Liquidity Providers' Risks

General risks

Smart contract risk

Smart contract risk is a general risk when using DeFi protocols, including Balancer, which is the base code of Moai Finance. Smart contracts are self-executing pieces of code that run on certain blockchains. Although they are designed to be secure, they can be vulnerable to bugs and exploits.

If there is a flaw in the smart contract code, it can be exploited by attackers to steal funds from the protocol. This can result in the loss of funds for liquidity providers and swappers who are using the protocol. Smart contract risk is a major risk for all DeFi users, and it is important to carefully evaluate the security of the protocols before using them.

The Balancer Vault

The main architectural change between Balancer V1 and Balancer V2 is the transition to a single vault that holds and manages all the assets added by all Balancer pools. This separates the AMM logic from the token management and accounting. Token management/accounting is done by the vault while the AMM logic is individual to each pool. This provides many advantages, including flexibility and gas efficiency.

One critique of this approach is that the Balancer Vault could be a single point of failure—i.e. hack the vault, and get all the tokens of the protocol. This Balancer Vault architecture was heavily audited prior to launch and has now been battle-tested since May 2021, securing over $3b. It has also been forked by other teams across different networks, including Beethoven X on Fantom, without issue.

How does Balancer work to mitigate this risk?

  • Development teams have engaged with top-tier smart contract auditing firms to identify and fix bugs before deployment.

  • The core of Balancer smart contracts is immutable and do not use proxies or other upgrade mechanisms. Note: Within DeFI, upgradable contracts are a major way exploits have been introduced.

  • In addition, Balancer has a bug bounty program via Immunefi to attract white-hat hackers to responsibly disclose any bugs. Rewards are distributed based on threat level—for critical smart contract vulnerabilities, there is a minimum reward of 250 ETH and a maximum reward of 1,000 ETH.

How can LPs mitigate this risk?

  • LPs should carefully research and use DeFi protocols that are battle-tested with a history of functioning as intended while securing large amounts of assets.

  • To diversify risk, LPs may consider not placing all their tokens into a single protocol.

Mechanism / Economic Risk

A mechanism or economic exploit of a DeFi protocol occurs when an attacker can manipulate the economic incentives of the protocol to their advantage, resulting in a loss of funds for other participants. This can happen even when there are no smart contract bugs or other unintended logic errors.

For example, an attacker could take advantage of a liquidity pool's pricing mechanism to intentionally cause the price of an asset to deviate from its true value, allowing them to buy or sell that asset at a profit.

In addition, the composable nature of DeFi means that a pool on Balancer may contain tokens that may be manipulated by an attacker on a third-party protocol, which further increases risk.

These types of economic exploits are difficult to detect and prevent.

How do we work to mitigate this risk?

  • Balancer strives to deliver careful economic modeling, rigorous mechanism design, testing, and audits by top-tier auditing firms.

How can LPs mitigate this risk?

  • LPs should carefully research and use DeFi platforms that are battle-tested with a history of functioning as intended while securing large amounts of assets.

Toxic pool token risk

A liquidity pool is only as good as its weakest token. This is because liquidity pools typically sell the winners (tokens moving up in price) and accumulate the losers (tokens moving down in price). If a pool contains a toxic token, the value of the BPT (LP tokens) of the liquidity pool could go to zero. This is the case even if the other pool tokens remain good and would otherwise not be affected.

A toxic token could be seeded into a liquidity pool by a malicious pool creator or an otherwise good token could become toxic (similar to Terra’s stablecoin UST).

Tokens that could become problematic for LPs:

  • Unsupported tokens on Balancer Protocol, including:

    • Tokens with transfer fees

    • Proxy tokens with double entry points

    • Tokens with more than 18 decimal points

    • Rebasing tokens

  • Tokens that become toxic, including:

    • Tokens that are infinitely minted

    • Tokens that become frozen or exploited in any other way

    • Stablecoins that lose their peg

Rebasing tokens

Rebasing tokens are a type of cryptocurrency that adjusts the supply of the token based on a predetermined formula. This formula is usually designed to keep the price of the token stable relative to some external metric, such as the price of a particular asset or a specific index. When the external metric changes, the token supply is adjusted, which in turn affects the price of the token.

For example, if a rebasing token is designed to maintain a price of $1 per token and the price of the external asset goes up by 10%, the token supply would decrease by 10% to maintain the $1 price point. Similarly, if the external asset price goes down by 10%, the token supply would increase by 10%.

