Confronting the new attack vector

Iterating on my reddit post, I would like to sketch some ideas for discussion.

The Problem

Withdrawal of large amounts of TKN, while simoultaneously shorting BNT (cause panic possibly) to get more BNT → sell right after withdrawal and cash in on the short position.

Possible fixes

1. Limiting withdrawals → $100K/address/7 days

2. Analytics
   Protocol monitors how much BNT is in circulation and issues a stop mint when IL > (fees collected)

• Most of the BNT in total supply is protocol owned and there is a certain amount of BNT participating in the open market (let’s say 150M).
  • This supply shrinks (fees burned by the protocol), or expands (ILP and LM)
    • Protocol could have a hard cap to stop minting if the open supply reaches 150M BNT
    • First come, first served (FCFS) should be avoided, because when IL > (fees collected) happens it could and would lead to panic (bank run)
• This solution doesn’t solve the shorting of the BNT to cash on ILP. Especially if the FCFS is not mitigated.

3. Fees collected in TKN (protocol owned) → used to cover IL

   • Prevents direct effects of shorting BNT, the depositor gets only the TKN amount + fees back
   • Increases the pool size
   • Protocol should still monitor (fees collected)/IL ratio per pool to not drain the TKN side when the bank run occurs
   • FCFS should be avoided

4. IL coverage cap

   • A variable ILP cap on each LP position based on (fees collected)/IL. If it dips under 1 it would mean that the position is not fully covered
     - The cap could be adjusted, that the smaller LP positions are fully covered, even if the ratio dips under 1 and the larger positions would bear the majority of IL
   • This would discourage shorting because the large positions would be hurt more, however, intentional shorting attacks on concrete large LP positions could be possible
   • Somewhat mitigates FCFS

Interesting proposal! Glad to see fellow community members thinking critically, wish the Devs would also share. Some thoughts:

1. V3 is tokenized…so large users could just divide their stack amongst addresses and withdraw.
2. I don’t understand the reasoning in smaller LP positions getting favorable treatment over larger LP positions? If the reasoning is potential shorting, I don’t think that’s enough.

I consider smaller LPs a long tail. More people have smaller amounts staked and few have large sums.
There could be a fund positions that manage other people’s money. I aim to encourage people to take responsibility for their own money and reward it, which would lead to more decentralization.

Nonetheless, it’s true that the large LP positions would just divide their stack to multiple smaller ones (I’ve missed that), so the 1. and the smaller LPs fully covered are nonsensical.

I would actually agree with limiting the ILP in time and amount. The longer you are in the protocol, the more you should be protected from IL. $100k/7 days is too much though. I’d say $1k/day (or less) would probably be a decent compromise which would protect smaller depositors and prevent whales from destroying the protocol.