Summary
Some of the largest exchange rate markets on Morpho are vulnerable to positive-price-swing attacks. Yield-bearing assets like LRTs and LSTs have expected ceilings on yield, but currently, Morpho markets don’t take this into account. If an oracle incorrectly reports that the value of a yield-bearing token is much higher than its yield accounts for, current market configurations will take the oracle at its word and allow for collateral to be valued higher than it’s supposed to. Improperly valued collateral can lead to incredibly dangerous scenarios where bad debt accumulates and markets get drained.
We propose creating a chainlink-interface-compatible “Risk Engine” factory for yield-bearing liquid tokens like LRTs, LSTs, and yield-stables. Risk curators on Morpho can use this factory to generate a new smart contract that will query the underlying oracle of their choice, compare the oracle’s price to the expected appreciation of the asset over time, and limit the oracle to that appreciation. The resulting contracts can be used as input for the Morpho oracle factory.
For example, stETH has an average APY of ~3%. So, we can put an upper limit of 3% per year:
Year 0 - Upper Limit: 1ETH
- Oracle Price: 1 stETH/1 ETH
- Adjusted Price: 1 stETH/1 ETH
Year 1 - Upper Limit: 1.03 ETH
- Oracle Price: 1 stETH/1.0298 ETH
- Adjusted Price: 1 stETH/1.0298 ETH (slightly under limit)
Year 2 - Upper Limit: 1.0609 ETH
- Oracle Price: 1 stETH/1.08 ETH
- Adjusted Price: 1 stETH/1.0609 ETH (above limit)
Scope & Features
- Risk Engine factory: allows for risk curators to choose their parameters and oracle of choice
- Yield interfaces: custom interfaces for each yield asset being supported
- Core assets: start with support for low-risk rated yield tokens: wstETH, weETH.
- Additional assets: add support for popular yield tokens on Morpho:
- SUSDS
- SUSDE
- RETH
- RSETH
- EZETH
- Immutability: the Ojo team will not have control over the factory once it is deployed.
- Oracle-agnostic support: support for major oracles currently used by the Morpho DAO
Scalability
- New assets: this framework can be expanded to support new assets by adding new interfaces.
- Configurability: if the yield on a token dramatically changes, risk curators can decide on new parameters and create a new market.
- Testing: We will test price swing responses to ensure the upper limits are enforced.
- Permissionless deployments: risk curators can deploy new instances without having to contact the Ojo team.
- Documentation: the Ojo team will create detailed documentation to help Risk Curators implement.
Open Source
This Risk Engine will be open-sourced under soft copyleft MPL-2.0. This ensures any modifications to the original code remain publicly available.
Collaboration + Support
The Ojo team will ask for feedback from risk curators on Morpho to ensure the design meets the needs of both the Morpho DAO and risk curators. Curators will decide their own parameters as they deem appropriate. We are already collaborating with Gauntlet on the relevant design.
Alignment with Morpho
This Risk Engine strengthens Morpho by giving risk curators another tool in their belt to keep their vaults safe. By reducing the risk of overpriced collateral, they can protect users against panic-causing oracle attacks and market manipulation. Risk curators may also be more comfortable listing new yield-bearing tokens, resulting in more revenue and TVL for the Morpho protocol.
Audits
The Ojo team will engage at least 2 independent auditors to ensure the design works as intended for all the associated tokens.
Disclaimer
All software, code, or deliverables provided by Ojo to Morpho DAO are furnished on an “as is” and “as available” basis, with no representations or warranties of any kind, whether express, implied, or statutory. See our full Terms of Service in a comment below.
Schedule
We are proposing both a software development cycle and some time for technical support to help Morpho Risk Curators integrate.
- Week 1: core factory contract development
- Week 2: support for core assets (wstETH & weETH)
- Week 3-4: support for additional assets (SUSDS, SUSDE, etc)
- Week 5-8: audits & deployment
- Week 9: technical support
Funding Request
We are requesting $100,000 for this proposal, calculated by a 7-day TWAP from the time of disbursement, with the following release schedule:
- 50% upon governance approval
- 50% upon deployment
Funding will be used for R&D, thorough audits, and deployment costs.