Asset Risk Assessment - Fei Protocol

A risk assessment on Fei Protocol - Fei USD (FEI) for Curve veCRV holders

Useful links

1. FEI Website

2. Official analytics page of Fei Protocol

3. TribalChief pool analytics and FEI mints/burns

4. Fei-Rari pool analytics

5. Github

6. Medium/Blog

7. Governance (voting)

8. Governance Snapshot

9. Governance Forum

10. Fei Protocol Documentation

---

Abstract

Fei Protocol’s stablecoin FEI is an asset on a few pools on Curve.fi, and it potentially wants to list a few others. They’ve applied for a gauge for their FEI-3CRV pool. This assessment aims to provide information on FEI’s risks to veCRV holders.

A TL;DR for people looking for a quick summary:

1. No single entity can rug the pool. Currently, the Fei Protocol guardian multi-sig is under the core team’s control (3/7 multisig, all doxxed), intending to transition it to community-held multisig.

2. With the upcoming v2 update, the Fei Protocol may exist even without the core team, as the control of the protocol is handed over to the community.

3. The audits do not reveal any particularly damning details. However, a few concerns need to be addressed (discussed later in this article).

4. The FEI-3CRV pool already has over 220 million USD in liquidity even without a gauge: this is usually an excellent sign.

5. Fei is backed by VCs.

6. The recommendation is that FEI should get their gauge.

---

FEI as an asset

The Fei Protocol is an attempt to create a decentralised stablecoin algorithmically backed by decentralised assets. Their stablecoin framework is decentralised, scalable, and DeFi-native, with two token components.

• Protocol Controlled Value (PCV): The PCV is used to protect the FEI peg to $1, similar to how a central bank works, with more transparency and a community-driven approach with (currently) few centralisation vectors.

• Fei USD (FEI): the native stablecoin with transparent, on-chain 1:1 redeemability directly from PCV reserves. This is a crucial value boost over centralised alternatives such as USDC or USDT.

• TRIBE: The native governance token. TRIBE holders manage the PCV and back FEI with its community-owned reserve.TRIBE holders have skin in the game as beneficiaries and risk bearers of PCV performance and losses.

In short: Fei is a community-driven protocol, and TRIBE holders are the collective stewards of the PCV and the FEI ecosystem.

---

FEI price stability

Useful links

1. The Defiant’s article on Fei’s rocky start

2. Fei Reweight mechanism

3. Fei protocol v1 bug report - Rob Behnke (April 4, 2021)

4. Immunefi Fei Protocol Vulnerability Postmortem (April 10, 2021)

5. OpenZeppelin PostMortem on Fei Protocol Economic vulnerability (May 13, 2021)

6. Fei Governance Proposal on post-depeg actions

7. Fei Protocol Governance discussions on current peg stability (December 2021)

8. FEI / USD Chainlink feed

The v1 genesis depeg fiasco

Due to its overhyped genesis event, FEI/USD had a rocky start (Fei V1) in April 2021. The various parameters governing its stability (such as reweights), code vulnerabilities, and direct incentives mechanisms to keep the FEI peg to $1 did not perform as intended, leading to restrained selling pressure. In short:

1. Early investors could mint FEI at a 50% discount by supplying ETH in the FEI/ETH Uniswap pool.

2. Having minted FEI at a massive discount, profit-seekers sold FEI into ETH: this caused an increased selling pressure, causing de-pegs.

3. Fei-core devs attempted to re-peg the asset by introducing two reweights. In short, a reweight:

   1. Buys ETH from the Uniswap FEI/ETH pool.

   2. Trades within that pool to bring back FEI/ETH parity.

   3. Deposits remaining ETH back to the pool.

   4. Burns excess FEI.

   This, however, only led to more depeg, as noted by Banteg (Yearn):

   

   banteg @bantg

   Fei went into full capitulation mode after the second reweight. People in discord report the UI doesn't allow selling when the penalty is over 50% (price is lower than 0.93). A good move would be to return the captive ETH and get back to the drawing board.

   

   3:39 PM ∙ Apr 6, 2021

   ---

4. Critical security vulnerability involving a flashmint was discovered, and the core devs decided to pause specific contracts to mitigate risks.

   

   Fei Protocol @feiprotocol

   🚨 We have patched a vulnerability found in the incentive calculation of Fei: ➡️ We are shutting down all minting rewards on FEI ➡️ Trades will go through as normal ➡️ The burn will still be applied ➡️ We are working on a fix to turn rewards back on More information to come

   3:20 PM ∙ Apr 6, 2021

   ---

This is as rocky as a protocol launch can get. This led to further constructive governance proposals and actions, which has led to a more stabilised FEI peg.

Fei’s redemption arc - improvements towards a more robust peg backed by its PCV

Useful links:

1. Fei Protocol Analytics Dashboard

The Fei protocol has had an extended redemption arc, with several peg mechanism improvements bringing tangible stability to FEI’s peg. The v2 iteration of the Fei Protocol has now been launched, with audits currently underway and its rollout staged to minimise technical risk.

