Skip to main content
SpringerLink
Log in

SoK: Lending Pools in Decentralized Finance

  • Conference paper
  • First Online:
Financial Cryptography and Data Security. FC 2021 International Workshops (FC 2021)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12676))

Included in the following conference series:

Abstract

Lending pools are decentralized applications which allow mutually untrusted users to lend and borrow crypto-assets. These applications feature complex, highly parametric incentive mechanisms to equilibrate the loan market. This complexity makes the behaviour of lending pools difficult to understand and to predict: indeed, ineffective incentives and attacks could potentially lead to emergent unwanted behaviours. Reasoning about lending pools is made even harder by the lack of executable models of their behaviour: to precisely understand how users interact with lending pools, eventually one has to inspect their implementations, where the incentive mechanisms are intertwined with low-level implementation details. Further, the variety of existing implementations makes it difficult to distill the common aspects of lending pools. We systematize the existing knowledge about lending pools, leveraging a new formal model of interactions with users, which reflects the archetypal features of mainstream implementations. This enables us to prove some general properties of lending pools, and to precisely describe vulnerabilities and attacks. We also discuss the role of lending pools in the broader context of decentralized finance and identify relevant research challenges.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 99.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 129.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. ERC-20 token standard (2015). https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20.md

  2. Understanding the DAO attack, June 2016. http://www.coindesk.com/understanding-dao-hack-journalists/

  3. Parity Wallet security alert, July 2017. https://paritytech.io/blog/security-alert.html

  4. A Postmortem on the Parity Multi-Sig library self-destruct, November 2017. https://goo.gl/Kw3gXi

  5. Aave maximum liquidation amount (2020). https://github.com/aave/aave-protocol/blob/efaeed363da70c64b5272bd4b8f468063ca5c361/contracts/lendingpool/LendingPoolLiquidationManager.sol#L181

  6. Aave v1 flashloan receiver interface (2020). https://github.com/aave/aave-protocol/blob/efaeed363da70c64b5272bd4b8f468063ca5c361/contracts/flashloan/interfaces/IFlashLoanReceiver.sol#L11

  7. Aave v1 implementation (2020). https://github.com/aave/aave-protocol/tree/efaeed363da70c64b5272bd4b8f468063ca5c361

  8. Aave v1 simplified interest (2020). https://github.com/aave/aave-protocol/blob/efaeed363da70c64b5272bd4b8f468063ca5c361/contracts/libraries/CoreLibrary.sol#L423

  9. Aave valuation of atokens (2020). https://github.com/aave/aave-protocol/blob/efaeed363da70c64b5272bd4b8f468063ca5c361/contracts/lendingpool/LendingPoolDataProvider.sol#L114

  10. Akropolis Defi attack (2020). https://cryptonews.com/news/defi-akropolis-drops-20-following-a-usd-2m-heavy-hack-8299.htm

  11. bzx fulcrum website (2020). https://fulcrum.trade

  12. Coindesk: Value DeFi attack (2020). https://www.coindesk.com/value-defi-suffers-6m-flash-loan-attack

  13. Compound comptroller setter (2020). https://github.com/compound-finance/compound-protocol/blob/a5591d5f9a7f6f7ad3601ec89b126a8c2af159f6/contracts/CToken.sol#L1152

  14. Compound implementation (2020). https://github.com/compound-finance/compound-protocol/tree/a5591d5f9a7f6f7ad3601ec89b126a8c2af159f6

  15. Compound maximum liquidation amount (2020). https://github.com/compound-finance/compound-protocol/blob/a5591d5f9a7f6f7ad3601ec89b126a8c2af159f6/contracts/ComptrollerG5.sol#L510

  16. Compound oracle attack (2020). https://news.bitcoin.com/100-million-liquidated-on-defi-protocol-compound-following-oracle-exploit

  17. Compound simplified interest (2020). https://github.com/compound-finance/compound-protocol/blob/a5591d5f9a7f6f7ad3601ec89b126a8c2af159f6/contracts/CToken.sol#L423

  18. Compound valuation of ctokens (2020). https://github.com/compound-finance/compound-protocol/blob/a5591d5f9a7f6f7ad3601ec89b126a8c2af159f6/contracts/ComptrollerG5.sol#L753

  19. dydx website (2020). https://dydx.exchange

  20. Harvest Finance flashloan attack post-mortem (2020). https://medium.com/harvest-finance/harvest-flashloan-economic-attack-post-mortem-3cf900d65217

  21. Makerdao website (2020). https://makerdao.com

  22. Origin Dollar attack (2020). https://cryptonews.com/news/4th-major-defi-hack-in-a-month-origin-dollar-loses-usd-7m-8331.htm

  23. Uniswap oracle template (2020). https://github.com/Uniswap/uniswap-v2-periphery/blob/dda62473e2da448bc9cb8f4514dadda4aeede5f4/contracts/examples/ExampleOracleSimple.sol