DeFi composability risks

DeFi composability refers to the ability of different DeFi protocols and applications to work together seamlessly in endless combinations, allowing developers to create more complex financial transactions and applications. This is sometimes referred to as DeFi lego building blocks since they can be combined and connected to create interesting new structures and applications.

While composability offers many benefits, layering protocols and applications on top of each other comes with additional risks. For example, risks get compounded when multiple protocols are composed together, as a vulnerability in one contract could impact others. The interconnectivity of DeFi protocols can amplify risks, turning isolated incidents into systemic threats. For example, if a major protocol fails or suffers from an exploit, it could lead to a domino effect, impacting other protocols and users in the ecosystem.

Other risks could cascade if a protocol within a composability stack has a liquidity crisis, an unfavorable governance decision, or a regulatory outcome.

DAO Governance risk

Moai Finance uses off-chain voting mechanisms to signal the will of veMOI token holders (vote-escrow MOI). This off-chain voting is done via Snapshot.

A summary of the immutability of the Balancer Protocol’s smart contracts:

  • Balancer V1 contracts are immutable, so there were no core protocol parameters that could be changed.

  • Balancer V2 contracts do allow for some tweaking of core protocol parameters, including the ability to:

    • Set a share of swap fees to be diverted to the protocol (hard-capped at 50% of the swap fee)

    • Set a Flash Loan fee

    • Extract from the vault collected protocol fees and/or excess balances (e.g. airdrops), to any destination

    • Set the address of the Oracle implementation

    • Set relayer addresses: relayers are (user opt-in, audited) contracts that can make calls to the vault (with the transaction “sender” being any arbitrary address) and use the sender’s ERC20 vault allowance, internal balance or BPTs on their behalf

    • Set dynamic-fee controllers: addresses (initially assigned to Gauntlet) that may change the swap fee for pools created by the dynamic-fee pool factory that will be deployed by Balancer Labs

    • Add and remove veMOI gauges

Note: The system of Moai Finance Governance may change in the future. For example, Balancer community members have expressed interest in moving from Multisig towards on-chain governance execution by veMOI token holders.

The main risk with this setup consists of off-chain voting executed by MultiSigs:

  • The Multisig signer set could go rogue and disregard the decision made by veMOI holders in the off-chain voting.

  • The Multisig signer set could mistakenly execute the wrong instruction without malice.

  • An individual or an entity could acquire substantial veMOI and vote against the interests of the majority of the community.

How do we aim to mitigate this risk:

  • The core of smart contracts is immutable and does not use proxies or other upgrade mechanisms. Only parameters, which are considered to be less ‘dangerous’ may be tweaked.

  • The Multisig does not have custody of, nor control over, funds from liquidity providers locked inside Balancer Protocol contracts. Balancer V2 was designed so that even if a multisig goes rogue, all the liquidity is safe and can be withdrawn by their rightful owners.

How LPs can mitigate this risk:

  • LPs should stay up to date with Governance by following discussions on the forum and participating in the off-chain voting.

  • LPs may review past votes and verify that the DAO Multisig has executed outcomes accurately.

Flash Loans risk

A Flash Loan is a type of loan where a user borrows assets with no upfront collateral and returns the borrowed assets within the same blockchain transaction. Flash Loans use smart contracts which require that a borrower repay the loan before the transaction ends. They are typically used for arbitrage opportunities, collateral swaps and to lower transaction fees, across potentially multiple protocols. It’s a powerful new financial primitive, native to DeFi.

Flash Loans may be used on Moai Fiannce and interact with the Vault.

While Flash Loans offer many benefits, they also come with certain risks. Flash Loans have also been used for multiple DeFi exploits resulting in losses worth millions of dollars. Flash Loan exploits are relatively new with the full range of attack surfaces still being discovered.

How do we aim to mitigate this risk:

  • The Balancer Vault is non-reentrant, which blocks most Flash Loan attacks.

  • Balancer strives to deliver careful economic modeling, rigorous mechanism design, testing, and audits by top-tier auditing firms.

Loss of funds on join/exit of a pool

Due to the high price impact

When joining a pool, LPs should be aware of the price impact of adding tokens to the pool. In general, adding liquidity in proportional amounts to the token weights of the pool incurs a low price impact. Adding custom token amounts (non-proportionally) causes the internal prices of the pool to change as if you were swapping tokens. The higher the price impact the more you'll spend in swap fees.

Due to slippage

LPs should also consider the effect of slippage when adding liquidity to a pool. Slippage occurs when market conditions change between the time your order is submitted and the time it gets executed on the network. Slippage tolerance is the maximum change in price you are willing to accept.