History and Future of Fei Protocol - By Crypto Kailash

Fei v2 incorporates its PCV model, introducing 1:1 FEI redeemability with PCV reserves. Considering that the PCV reserve is massive (700+ million USD), this can meet extreme levels of market demand.

state @statelayer

People don't understand this yet. FEI is becoming like DAI but backed by an ETH PSM instead of USDC PSM. People can always redeem 1$ of ETH for 1 FEI, instead of 1$ of USDC for 1 DAI. The DAO takes on the ETH price risk, and there's significantly more ETH to make sure it's safe

Fei Protocol @feiprotocol

Introducing Fei v2 🎉 https://t.co/bbq1CZdGXE This is a HUGE upgrade to the Fei mechanism! Highlights include 👇

8:59 PM ∙ Oct 6, 2021

---

Generalised PCV

Fei Protocol is designed to support generalised PCV. The protocol can fundraise PCV in any ERC-20 token by issuing a bonding curve denominated in that asset, contingent upon a reliable oracle to handle asset pricing.

PCV Controllers manage PCV among the various PCV Deposits. Future Fei Protocol upgrades can algorithmically adjust PCV based on market conditions or include unique two-way integrations with other protocols. These integrations can leverage the utility tokens of different platforms or their functionality with other ERC-20 tokens held by the protocol.

PCV Management

The Fei protocol analytics dashboard provides a transparent insight into the backing of FEI. The impression is Fei v2 looks well-executed and sufficiently over-collateralised with a 233% C-ratio (at the time of writing).

Fei’s analytics dashboard.

The Fei protocol adjusts risks by defining different weights for varying levels of PCV leverage, known as a risk curve. As the PCV moves closer to 100% collateralisation (high leverage), the risk curve algorithmically adjusts PCV weights towards stable assets like DAI and RAI. More information about the exact implementation of the risk curves is still under audit and will be released soon.

Collateralisation

Collateral backing FEI. When collateralisation is threatened, liquidity is swapped from more volatile to less volatile assets.

The Fei Protocol prioritises liquidity when deploying this reserve to ensure users can trade FEI at high volumes. Critically, FEI can be over or under-collateralised depending on volatility on the PCV and other market conditions. The C-ratio of FEI at any time is calculated as follows, with the denominator being User-controlled FEI:

The formula ignores Protocol-controlled FEI because any FEI that the protocol holds will never be sold for PCV, only burned. Protocol-controlled FEI can have second-order, short-term inflationary effects. For instance, FEI deposited into a lending market by the Fei Protocol could increase the circulating supply when borrowed. The interest accrued and eventual withdrawal of that FEI will ultimately have a net deflationary effect in the long term.

Final thoughts on FEI stability

Fei has seen immense volatility since genesis. This has seen vast improvements, with active governance from community members on improvement proposals to solve any remaining peg instability issues. Currently, the peg is very slightly under-peg (nothing alarming)

FEI / USD Chainlink Feed.

---

TRIBE Governance and price stability

Useful links:

1. CoinGecko: TRIBE

The Fei protocol introduces the concept of protocol equity, which is the amount of PCV that would remain if all user-circulating FEI were redeemed for PCV collateral. This comes from the PCV yield and appreciation of PCV with

1. partial allocated towards TRIBE buybacks to help align the incentives of TRIBE holders with the rest of the FEI ecosystem, and

2. the remainder serving as a buffer to absorb volatility and earn yield.

TRIBE holders are incentivised to maximise protocol equity, which maximises TRIBE buybacks (buying pressure on TRIBE). The market-bought TRIBE is allocated towards the following in governance-controlled ratios:

• Burning

• DAO Treasury

• Staking rewards

If the PCV dips below the target reserve ratio, TRIBE is minted in exchange for FEI to defend FEI’s peg (should any FEI holders want to redeem); this is called a TRIBE backstop. As users redeem, the circulating FEI lowers to restore the target level for the reserve ratio. 

By combining buybacks and backstop mechanics, the TRIBE token becomes incentive-aligned to steward the PCV optimally and defend the protocol against tail risks. And by limiting the minting to as much TRIBE as FEI holders want to redeem, the protocol helps mitigate runaway inflation.

Fei Core Team multi-sig

The multisig Gnosis Safe address can be found here.

The Fei protocol access control system is limited to 5 roles: Minter, Burner (Revoked), PCVController, Governor, and Guardian. The Fei Guardian is the single address for the Guardian role at Genesis. This is currently held by the core team in a multi-sig, to renounce the role or transition to a community-held multi-sig eventually. There is also a unique role Tribe Minter which can only be held by a single contract and can mint TRIBE. It is currently secured by a Timelock (managed by Fei DAO/GovernorAlpha) and will be transitioned to the TribeReserveStabilizer.

---

FEI as an asset on curve pools

FEI has deployed two factory pools on Curve.

• FEI / 3CRV factory pool 11

• D3 Pool (FRAX / FEI / alUSD) factory pool 57

FEI DEX Liquidity, Total FEI Locked

Curve FEI / 3CRV Volumes

The current FEI / 3CRC pool has no CRV emission but brings consistent fees and volume for veCRV holders and liquidity providers.