  24. Aave markets website (2021). https://app.aave.com/markets

  25. Aave website (2021). https://www.aave.com

  26. Compound markets website (2021). https://compound.finance/markets

  27. Compound website (2021). https://www.compound.finance

  28. Curve statistics (2021). https://www.curve.fi/dailystats

  29. Curve website (2021). https://www.curve.fi

  30. Defi pulse website (2021). https://defipulse.com

  31. Starkware (2021). https://starkware.co/

  32. Tornado (2021). https://tornado.cash/

  33. Uniswap statistics (2021). https://info.uniswap.org

  34. Uniswap website (2021). https://www.uniswap.org

  35. Angeris, G., Chitra, T.: Improved price oracles: Constant function market makers. arXiv preprint arXiv:2003.10001 (2020), https://arxiv.org/abs/2003.10001

  36. Angeris, G., Kao, H.T., Chiang, R., Noyes, C., Chitra, T.: An analysis of uniswap markets. Cryptoeconomic Systems Journal (2019). https://ssrn.com/abstract=3602203

  37. Arusoaie, A.: Certifying Findel derivatives for blockchain. J. Logical Algebraic Methods Programm. 121, 100665 (2021). https://doi.org/10.1016/j.jlamp.2021.100665

  38. Atzei, N., Bartoletti, M., Cimoli, T.: A survey of attacks on ethereum smart contracts (SoK). In: Maffei, M., Ryan, M. (eds.) POST 2017. LNCS, vol. 10204, pp. 164–186. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54455-6_8

    Chapter  Google Scholar 

  39. Bartoletti, M., Bracciali, A., Lepore, C., Scalas, A., Zunino, R.: A formal model of Algorand smart contracts. In: Financial Cryptography (2021). (to appear) https://arxiv.org/abs/2009.12140

  40. Bartoletti, M., Zunino, R.: BitML: a calculus for Bitcoin smart contracts. ACM CCS (2018). https://doi.org/10.1145/3243734.3243795

    Article  Google Scholar 

  41. Buterin, V.: Ethereum: a next generation smart contract and decentralized application platform (2013). https://github.com/ethereum/wiki/wiki/White-Paper

  42. Cao, Y., Zou, C., Cheng, X.: Flashot: a snapshot of flash loan attack on DeFi ecosystem. arXiv preprint arXiv:2102.00626 (2021). https://arxiv.org/abs/2102.00626

  43. Baum, C., David, B., Frederiksen, T.: P2DEX: Privacy-Preserving Decentralized Cryptocurrency Exchange. Cryptology ePrint Archive, Report 2021/283 (2021). https://eprint.iacr.org/2021/283

  44. Cecchetti, E., Yao, S., Ni, H., Myers, A.C.: Compositional Security for Reentrant Applications. arXiv preprint arXiv:2103.08577 (2021). http://arxiv.org/abs/2103.08577

  45. Chitra, T.: Competitive equilibria between staking and on-chain lending. arXiv preprint arXiv:2001.00919 (2019). https://arxiv.org/abs/2001.00919

  46. Chitra, T., Evans, A.: Why stake when you can borrow? Available at SSRN 3629988 (2020). http://dx.doi.org/10.2139/ssrn.3629988

  47. Daian, P., et al.: Flash boys 2.0: Frontrunning in decentralized exchanges, miner extractable value, and consensus instability. In: IEEE Symposium on Security and Privacy, pp. 910–927. IEEE (2020). https://doi.org/10.1109/SP40000.2020.00040

  48. Darlin, M., Papadis, N., Tassiulas, L.: Optimal bidding strategy for maker auctions. arXiv preprint arXiv:2009.07086 (2020). https://arxiv.org/abs/2009.07086

  49. Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)

    Article  MathSciNet  Google Scholar 

  50. Eskandari, S., Moosavi, S., Clark, J.: SoK: transparent dishonesty: front-running attacks on blockchain. In: Bracciali, A., Clark, J., Pintore, F., Rønne, P.B., Sala, M. (eds.) FC 2019. LNCS, vol. 11599, pp. 170–189. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-43725-1_13

    Chapter  Google Scholar 

  51. Gu, W.C., Raghuvanshi, A., Boneh, D.: Empirical measurements on pricing Oracles and decentralized governance for stablecoins. Available at SSRN 3611231 (2020). http://dx.doi.org/10.2139/ssrn.3611231

  52. Gudgeon, L., Pérez, D., Harz, D., Livshits, B., Gervais, A.: The decentralized financial crisis. In: Crypto Valley Conference on Blockchain Technology (CVCBT), pp. 1–15. IEEE (2020). https://doi.org/10.1109/CVCBT50464.2020.00005

  53. Gudgeon, L., Werner, S., Perez, D., Knottenbelt, W.J.: Defi protocols for loanable funds: Interest rates, liquidity and market efficiency. In: ACM Conference on Advances in Financial Technologies, pp. 92–112 (2020). https://doi.org/10.1145/3419614.3423254

  54. Qin, K., Zhou, L., Gervais, A.: Quantifying Blockchain Extractable Value: How dark is the forest? arXiv preprint arXiv:2101.05511 (2021). https://arxiv.org/abs/2101.05511

  55. Kao, H.T., Chitra, T., Chiang, R., Morrow, J.: An Analysis of the Market Risk to Participants in the Compound Protocol https://scfab.github.io/2020/FAB2020_p5.pdf

