Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Omer Goldberg Profile picture
@omeragoldberg
May 25, 2023 12 tweets 6 min read Read on X
Scrolly
1/ @chaos_labs is proud to launch the @Uniswap V3 TWAP Oracle Risk Portal, in collaboration with @UniswapFND.

The Portal highlights real-time cost of of TWAP manipulation across V3 pools. Image
2/ But first, why is Oracle Manipulation an attractive exploit vector for attackers?

TWAP oracle manipulation leads to severe consequences for protocols that consume those price feeds, enabling attackers to distort prices, leading to economic exploits. Examples below 👇 Image
3/ @Moola_Market and @mangomarkets, both suffered significant losses due to TWAP oracle manipulation. In each case, attackers exploited thin liquidity to pump collateral value, leading to under-collateralized loans and substantial financial damage. Image
4/ The @chaos_labs TWAP Market Risk application, leverages pool data, including liquidity depth and exhaustion prices, to quantify real-time manipulation risk across all V3 pools and deployments. Users can view manipulation costs across all pools Image
5/ The portal factors real-time concentrated liquidity distribution into quantifying manipulation costs: Image
6/ Furthermore, we quantify capital requirements for moving the current spot price Image
7/ As well as quantifying the capital requirements for moving the time-weighted average price over a 30-minute window Image
8/ Real-time data is important, but we'd like to make this information actionable for protocols using TWAPs. Therefore, we allow users to simulate how additional liquidity across specific ticks increases capital requirements for manipulations. Thanks @fedeebasta for this idea! Image
9/ The research and methodologies for quantifying the price of manipulation can be found in our full-length risk assessment here:
chaoslabs.xyz/posts/chaos-la…
10/ As always, we encourage you to check out our application and we'd love to hear your feedback. Your ideas and feature requests can help us make it even more powerful. Explore the portal here:
community.chaoslabs.xyz/uniswap/twap
11/ @chaos_labs is dedicated to ensuring the economic and oracle security in the #DeFi space. If you're an application grappling with these challenges, don't hesitate to reach out 🙏
12/ We're incredibly proud to partner on this critical research with our partners at @UniswapFND @Uniswap. Their collaboration is invaluable, and we look forward to what comes next. Stay tuned, as we're releasing additional research with @UniswapFND soon!

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Omer Goldberg

Omer Goldberg Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @omeragoldberg

Omer Goldberg Profile picture
Nov 9
1/ Every architecture involves tradeoffs.

Good design allows you to design a system where, for every unit of risk you take, you earn the most reward, and for every unit of reward you take, you incur the least risk.

From a liquidity risk PoV, Morpho's model is suboptimal. Image
2/ To start, every lending protocol carries risk. We’ve explored this previously

Some are obvious:

- insolvency
- oracle failures
- smart contract exploits

Others are more subtle, such as liquidity risk.

That’s the one we’ll focus on here.

3/ Redemption risk is manifested when users can’t withdraw collateral.

Morpho markets itself as an “isolated” lending alternative, where curators manage vaults and users pick between distinct risk profiles.

But "isolation" is misleading, as we'll see; liquidity risk is shared. Image
Read 17 tweets
Omer Goldberg Profile picture
Nov 3
1/ TL;DR

Hours after a multichain @Balancer exploit triggered widespread uncertainty across DeFi, @berachain executed an emergency hard fork, and @SonicLabs froze the attacker’s wallet.

Shortly after, Stream Finance’s xUSD began to depeg materially below its target range. Image
2/ Long-standing questions resurfaced around leverage, oracle construction, and PoR transparency.

It's a textbook case of the reflexive stress events we outlined last Friday in our DeFi’s Black Box/Vaults article. Image
3/ What Happened & Backdrop

A Balancer v2 exploit unfolded across several chains, and for an extended period, it was unclear which pools were affected on which networks or which integrated protocols had direct exposure.

Read 8 tweets
Omer Goldberg Profile picture
May 29
$500K gone in 180 seconds.

Chainlink just proved oracles are one of the weakest links in DeFi.

Here’s what happened: Image
1/ Earlier today, Chainlink’s deUSD price feed spiked to $1.028—just enough to tip the Avalanche Euler market over the edge.

Within minutes, $500K+ of leveraged positions were wiped out. Image
2/ deUSD is Elixir’s RWA-backed stablecoin, with $185M total supply and $42.7M live on Avalanche.

It’s a popular collateral asset due to its high yield profile.

Users were looping it 10x for theoretical returns north of 100%.

LLTV sat at 92.5%. Razor-thin margins. Image
Read 9 tweets
Omer Goldberg Profile picture
Feb 22
1/ Bybit’s 1.4b Hack, Ethena, Aave, and Oracles

Exploring @Bybit_Official exploit impact on @aave, @ethena_labs, and USDe pricing.

How DeFi responded to the largest hack ever, contagion risk, pricing, and how Proof of Reserves could have prevented $20M+ in liquidations 🧵👇 Image
2/ In the aftermath of the attack, our team at @chaos_labs, alongside @bgdlabs, @AaveChan, and @LlamaRisk opened a war room to assess potential @aave exposure and systemic risk. Image
3/ Inside the war room, key concerns emerged:

- Was Bybit solvent?
- Was this just the first wave of a larger attack?
- How would any insolvency or haircut affect Aave, given sUSDe exposure? Image
Read 24 tweets
Omer Goldberg Profile picture
Oct 31, 2024
1/ With the U.S. Presidential Election less than a week away, prediction markets are taking center stage.

At @chaos_labs, our mission is to build trust and transparency in the markets of the future through high-quality data and risk management tools.
2/ Our focus isn’t on politics but on the tools and metrics that power prediction markets, which we see as an important distinction.

With products like the Edge Oracle, we help these markets fulfill their promise of open, decentralized data.
3/ In September, @wintermute_t announced OutcomeMarket and selected the Edge Oracle by @chaos_labs for outcome resolution.



As such, we've been researching these markets deeply over the past year.
Read 30 tweets
Omer Goldberg Profile picture
Oct 13, 2024
1/ $230K @MorphoLabs PAXG/USDC Market Oracle Exploit Breakdown

The Morpho PAXG/USDC market (tokenized gold via @Paxos) was exploited, leading to a $230K loss.

The root cause? A misconfigured oracle pricing gold at $2.6 trillion USD. Image
2/ Exploit Breakdown: Pt. 1 → Oracle Misconfiguration pricing gold at $2.6 Trillion

Morpho’s markets allow users to create markets. Unfortunately, in this case, the deployer may not have fully understood Morpho's decimal system. Image
3/ Exploit Breakdown, Pt. 2 → Supply and Drain

The exploiter realized the $2T dollar pricing of gold, supplied $350 dollars of $PAXG, and withdrew $250K, as viewed on @BlockAnalitica's Morpho portal. Image
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(