The FRAX / FEI / alUSD pool has CRV emission but could be better utilised and generate more fees.

Emissions & Revenues - d3pool

---

Security audits

Fei v2 Phase 1 has been fully audited by reputable auditors. Besides two solid audits, an Immunefi bug bounty program is also active with a 1.1 million USD bounty. This section discusses parts of the audit reports that might constitute risk factors.

OpenZeppelin

Audit Report of proposed incremental protocol updates performed in July 2021.

• Latest OpenZeppelin audit report of proposed incremental protocol updates performed in July 2021 https://blog.openzeppelin.com/fei-audit-2/

• Previous audit reports:

  • OpenZeppelin audit report in February 2021 https://blog.openzeppelin.com/fei-protocol-audit/

ConsenSys Diligence

TribalChief staking contract upgrade audit report performed in July 2021.

• Consensys Diligence report presents the results of its engagement with Fei Protocol to review Fei v2 Phase 1, conducted over two weeks, from September 13–24, 2021. A total of 30 person-days were spent.

  https://consensys.net/diligence/audits/2021/09/fei-protocol-v2-phase-1/

[H02] Introduction of additional BondingCurves creates a period of volatility

In the OpenZeppelin audit, we can see a concern regarding the BondingCurve contract that enables the use of generic bonding curves for any ERC20 token and the ETH bonding curve already being used in the protocol. The BondingCurve mints new FEI tokens in exchange for a specified ERC20 token at a discounted price until a scale number of FEI have been minted. Once the curve is at scale, the price will increase and maintain a buffer price.

The Fei team have stated that they intend for scale to be 1m-100m, and the discount to be 0-5%. Assuming the most extreme of these parameters, 100M FEI will be available to purchase for $95M of the token. This large incentivisation will likely lead to bots rapidly buying discounted FEI and immediately selling it for a profit on various exchanges. This means that every time a new BondingCurve is launched, the price of FEI will drop across the market, causing volatility in the FEI price.

OpenZeppelin Recommends:

Consider removing the offering of discounted FEI for new tokens, to remove the added volatility of the price of FEI. Alternatively, consider significantly reducing the parameters of 100M and 5% so that the effect of launching a new BondingCurve contract will not be so large.

Update: Not fixed. The Fei Protocol team states:

This is expected behavior. The parameters used will be conservative and account for risks of volatility in FEI.

Inconsistent use of oracles

OpenZeppelin and Consensys point to oracle issues that do not seem to be fully fixed.

• [H03] Inconsistent use of oracles

• 4.2 CollateralizationOracle - Fei in excluded deposits contributes to userCirculatingFei Major

Throughout the protocol, oracles are relied upon to keep FEI stable, calculate payouts to users, and judge whether actions are eligible to be carried out. In addition to the vulnerabilities caused by oracles described in C01, and H01, we found the use of oracles throughout the code to be inconsistent and confusing.

OpenZeppelin Recommends:

Consider updating the codebase to remove the above inconsistencies and vulnerabilities, and updating all comments and documentation to reflect the intended use of all functions and booleans.

Update:

Partially fixed in PR#69. The implementations of updating and inverting oracle prices have been fixed in this PR. The PR additionally makes the use of isOutdated consistent throughout the codebase – the function is now not used at all. However, given that the purpose of isOutdated is to flag whether an oracle price is stale, reading oracle prices without first calling isOutdated could lead to incorrect prices being used throughout the protocol to determine critical conditions.

---

Fei Protocol Conclusion

The Fei team/community has been helpful, open, and responsive to any questions, and we want to thank them. The Fei team seems solid, knows what they are doing, and pioneers the DeFi ecosystem. Being a pioneer never comes without risks: we have seen that V1 or (V0) has been a struggle, but there was a quick and solid fix due to improvements. The protocol has only been further strengthened with the release of Fei V2.

The transition towards Fei V2 Phase 1 has been fully audited, with a staged rollout of v2. The core team controls the guardian multi-sig that can revoke or pause functionality, with the additional ability to force a reweight. A concern is that the v2 risk curve implementation is unclear: more information will be made available when all phases have been launched.

The price stability of FEI is not optimal: it would be good to get more Curve liquidity that will reduce price volatility. The Fei v2 Phase 1 audits show a few signs of inconsistent oracles and bonding curves, which may incur additional risk. This project remains in its experimental phase.

---

Does the asset meet minimum requirements?

1. Is it possible for a single entity to rug its users?

   1. No, this is not possible since the guardian multi-sig is still under core team control. There is the intention of eventually renouncing the role or transitioning to a community-held multi-sig.

2. If the team vanishes, can the project continue?

   1. Yes, if v2 is fully implemented. At this stage, in the middle of a V2 full rollout, this could damage progress. Once v2 is fully implemented, a complete transition to the community is possible.

3. Do audits reveal any concerning signs?

   1. No, there are no critical unfixed issues; however, some medium and significant risks are to be addressed soon.

Recommendation: FEI-3CRV should get a gauge.