Coins: 15,999
Exchanges: 1,183
Market Cap: $3.825T 2.4%
24h Vol: $213.145B
Gas: 13.61 GWEI
Go Ad-free
Altchains & DeFi
TABLE OF CONTENTS

Insights and Implications of the Mango Squeeze

4.8
| by
Khor Win Win
-

 

What is Price Manipulation?

In lending markets, borrowers provide collateral to protect from losses in the event of nonpayment. To ensure lenders can mitigate a potential loss if the borrower defaults, the minimum value recoverable from selling the collateral must somehow be determined. For example, a home or car used to secure a loan is often appraised, and loans in traditional finance may rely on a trusted third party for collateral monitoring.

In decentralized finance markets, where participants' identities are mostly unknown, collateral is often used to secure loans on lending protocols. However, due to the trustless nature of DeFi and volatile nature of crypto prices, loans in DeFi tend to be overcollateralized - in other words, users would have to put up much more collateral compared to the amount of funds they wish to borrow. In the event of a sudden significant downturn in the markets, the additional collateral is meant to act as a buffer to protect lenders through premature liquidation even before a default actually occurs, thus sparing the protocol from incurring ‘bad debt’.

To track the value of collateral and determine whether a loan should be liquidated, lending protocols rely on price feeds, or oracles, that aggregate data from various trading venues. However, for some tokens, the number of venues available and the depth of the markets involved may be limited. This is especially an issue with native governance tokens, which may be enabled during the early stages of protocol development to bootstrap growth, before sufficiently deep markets have been established. If risk parameters are not continuously adjusted accordingly as the protocol matures, these governance tokens can be a weak link that makes the protocol as a whole increasingly vulnerable.

These scenarios, coupled with a lack of mechanisms to silo or deleverage risk, make it possible for a single adversarial user to temporarily bid up the price of tokens they own, and open a large loan using the position as collateral. This loan, however, would have little collateral protection when prices return to a level more in line with fundamentals. Effectively, the protocol could be manipulated to provide a loan far in excess of the recoverable value of the user’s collateral in a type of price manipulation attack.

 

Mango Events

mango markets exploit diagramSource: Gauntlet

On October 11, popular lending and trading protocol on Solana, Mango Markets lost over $110M in an apparent attack of this type. As later reported, an attacker first used two accounts to take large positions in perpetual futures tied to the protocol’s native governance token, MNGO, on Mango Markets itself. With 5M USDC funding in each account, the attacker could sell about 483M units of MNGO-PERP to themselves at $0.0382 each. A few minutes later, the same entity began aggressively buying MNGO on spot markets across various CEXs and DEXs, such as FTX and Raydium, causing the price to rise briefly to about $0.90. 

coingecko mango price chartSource: CoinGecko

Since the valuation of existing MNGO positions on the protocol was determined by oracles aggregating price feeds from these venues, the attacker now had large market gains in the account that was long MNGO-PERP, as calculated at the manipulated price. Using a specific feature in Mango, this allowed them to borrow effectively all of Mango’s available liquidity using the unrealized profit as collateral, an amount far greater than the funds they had used to carry out the attack up to that point. As MNGO prices normalized from the spike, it became apparent that the loan was insolvent and practically unrecoverable. 

Even though a bounty was offered, the attacker had other plans. Posting his demands on Mango’s governance forum, the hacker proposed a settlement of $70 million to be paid using Mango’s community treasury, even using the stolen MNGO tokens to pass the proposal. However, the proposal failed to meet the necessary quorum. Though some of the funds were later returned, Mango remains inoperational as of the time of writing.

 

Total Damage & Aftermath

Ranked as the 13th largest exploit by Rekt.news as of the time of writing, the attack on Mango was nothing short of catastrophic. Although the hacker initially made off with over $115 million worth of assets, $67 million have since been returned following a deal made by the community, resulting in a net loss of approximately $48 million for the protocol, which they considered as a ‘bug bounty’, a 31% ‘discount’ from the original $70 million demanded by the hacker. The returned assets consisted of various Solana-based tokens such as SRM, SOL, and RAY, several large-cap assets (BTC, ETH, BNB)  as well as $10 million worth of USDC. 

While this sort of attack was clearly targeting the vulnerabilities of a single protocol, there’s no doubt that the consequences would ripple across the network’s ecosystem. Following the exploit, Solana lost 25.8% of its TVL, dropping back below the $1 billion mark to $934 million. Subsequently, other decentralized lending protocols on various networks were quick to take preventive measures against similar attacks - Compound chose to pause the lending pools of 4 different tokens, while Aave governance elected to tighten the risk parameters for their lending markets on v2 and v3.

