/2009.01676
Werner, S.M., Perez, D., Gudgeon, L., Klages-Mundt, A., Harz, D., Knottenbelt, W.J.: Sok: Decentralized Finance (DeFi). arXiv preprint arXiv:2101.08778 (2021), https://arxiv.org/abs/2101.08778
Zhou, L., Qin, K., Torres, C.F., Le, D.V., Gervais, A.: High-Frequency Trading on Decentralized On-Chain Exchanges. arXiv preprint arXiv:2009.14021 (2020). https://arxiv.org/abs/2009.14021
Acknowledgements
Massimo Bartoletti is partially supported by Conv. Fondazione di Sardegna & Atenei Sardi project F74I19000900007 ADAM. James Hsin-yu Chiang is supported by the PhD School of DTU Compute. Alberto Lluch Lafuente is partially supported by the EU H2020-SU-ICT-03-2018 Project No. 830929 CyberSec4Europe (cybersec4europe.eu).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 International Financial Cryptography Association
About this paper
Cite this paper
Bartoletti, M., Chiang, J.Hy., Lafuente, A.L. (2021). SoK: Lending Pools in Decentralized Finance. In: Bernhard, M., et al. Financial Cryptography and Data Security. FC 2021 International Workshops. FC 2021. Lecture Notes in Computer Science(), vol 12676. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-63958-0_40
Download citation
DOI: https://doi.org/10.1007/978-3-662-63958-0_40
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-63957-3
Online ISBN: 978-3-662-63958-0
eBook Packages: Computer ScienceComputer Science (R0)