Slippage tolerance is a setting in both the Add/Remove liquidity flows on the Moai Finance App UI. Setting a low slippage tolerance protects you from front-running bots and miner extractable value (MEV).

Due to high Gas fees

Gas on The Root Network refers to the unit that measures the amount of computational effort required to execute specific operations. Gas fees in The Root Network are the transaction costs users pay to have their transactions processed and validated by the network's miners. Gas fees vary depending on network congestion, transaction complexity, and the amount of gas a user is willing to pay.

Gas fees can be particularly high during periods of network congestion. As a result, LPs might face increased costs when adding or removing liquidity, making adjustments to their positions, or claiming liquidity mining incentives. If the gas fees are higher than the returns they get from providing liquidity, LPs may end up with a net loss.

How we aim to mitigate this risk:

  • The Moai Finance Smart Order router is used to route liquidity efficiently via pools to minimize price impact.

  • The Moai Finance App UI gives LPs control over their slippage settings.

  • LPs are warned via the Moai Finance App UI when the price impact is excessive. Once price impact exceeds a certain threshold, the Moai Finance App UI prevents users from executing a transaction where they would otherwise get rekt.

How LPs can mitigate this risk:

  • Users should review their slippage settings and potential price impact before adding or removing liquidity.

  • Users should also review gas prices and the potential gas fee before any transaction. This information is usually provided by their wallet provider.

Impermanent loss

Impermanent loss is a risk that liquidity providers (LPs) face when providing liquidity to an automated market maker (AMM) like Moai Finance. It is the difference between the value of holding assets in a pool versus holding them outside of the pool.

If the price of the assets in the pool changes, LPs may experience a loss compared to holding the assets outside of the pool. This can happen because the AMM algorithm rebalances the pool to maintain a constant ratio of the assets in the pool. If the price of one asset increases, the algorithm will sell some of that asset and buy more of the other asset to maintain the ratio. This means that LPs will sell the asset that is increasing in price and buy the asset that is decreasing in price, resulting in a loss.

This risk is particularly relevant for pools with volatile assets where token prices are likely to diverge over time.

How can LPs mitigate this risk?

  • LPs should consider the risk of impermanent risk carefully before providing liquidity to a Balancer pool.

  • The longer an LP holds its position, the more likely it is that its yield from swap fees offset and exceed any impermanent loss, assuming the price divergence of the token prices isn’t extreme.

  • LPs may consider providing liquidity into pools with less likelihood of token price divergence. For example, stable pools or boosted pools.

  • LPs should consider providing liquidity in unbalanced pools, like 80/20 pools which result in less impermanent loss versus a 50/50 pool with the same underlying tokens.

User Interface (UI) risk

DeFi users, including liquidity providers and swappers, typically interact with front-end user interfaces to interact with a protocol’s smart contracts. An example is the front-end UI instance which interacts with Moai Finance smart contracts.

A few risks of using front-ends to manage liquidity positions in DeFi:

  • UIs may not always display timely, accurate data. This may be due to the use of third-party data services experiencing periods of downtime or network congestion.

  • UIs could be maliciously updated or exploited by rogue developers.

  • UIs may be updated and remove certain feature sets.

  • UIs may block certain wallet addresses or users in certain jurisdictions to comply with their regulations.

  • UIs may experience periods of downtime or potentially be discontinued. UIs may also be shut down or have access denied to users in certain jurisdictions.

How can LPs mitigate this risk?

  • LPs can learn how to interact with Moai Finance smart contracts on third-party websites, like Root Network Explorer.

  • To mitigate the risks of downtime or lack of access, users can fork the open-source code and run their local instance.

Regulatory risk

The regulatory frameworks applicable to blockchain transactions in connection with tokens and stablecoins are still developing and evolving. In addition, the increasing complexity of DeFi applications and their interactions can make it difficult to assess and regulate them effectively. This could potentially lead to increased regulatory scrutiny or even a regulatory crackdown, which could have negative consequences for participants, our efforts to mitigate risks, and the entire DeFi ecosystem.

It's also possible that the Balancer App UI may be wholly or partially suspended or terminated for no reason, which may limit your access to your tokens via this website. In this scenario, you may be able to recover funds by forking the open-source code on Github and running your local instance, or by using a third-party website, like Etherscan.

Pool type risks

Balancer is designed to be infinitely extendible to allow for any conceivable pool type with custom curves, logic parameters, and more. The general risks of the most popular pool types are listed below.