While Mango Markets wasn’t exactly one of the larger protocols in the Solana ecosystem, the threat of a copycat attacks on other protocols with similar mechanisms in the multichain universe is hard to ignore. Yet, from a sectoral view, other lending and decentralized perpetuals platforms were largely unaffected in terms of price action, with minimal outflows of funds from these respective protocols. GMX, a decentralized perpetuals protocol based on Arbitrum and Avalanche, was one of the few exceptions, dropping by 9.8% to $38.35 in the aftermath of the attack. Coincidentally, GMX had just suffered an exploit of its own earlier in September.

gmx price chart coingeckoGMX Price (9 - 12 Oct 2022); Source: CoinGecko

While hacks are starting to become more of an everyday occurrence, it would seem that most other users are not as bothered when it comes to decentralized perpetuals, and it makes sense. Unlike protocols such as DEXs and bridges, which are used by the vast majority of traders and retail users (and can be devastating to these individuals if exploited), the concept of perpetuals trading on a decentralized network is still a niche one. However, as the fear of CEXs continue to mount, where most traders normally dabble with perpetuals, the gradual shift to decentralized perpetuals will make them more tantalizing targets for attackers, with much bigger payouts. As a result, we may see a more adverse reaction to exploits from market participants once they make the shift to these protocols.

 

Lessons Learned

In light of the events and concerns of DAO communities, many lending protocols took steps to review price manipulation risk and consider precautions. Extreme price slippage in illiquid assets and outsized insolvent accounts have always been known to pose potential systemic risks for DeFi protocols, and the case of Mango served to further highlight the existential nature of such attacks. Even though some protocols' deeper collateral asset liquidity would make price manipulation far more costly, moves to further reduce risk are possible.

For protocols that use supply or borrow caps or margin to limit the size of individual positions, setting these prudently can be a strong line of defense. Since moving the price of any asset has some cost, potential attackers would be less likely to act if the amount they could extract from a protocol is limited. Well-placed limits also block the catastrophic outcome of a single account draining the entire lending pool, which can help reduce the risks to protocol survival in extreme scenarios. As supply caps are new parameters in Aave v3 and Compound v3, users who migrate their positions from the v2 protocols can benefit from this risk mitigation.

Additionally, these caps should not be limited to each individual asset but rather, there should be a cap to the total aggregated collateral a single user can supply to the protocol. This is similar to having a single exposure limit towards a single user in order to limit the risk stemming from any one particular actor. This limit could have prevented a significant earlier event on Solend, where a major participant faced liquidation. While this may not deter determined attackers who can create multiple addresses, the additional steps and time required to manage separate accounts could provide valuable time for the protocol to safely combat and slow any attempts to inflict severe losses.

Besides that, platforms could also consider implementing more stringent parameters in detecting anomalous price movements, particularly for low liquidity assets. While the primary function of oracles are merely to report the specified data at a given time, the onus lies on the platform to monitor for suspicious price movements and prepare the appropriate contingency plans to be triggered in the event of an anomaly. Introducing more redundancies via additional exogenous oracles could also bolster the platform’s defense against price manipulation attacks, though hackers with a much larger warchest could potentially manipulate multiple price feeds on a larger scale.

Active risk management is another key defense from both price manipulation and economic risks more generally. Because any single asset can put an entire protocol at risk, it is important to be aware of the liquidity profile and technical details of the specific market before enabling new collateral. As protocols grow and market structure evolves, new windows for economic attacks may appear, so risk management cannot rely entirely on passive tools.

This is especially relevant for native governance tokens used as collateral early in a protocol’s development. If risk parameters for these tokens do not keep up with new mechanics or user growth, they may expose the protocol to unexpected attacks. Given their special role in protocol economics and governance, native tokens warrant particularly close attention if they are being used as collateral, and even more so if they are available on other lending platforms as well. Even as the protocol’s native token establishes itself in terms of liquidity, it may be more ideal to pivot the token towards its original intended utility, simultaneously removing endogenous risk from the platform’s mechanism.

Finally, a well-diversified reserve fund can help protocols mitigate losses from a limited attack and ensure users are protected from the worst outcomes. While a determined attacker might try to manipulate a protocol in any case, strong defenses can reduce the maximum value at risk to a manageable level. As the Mango events emphasized, price manipulation can be a serious threat, but one which protocols can contain with safer design limits and active management of riskier exposures.



This article was written in collaboration with Gauntlet. Gauntlet is the simulation platform for on-chain risk management for DeFi. You can follow them on Twitter here and check out more of their research here. You can also contact the Gauntlet team through info@gauntlet.network.