  56. Bartoletti, M., Chiang, J.H., Lluch-Lafuente, A.: SoK: Lending Pools in Decentralized Finance. arXiv preprint arXiv:2012.13230 (2020). https://arxiv.org/abs/2012.13230

  57. Bartoletti, M., Chiang, J.H., Lluch-Lafuente, A.: A theory of Automated Market Makers in DeFi. arXiv preprint arXiv:2102.11350 (2021). https://arxiv.org/abs/2102.11350

  58. Moin, A., Sekniqi, K., Sirer, E.G.: SoK: a classification framework for stablecoin designs. In: Bonneau, J., Heninger, N. (eds.) FC 2020. LNCS, vol. 12059, pp. 174–197. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-51280-4_11

    Chapter  Google Scholar 

  59. Perez, D., Werner, S.M., Xu, J., Livshits, B.: Liquidations: Defi on a knife-edge. In: Financial Cryptography (2021). (to appear) https://arxiv.org/abs/2009.13235

  60. Qin, K., Zhou, L., Livshits, B., Gervais: Attacking the DeFi Ecosystem with Flash Loans for Fun and Profit. In: Financial Cryptography (2021). (to appear) https://arxiv.org/abs/2003.03810

  61. Lamela Seijas, P., Thompson, S.: Marlowe: financial contracts on blockchain. In: Margaria, T., Steffen, B. (eds.) ISoLA 2018. LNCS, vol. 11247, pp. 356–375. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03427-6_27

    Chapter  Google Scholar 

  62. Tolmach, P., Li, Y., Lin, S.W., Liu, Y.: Formal analysis of composable DeFi protocols. In: 1st Workshop on Decentralized Finance (2021), (to appear) https://arxiv.org/abs/2103.00540

  63. Vandin, A., Giachini, D., Lamperti, F., Chiaromonte, F.: Automated and Distributed Statistical Analysis of Economic Agent-Based Models. arXiv preprint arXiv:2102.05405 (2021) https://arxiv.org/abs/2102.05405

  64. Wang, D., et al.: Towards understanding flash loan and its applications in defi ecosystem. arXiv preprint arXiv:2010.12252 (2020). https://arxiv.org/abs/2010.12252

  65. Wang, Y.: Automated market makers for decentralized finance (defi). arXiv preprint arXiv:2009.01676 (2020). https://arxiv.org/abs/2009.01676

  66. Werner, S.M., Perez, D., Gudgeon, L., Klages-Mundt, A., Harz, D., Knottenbelt, W.J.: Sok: Decentralized Finance (DeFi). arXiv preprint arXiv:2101.08778 (2021), https://arxiv.org/abs/2101.08778

  67. Zhou, L., Qin, K., Torres, C.F., Le, D.V., Gervais, A.: High-Frequency Trading on Decentralized On-Chain Exchanges. arXiv preprint arXiv:2009.14021 (2020). https://arxiv.org/abs/2009.14021

Download references

Acknowledgements

Massimo Bartoletti is partially supported by Conv. Fondazione di Sardegna & Atenei Sardi project F74I19000900007 ADAM. James Hsin-yu Chiang is supported by the PhD School of DTU Compute. Alberto Lluch Lafuente is partially supported by the EU H2020-SU-ICT-03-2018 Project No. 830929 CyberSec4Europe (cybersec4europe.eu).

Author information

Authors and Affiliations

  1. Università degli Studi di Cagliari, Cagliari, Italy

    Massimo Bartoletti

  2. Technical University of Denmark, DTU Compute, Copenhagen, Denmark

    James Hsin-yu Chiang & Alberto Lluch Lafuente

Authors
  1. Massimo Bartoletti
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. James Hsin-yu Chiang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alberto Lluch Lafuente
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to James Hsin-yu Chiang .

Editor information

Editors and Affiliations

  1. University of Michigan–Ann Arbor, Ann Arbor, MI, USA

    Matthew Bernhard

  2. Computer Science and Mathematics, Stirling University, Stirling, UK

    Andrea Bracciali

  3. Imperial College London, London, UK

    Lewis Gudgeon

  4. Norwegian University of Science and Technology, Trondheim, Norway

    Thomas Haines

  5. Ithaca College, Ithaca, USA

    Ariah Klages-Mundt

  6. Department of Computer Science, Georgetown University, Washington, WA, USA

    Shin'ichiro Matsuo

  7. Imperial College London, London, UK

    Daniel Perez

  8. Dipartimento di Matematica, University of Trento, Trento, Trento, Italy

    Massimiliano Sala

  9. Imperial College London, London, UK

    Sam Werner

Rights and permissions

Reprints and permissions

Copyright information

© 2021 International Financial Cryptography Association

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bartoletti, M., Chiang, J.Hy., Lafuente, A.L. (2021). SoK: Lending Pools in Decentralized Finance. In: Bernhard, M., et al. Financial Cryptography and Data Security. FC 2021 International Workshops. FC 2021. Lecture Notes in Computer Science(), vol 12676. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-63958-0_40

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-63958-0_40

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-63957-3

  • Online ISBN: 978-3-662-63958-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation