Known Risks & Mitigations

1.Flash attacks

Description of attack: It is possible to cheaply manipulate even the most liquid assets with the use of a flash loan. In the same block you can manipulate the price of a largely held fund asset (regardless of whether liquid or not), buy/sell the fund advantageously to you, move the price back and return the loan in one transaction.

Solution: Mitigated by customizable time-lock between invest and redeem. The time lock is configurable by the manager and recommended to be at least one second.

2.Arb attacks

Description of attack: Continuous invest/redeem at “stale” NAVs (ie. front-running of the NAV). If done enough times this could drain the fund of its AUM at the expense of other investors

Solution(s): Clear communication and helpful warnings around this at the UI level, the use of the configurable time-lock on shares actions, and one or more optional recommended policies to help reduce/mitigate at a protocol level. Some policy options could include:

  • The use of an investor whitelist (KYC) to spot and report ‘bad actors’

  • The use of a policy which imposes an investor whitelist if a certain investment takes GAV over a configurable amount deemed as too risky for arb-ing.

  • The use of the “liquidity fee” policy (see below*)

  • More options are being explored

3.Exploiting funds with less liquid assets

Description of attack: When a fund holds a large position in a less liquid asset, it is potentially vulnerable to the manipulation of that underlying asset (which effectively can manipulate the NAV of the fund too).

Solution: Implementation of a high liquidity fee policy (see below*) for low liquidity funds.

4. Draining a fund through trade manipulation

Description of attack: If a malicious manager does an OTC trade(s) with himself at the “wrong price” (eg. selling an asset to himself for zero) this could drain the fund of all its assets.

Solution: We have removed the use of open trading on 0x order books, and only make the ZeroExV2Adapteravailable for approved order makers (e.g., our OTC trading partners). All trading with anonymous parties can only happen at the best available price from AMMs.

*Liquidity fee policy - This is a percentage fee on entrance into the fund which is indirectly paid to the entire fund (not the manager) by burning a portion of purchased shares. Such a mechanism aligns investors with the costs caused by purchase/redeem churn (having to liquidate and repurchase assets frequently) as a result of short-term investors in the fund. This fee is customizable by the manager and can be quite high for a fund holding very illiquid assets. If you stay in the fund for a while you will on average make the fee back from other joiners/leavers who pay the fee to you. Essentially in aggregate the fee is paid by shorter term investors to longer term investors.

Last updated