 

CoinGecko's Content Editorial Guidelines
CoinGecko’s content aims to demystify the crypto industry. While certain posts you see may be sponsored, we strive to uphold the highest standards of editorial quality and integrity, and do not publish any content that has not been vetted by our editors.
Learn more
Want to be the first to know about upcoming airdrops?
Subscribe to the CoinGecko Daily Newsletter!
Join 600,000+ crypto enthusiasts, traders, and degens in getting the latest crypto news, articles, videos, and reports by subscribing to our FREE newsletter.
Tell us how much you like this article!
Vote count: 6
Khor Win Win
Khor Win Win
Win Win is an avid gamer, interested in navigating the vast world of NFTs and the cryptoverse. Entering the crypto space in 2020, Win Win focuses particularly on DeFi and GameFi, looking out for the latest developments and projects in the space. The author has lived through the meteoric rise of DeFi as well as the collapse of Terra and FTX. Follow the author on Twitter @0x5uff3r

Related Articles

Select Currency
Suggested Currencies
USD
US Dollar
IDR
Indonesian Rupiah
TWD
New Taiwan Dollar
EUR
Euro
KRW
South Korean Won
JPY
Japanese Yen
RUB
Russian Ruble
CNY
Chinese Yuan
Fiat Currencies
AED
United Arab Emirates Dirham
ARS
Argentine Peso
AUD
Australian Dollar
BDT
Bangladeshi Taka
BHD
Bahraini Dinar
BMD
Bermudian Dollar
BRL
Brazil Real
CAD
Canadian Dollar
CHF
Swiss Franc
CLP
Chilean Peso
CZK
Czech Koruna
DKK
Danish Krone
GBP
British Pound Sterling
GEL
Georgian Lari
HKD
Hong Kong Dollar
HUF
Hungarian Forint
ILS
Israeli New Shekel
INR
Indian Rupee
KWD
Kuwaiti Dinar
LKR
Sri Lankan Rupee
MMK
Burmese Kyat
MXN
Mexican Peso
MYR
Malaysian Ringgit
NGN
Nigerian Naira
NOK
Norwegian Krone
NZD
New Zealand Dollar
PHP
Philippine Peso
PKR
Pakistani Rupee
PLN
Polish Zloty
SAR
Saudi Riyal
SEK
Swedish Krona
SGD
Singapore Dollar
THB
Thai Baht
TRY
Turkish Lira
UAH
Ukrainian hryvnia
VEF
Venezuelan bolívar fuerte
VND
Vietnamese đồng
ZAR
South African Rand
XDR
IMF Special Drawing Rights
Cryptocurrencies
BTC
Bitcoin
ETH
Ether
LTC
Litecoin
BCH
Bitcoin Cash
BNB
Binance Coin
EOS
EOS
XRP
XRP
XLM
Lumens
LINK
Chainlink
DOT
Polkadot
YFI
Yearn.finance
Bitcoin Units
BITS
Bits
SATS
Satoshi
Commodities
XAG
Silver - Troy Ounce
XAU
Gold - Troy Ounce
Select Language
Popular Languages
EN
English
RU
Русский
DE
Deutsch
PL
język polski
ES
Español
VI
Tiếng việt
FR
Français
PT
Português
All Languages
AR
العربية
BG
български
CS
čeština
DA
dansk
EL
Ελληνικά
FI
suomen kieli
HE
עִבְרִית
HI
हिंदी
HR
hrvatski
HU
Magyar nyelv
ID
Bahasa Indonesia
IT
Italiano
JA
日本語
KO
한국어
LT
lietuvių kalba
NL
Nederlands
NO
norsk
RO
Limba română
SK
slovenský jazyk
SL
slovenski jezik
SV
Svenska
TH
ภาษาไทย
TR
Türkçe
UK
украї́нська мо́ва
ZH
简体中文
ZH-TW
繁體中文
Log in
By continuing, you agree to CoinGecko Terms of Service and acknowledge you’ve read our Privacy Policy
or
Forgot your password?
Didn't receive confirmation instructions?
Resend confirmation instructions
Sign up
By continuing, you agree to CoinGecko Terms of Service and acknowledge you’ve read our Privacy Policy
or
Password must contain at least 8 characters including 1 uppercase letter, 1 lowercase letter, 1 number, and 1 special character
Didn't receive confirmation instructions?
Resend confirmation instructions
Forgot your password?
You will receive an email with instructions on how to reset your password in a few minutes.
Resend confirmation instructions
You will receive an email with instructions for how to confirm your email address in a few minutes.
Get the CoinGecko app.
Scan this QR code to download the app now App QR Code Or check it out in the app stores
coingecko
Continue in app
Track prices in real-time
Open App