shift
  • Introduction
  • Underlying factors for developing shift
  • Get started
    • How to choose the Vault
    • How to deposit
    • How to withdraw
    • How to shuffle between Vault versions
    • How to track the balance
    • How to review transactions history
    • Emergency situation
  • SHIFT Products
    • Vault
    • DeFi strategy
    • Vault for Financial Institutes
  • Risk Management
    • Overview
    • Risk Assessment and Management Policy
    • Risk Mitigation
  • Developer Resources
    • Ecosystem overview
    • Vault contract
      • Position status logic
    • DEFII
      • Logic contract
      • LocalDefii contract
      • RemoteDefiiPrincipal contract
      • RemoteDefiiAgent contract
      • Instructions
    • OperatorRegistry contract
    • Emergency situations
    • Deployment addresses
  • Vaults
    • USD - Risk Level 3
  • FAQ
    • General
    • Fee terms
    • Platform design
    • Emergency
    • Utility
    • Security
    • Communication
  • Resources
    • Discord
    • Medium
    • Twitter
    • Telegram
    • Github
Powered by GitBook
On this page
  1. Risk Management

Risk Assessment and Management Policy

Last updated 1 year ago

Our Risk Assessment policy begins with an in-depth investigation and research of each protocol embedded within our DeFi strategies. Each building block of the strategy undergoes scrutiny through a proprietary risk assessment model. This model meticulously analyzes both technical and economic vulnerabilities, encompassing various aspects such as economic mechanics, dependencies risks, centralization, and an exhaustive analysis of weak points within smart contracts. The evaluation also considers popular vulnerability patterns prevalent in the DeFi space.

The outcome of our analysis is translated into a comprehensive risk rating system, assigning a rating to each building block within the strategy, ranging from B to AAA. The AAA rating signifies the highest level of security. To tailor our investment approach to the risk appetite of our vault, we construct a specialized investment portfolio comprising instruments with corresponding risk ratings. This ensures that the risk exposure aligns with the predetermined risk tolerance of the vault. Having provided an overview of our risk assessment model, let's delve into a practical example to illustrate how our approach is applied. In this case, we will focus on the MIM stable coin.

MIM Stable Coin Risk Assessment

serves as a lending platform that employs a diverse range of assets as collateral for borrowing Magic Internet Money (MIM), a USD-pegged stablecoin. The collateral pool encompasses both interest-bearing tokens, such as yvWETH, yvUSDC, xSUSHI, and others, as well as traditional tokens like WBTC, WETH, and SHIB.

Economic Red Flags:

  1. Off-Chain DAO Execution:

    • One of the identified vulnerabilities is the off-chain execution of the DAO by the Abracadabra team multisigs with no time lock. This raises concerns as it introduces the potential for unilateral decision-making by the team, posing a risk to the stability of the protocol.

  2. Volatile Collateral Composition:

    • Although MIM is an over-collateralized stable coin, a significant portion of its collateral comprises volatile tokens. This exposes the stable coin to market fluctuations, especially considering that some volatile assets have a maximum collateral ratio as high as 90%. This composition has led to multiple instances where MIM depegged from its intended $1 value during certain market circumstances.

  3. Third-Party Venue Exposure:

    • As MIM operates as an interest-bearing stable coin, some parts of its collateral are exposed on third-party venues, introducing additional risks. The dependence on external venues for interest-bearing assets amplifies the complexity of risk management.

  4. Price Oracle Dependency:

    • The protocol's reliance on price oracles adds another layer of risk. Any vulnerabilities or manipulations in the price oracles can directly impact the stability of MIM, making it susceptible to inaccurate pricing and potential exploitation.

Technical Red Flags:

  1. Centralization Concerns:

    • Upon examining the smart contracts, it becomes evident that there is a significant level of centralization. The Abracadabra multisig possesses unrestricted privileges to configure markets and mint new tokens without any restrictions or time locks. This concentration of power introduces a centralized point of failure and raises questions about the decentralization of the stable coin.

Risk Rating:

Considering the identified economic red flags and smart contract analysis, MIM receives a risk rating of BBB (moderate-risk) according to our comprehensive risk assessment model. This rating takes into account the various vulnerabilities present in the economic and technical aspects of the protocol.

Investment Portfolio Alignment:

In light of MIM's risk rating, we align our investment portfolio within the vault to ensure a prudent risk exposure that aligns with our predetermined risk tolerance. The selection of instruments with corresponding risk ratings ensures a diversified and resilient portfolio, mitigating potential downsides associated with individual assets.

By consistently applying our risk assessment and management policy, we aim to safeguard the integrity of our DeFi strategies and maintain a secure financial environment for our users and stakeholders. Regular reviews and updates to our risk assessment model enable us to adapt to the dynamic nature of the DeFi landscape and proactively address emerging risks.

Abracadabra.money