Weighted Pools

Weighted Pools use Weighted math, which makes them great for general cases, including tokens that don't necessarily have any price correlation (ex. DAI/WETH). Unlike weighted pools in other AMMs that only provide 50/50 weightings, Balancer Weighted Pools enable users to build pools with more than two tokens and custom weightings, such as pools with 80/20 or 60/20/20 weightings. Some risks of weighted pools include:

  • Impermanent loss on volatile non-correlated assets

    • See above for details of impermanent loss risks.

  • Toxic token risk

    • Balancer-weighted pools are not limited to just having two tokens. The more tokens in a pool, the more risk that one of these could become toxic.

Stable Pools

Loss of stablecoin peg

Stablecoins are tokens whose value is intended to be pegged or tied to that of another asset, which could be a currency, commodity, or financial instrument. There are many types of stablecoins, some are more risky than others depending on product design including evidence of reserves to support the peg in times of stress. Some example types of stablecoins include:

  • Peg is secured by real-world reserves

    • e.g. USDC secured by USD reserves

  • Peg is secured by other crypto assets

    • e.g. DAI secured by an over-collateralized basket of crypto assets

  • Peg is secured by smart contract algorithms

    • e.g. UST which aimed to be secured by algorithmic rebalances to reflect the peg.

Depegging occurs when a stablecoin loses its peg to the target asset. In stable pools, if a stablecoin depegs, LPs may incur losses. This is because liquidity pools typically sell the winners (tokens moving up in price) and accumulate the losers (tokens moving down in price). In the case of a USD-pegged stable pool, if an asset permanently loses its peg to $1 and goes down in value, the pool will sell any pegged assets and accumulate the asset that has lost its peg, leading to an overall loss of funds for LPs.

Composable Stable Pools & MetaStable Pools

Composable Stable Pools are designed for assets that are either expected to consistently trade at near parity or a known exchange rate. Composable Stable Pools use Stable Math (based on StableSwap, popularized by Curve) which allows for trades of significant size before encountering substantial price impact, vastly increasing capital efficiency for like-kind and correlated-kind swaps. They are ideal for:

  • Pegged Tokens: Tokens that trade near 1:1, such as two stablecoins of the same currency (eg: DAI, USDC, USDT), or synthetic assets (eg: renBTC, sBTC, WBTC)

  • Correlated Tokens: Tokens that trade near each other with some slowly changing exchange rate, like derivatives (eg: wstETH, wETH)

Note: Composable Stable Pools are a superset of all previous Stable-type pools (Stable Pools, MetaStable Pools, StablePhantom Pools, and StablePool v2) and therefore obsolete all previous pools.

Composable Stable Pools (including MetaStable Pools) carry all of the same risks as stable pools, including the potential depegging of constituent stablecoin tokens. In addition, there are risks associated with the involvement of rate providers.

Rate provider risk

Rate Providers are contracts that provide an exchange rate between two assets. These exchange rates can come from any on-chain source, whether that may be an oracle, a ratio of queryable balances, or another calculation.

This introduces risks around the rate provider being able to supply accurate and timely exchange rates between pool tokens.

Oracle risk

Oracles are data providers that supply external information to smart contracts. Oracles, like Chainlink, may be used to source exchange rates between pool tokens for a rate provider in Balancer MetaStable pools. The risks of using Oracles to supply exchange rates include:

  • Data accuracy: Oracles must provide accurate data for DeFi applications to function correctly. Inaccurate data can cause significant issues, such as incorrect pricing or faulty execution of smart contracts.

  • Data availability: If an oracle experiences downtime or fails to update its data feed, the DeFi applications relying on it might not function correctly or become temporarily unusable, leading to potential losses for users.

  • Latency: The time it takes for an oracle to fetch, process, and transmit data to a smart contract can impact the performance and efficiency of DeFi applications. High latency could lead to outdated data or missed opportunities.

  • Oracle manipulation: Bad actors might attempt to manipulate an oracle's data feed to influence the outcome of a smart contract or profit from price discrepancies. This can lead to unintended consequences, such as liquidations, loss of funds, or arbitrage opportunities for attackers.

  • Centralization risk: If an oracle relies on a centralized data source or a small number of data providers, it becomes a single point of failure. This centralization goes against the core principles of decentralization in the DeFi ecosystem and exposes the system to potential manipulation or downtime.

  • Exploitation of vulnerabilities: Oracles themselves can have security vulnerabilities, which, if exploited, can compromise the entire DeFi system relying on them.

Rate provider cross-chain bridge risk

Pools may use rate providers that are bridged between blockchain networks.

As Moai Finance is a multi-chain DEX, there will be different pools from different chains and the price will be reported by the bridges. In these pools, LPs are exposed to the risk of significant losses if an incorrect rate is received via the omnichain messaging service.

Last updated