Web3 Breakdowns Ep 47 - Nick Cannon: Risk Management in DeFi
Primer: Today, we have Nick Cannon, VP of Growth at Gauntlet, to explain to us what actually happened during the Mango Markets attack. He shares how Gauntlet assesses and manages risk, how they work with clients, and his views on ETH staking.
Background
Played poker for a decade
Had both a FinTech and a DeFi startup before joining Gauntlet
Currently VP of Growth at Gauntlet
Is The FTX Bankruptcy Good Or Bad For DeFi?
The FTX bankruptcy is a CeFi story
DeFi and DEXes are operating as usual
On DeFi
Sectors Of DeFi
3 main sectors:
DEXes
Lending protocols
Stablecoin protocols
In the longer tail of things, you have traditional finance options, futures, exchanges, derivatives, etc.
How Does DeFi Handle Credit Financing?
Credit financing is difficult because DeFi does not know who is using the protocols
TradFi is more capital efficient in this area
On Mango
What Is Mango
A cross-collateralized spot margin and perpetual future market
The Attack On Mango
Account A gets funded with $5 million USDC
They open up a position to sell 483 million units of Mango perpetual futures at about 3 cents. This is 3X leverage worth about $15 million
A few minutes later, account B is funded with $5 million USDC to buy those 483 million units
Shortly after, the centralized spot markets, which is where the price feeds are read into Mango Markets, begin to spike
With the unrealized gains, they borrow $115 million of all the assets
The assets are withdrawn off the platform and the price subsequently collapses
Account B has made off with 9 figures
The Identity Of The Attacker
The attacker announced their profitable trading strategy on Twitter because they were doxxed through other chats and Discord channels
They made a governance proposal with some of the stolen mango token to relieve them of all of their liabilities
This was voted down. They did not have enough quorum to push the vote over the edge
The Insurance Fund
The insurance fund is largely denominated with the native governance token
There’s a number of reasons for this:
Tough to decentralize/actively manage an insurance fund
There isn’t a CFO and Board checking the liabilities
Lack of derivatives that Mango could buy on-chain to manage their book
Takeaway For Other DAOs
The Mango Markets attack created awareness for such mega squeeze attacks
Someone with a billion dollars on a very illiquid token could cause such problems again
This could be done on a lot of places, as long as the attacker has enough money
Supply caps and position limiting could be used to mitigate such attacks:
Supply caps: Making sure that people can’t borrow or supply past a certain limit
Position limiting: Preventing cross-margining and touching all other assets on the platform
How Do They Implement Their Recommendations
Besides them, development teams have built in mechanisms and parameters into the protocols
At their end, they prioritize those supply caps and run simulations on the supported assets
Gauntlet is throttled by governance. Wants to push faster paths for governance
TradFi has a lot of circuit breakers that can turn off positions quickly
In contrast, DeFi governance is slow. It takes 3-7 days to have a proposal be put up for a vote. There’s voter apathy too
How Do People Bootstrap Their Protocols?
When someone launches a token, they lower the capital requirements for bootstrapping the protocol
Have seen this pattern a lot
When liabilities and risk pile up, without the liquidity for that governance token, the protocol will end up in a predicament
Gauntlet
What Is Gauntlet?
A simulation and financial modeling platform for DeFi protocols and DAOs
Their flagship product is risk management where they run agent-based simulations off-chain to inform protocol governance on-chain
Their Thoughts On Safety
Wants DeFi to be as boring as possible
“I want DeFi to be as boring as email.”
- Nick Cannon
Want people to experiment and understand the general risks
People don’t have to be quants or math majors to understand what they are doing
Exploring patterns and attacks that could become new primitives in DeFi
Building better products to drive more impact in risk-adjusted returns and capital efficiency
Working With Protocols
They approach communities where they can drive some impact and where their risk management models could be applied to
They don’t touch smart contract or audit risk
They focus on market risk
They turn down 80-90% of the projects that approach them. They have limited resources and want to be super selective and have skin in the game
They are paid in governance tokens, so their interests are aligned
How Do They Feel As A Third Party That’s On A Contract?
Everyone is becoming a third party, including the core teams building the protocol
Are They Held Accountable If Something Bad Happens?
Have spun up something called insolvency refunds:
Take 30% of their payment and put it into vault
If any of Gauntlet’s risk parameter recommendations caused insolvencies or user losses, it goes back to the client
Growth
Still in a growth mode and figuring things out
Bridges, layer 2s, etc. makes it more complicated
Moving quick is not always the right answer
His View On DeFi Attacks
He cares about the growth of the sector
Have to make sure we do things right
Incentive Optimization For ETH Staking
There are liquid staking derivatives of staked ETH
People’s concern of recursive borrowing of staked ETH are largely misunderstood
Liquid staking derivatives like staked ETH aren’t pegged to ETH. They are trying to track ETH, earn that yield, and give liquidity back to users
If there’s a large drawdown, cascading liquidations will be very bad. They are working to mitigate it as much as possible
Would A Lack Of Liquidity Result In The Breaking Of The Business Model?
If there’s no one tuning the collateral requirements, then people will be in a bad spot
What protocols could do is to incentivize the staked ETH/ETH pair on DEXes
Gauntlet’s Recommendations To SushiSwap
SushiSwap has implemented 612 recommendations from Gauntlet across multiple pools
SushiSwap realized that they are spending too much on bootstrapping new pools, but didn’t have a lot of data on it
When people LP on SushiSwap, they are incentivized with the SUSHI token
What SushiSwap wanted to know is how they can make sure LPs keep their liquidity on their platform
What Excites Him
Core teams decentralizing to a community
More people are starting to participate
The transparency and composability of the space will be cutting out a lot of middlemen bureaucracy
All information presented above is for educational purposes only and should not be taken as investment advice. Summaries are prepared by The Reading Ape. While reasonable efforts are made to provide accurate content, any errors in interpreting and summarizing the source material are ours alone. We disclaim any liability associated with the use of our content.