Intro

As the $CRV drama reaches its crescendo (for now), we take inspiration from this tweet from Degen Spartan to crown the “Plebs” and “Patriarchs”. We also leave the readers with an introspection/suggestion on risk mgmt. Hope this is fun!

In case you have been living under a rock, please read this comprehensive timeline on what happened with $CRV here!

Without further ado, its time to crown the winners and losers!

Pleb’s

Vyper: When it comes to programming languages, you could be right every day, and work just fine- yet nobody will give you your flowers. If you are wrong once, expect a shitstorm.

I fully expect this infamy to be short lived though. There are so few options, that this will be swiftly forgotten.

Here is an eye-opening perspective from a Vyper contributor about the exploit and about broader issues when it comes to audits.

Aave: As a protocol sitting on more than $60m in exposure to Mich, with $OTC deals happening at and around the liquidation price, you cannot be sitting pretty. Aave risk management and liquidation process also seems to be a lot less anti-fragile than that of Frax, which is substantially smaller. Furthermore, it appears as though previous proposals alerting AAVE dao of the risks associated with this loan were shot down.

While $60m of bad debt does not make a huge difference to Aave, questions do remain on how they address this going forward. At the time of writing this, it appears as though Marc Zeller has launched a special proposal to use $2m USDT from the Aave treasury to buy $CRV via OTC.

Abracadabra Money: While I think their response has been largely very good, they are still stuck with a decent amount of CRV on their balance sheet and still remain exposed to Mich’s loan. I fully expect this exposure to come down in terms of its current LTV, but as a platform with middling TVL, this does not bode particularly well for upside.

Also, MiM continues to trade off peg, which once again makes it a less attractive stablecoin.

Mich: As a hardcore capitalist, I am no-one to judge big spendoors. You can buy your $40m mansions all you want. But if you take 47% of your token supply to borrow hundreds of millions, you do run this risk of getting Rekt.

As if the exploit was not enough, Mich is now rushing to plug the holes in his house of cards loans. What’s more, it may have forced him to make deals with people he absolutely would not want to in ordinary circumstances. I don’t really know how this plays out, but it is highly unlikely that Mich refinances his mansion to repay this loan.. Which once again reinforces a sort of bearish case on $CRV.

DEFI Governance: I do not know if governance tokens are being used to govern at all. I also do not know if it makes sense for DAO’s to be tasked with risk management, particularly for lending protocols. Michael Bentley from Euler had a really interesting perspective. If this happens though, on-chain governance is likely to become even more of a charade.

I also fully expect the use of governance tokens as collateral to undergo a meaningful parametric shift. It simply should not be so easy to borrow against such a supply of the token that makes liquidation itself impossible. The whole point of trust minimal systems is to be able to liquidate freely and easily. Protocol risks need to be evaluated constantly as the freely available supply of the collateral changes.

Patriarchs

Degen spartan said it right. The price for plebs to buy $CRV is the current market price. The price for patriarchs in the OTC price. Outside of OTC bag holders, there are some other incredible winners from all of this.

FRAX Ecosystem: The Frax ecosystem response showcased a very well implemented risk management system. Critically important, it was a combination of well designed systems and decisive governance

Frax had ofcourse deployed pools on Curve, namely frxETH/ETH. Further more, another 3 pools called FRAX3CRV, FRAXUSDC and FRAXUSDP. While there were no losses incurred in any of these pools, they opted to remove the protocol owned liquidity i.e that portion of the tokens deployed in these pools belonging to FRAX dao.

Furthermore, Fraxlend showed dynamic risk management that was programmatic. This is the type of risk mitigation that actually worked, and is now likely to become an industry standard. MiM is voting to implement it as we speak (it will fail for now)

Sam Kazemian was on hand with the first response team to not only take the right abundance of caution, but to also communicate with utmost clarity. Sam has also reasserted his support of $CRV well beyond this crisis. A true champion of DEFI!

Justin Sun and OTC: His Excellency, very often excellently finds a precarious situation to insert himself. Shortly after his tweet, the OTC floodgates opened up, with Sun not only bagging himself some really cheap CRV, but also getting a pool on Curve for Tron’s stUSDT stablecoin. After Justin, we saw DCF God, Machi, DWF Labs and others pile in their support. Great work from 0xRamen on this OTC Dune dashboard. (P.s, the number has risen well beyond $25m at the time of publishing)

MEV Hunters (Whitehats): There has been a lot of discussion around how we view MEV. A lot of protocols hate that it exists. Uniswap pools are often subject to attack from notorious MEV searchers like Jaredfromsubway.eth. In fact, a shocking statistic shows that 60%+ of all Uniswap volume is MEV! Dan Robinson from Paradigm has talked about how MEV has made swappers 2nd class citizens, with a sub-par experience of Decentralized Exchanges.

However, all the MEV maxi’s can have their moment in the sun. Thanks to c0ffeebabe.eth, $17m of ETH was returned to the affected pools. Bravo!

Chainlink: Centrally managed oracle saving DEFI by accessing price feeds from CEX instead of DEX. Chainlink did its job, quietly, again. The exploit sent the price of $CRV all the way down to 0.09 on DEX’s, which if used, would have liquidated Mich—> pandemonium. At the time of writing this, I was under the assumption that an on-chain oracle would not have been able to prevent this, but I have since been corrected.

I asked Tyler Loewen how this would have unfolded if the oracle being used was Adrastia, not Chainlink. You can find the full details of the exchange here!

TLDR: LINK did not, in this situation, do what Adrastia could not.

I still believe that there is a massive opportunity at the Oracle level, but that is for another time. Chainlink Maxi’s can be very annoying on CT though..

The Hacker: There is still $52m at large. The hack was a sophisticated attack. Very impressive execution of a non obvious attack vector. While it will be very challenging to exit this position, there is a strong probability of a negotiation which results in a multi $$m payout. When the dust settles, most of DEFI will be in a better place. So will this hacker.

Parting Thoughts

I think we need to have better standards and definitions of what is liquidity, and what is actually liquidatable. The truth is that this could keep changing. If lending protocols are going to be more widely used (which I hope so), they will need to constantly evolve the risk parameters. A static picture of a particular borrowers creditworthiness is far too web2.0 a concept. The evolution of risk parameters must be programmatic. Governance is unlikely to make any meaningful difference. It is clear as day to see that when it comes down to it, some players have an outsized say over the fate of Defi. This cannot be combatted with socializing innovation. This has to happen through code.

It’s crazy to fathom how fragile Defi is. We have come really far, but we are still so early. In the aftermath of the $CRV, had a chance to interact with people that were long, short, people working on the affected protocols and those affected by the exploit. Most of them have not slept in 72+ hours. What came across unanimously was a sense of “we are not going anywhere”. I believe that this crisis will breed new and improved risk parameters, more active governance and hopefully, new all time highs. I will certainly be writing about them, for you guys, right here!

Until next week :)

(P.S. we had initiated a short position on $CRV as the exploit revealed itself, which was closed off at $0.51)