Asset Risk Assessment - FRAX Finance
Asset Risk Assessment - FRAX Finance
A risk assessment on FRAX for Curve veCRV holders
Useful links
FRAX
Website: https://app.frax.finance
Telegram: https://t.me/fraxfinance
Telegram (announcements / news): https://t.me/fraxfinancenews
Twitter: https://twitter.com/fraxfinance
Medium/Blog: https://fraxfinancecommunity.medium.com/
Governance (discussion): https://gov.frax.finance/
Governance (voting): https://snapshot.org/#/frax.eth
Documentation: https://docs.frax.finance/
Abstract
FRAX is a core protocol in the Curve ecosystem; it has multiple pools listed on Curve and is going to list more in the future. This risk assessment will inform veCRV holders about FRAX and the potential risks/benefits.
FRAX as an asset
Frax is a fractional-algorithmic stablecoin; this means it is a partially-collateralized stablecoin protocol. It implements a two-token economic model and is the first to implement a fractional-algorithmic stability mechanism:
FRAX – price-stable token with an elastic supply that algorithmically adjusts based on market demand (All chains). FRAX is currently pegged to USD but aspires to become the first decentralized, permissionless native unit of account that holds the standard of living stable.
FXS – volatile governance token that accrues the value generated by the protocol and partially collateralizes FRAX. It has an unlimited aggregate supply and is primarily used for protocol administration (All chains).
Frax strives to be Decentralized & Governance-minimized; it wants to be fully community governed and highly autonomous, algorithmic with no active management.
Frax uses Uniswap (ETH, USDT, USDC time-weighted average prices) and Chainlink (USD price) oracles: https://docs.frax.finance/smart-contracts/oracle
Frax's end vision is to build the first crypto native version of the CPI called the Frax Price Index (FPI) governed by FXS holders (and other protocol tokens).
FRAX price stability
FRAX should always be redeemable for $1 worth of value. The part that varies, though, is what assets you receive during a redemption that sum up to $1 of value. Let’s walk through this with some data so we get a better understanding of the FRAX protocol design. Currently, FRAX has been stable with the lower 1:1 backing the price interestingly less volatile so far.
The FRAX outstanding supply can be found on their main dashboard. There is no 1:1 backing by USDC: this was only at the start of the project to kickstart its stability. FRAX has a partial collateral ratio (CR) at genesis, which changes hourly according to the value of FRAX (Above $1 expand below $1 retrace) with a step of 0.25%. The CR of the asset that is backing FRAX at $1 is set by market starting at 100% backing by USDC. Overtime the CR decreases and the algorithmic backing increases the current CR ratio is 84% collateralized and 16% algorithmic.
To get a full understanding let’s take a step back and discuss the most basic underpinnings of any algorithmic stablecoin – how it expands and contracts supply.
FRAX Supply Expansion happens when FRAX > $1, traders will mint more FRAX by supplying $1 of collateral to the protocol and then sell on spot at a higher price. The spot selling drives FRAX price back to its $1 peg. For example, if a trader can mint an asset for $1 and then immediately sell it on the open market for $1.05, that’s a risk-free arbitrage. Using the current collateralization ratio of 84% in our example, minting 1 new FRAX would require the user to deposit $0.84 USDC and $0.16 worth of FXS into the protocol. While the 0.84 USDC is added to the collateral vault, the $0.16 of FXS is burned.
FRAX Supply Contraction happens when FRAX < $1, traders will buy spot and redeem FRAX for $1 of collateral value. When price falls below its peg, it can be interpreted as supply overshadowing demand. Similarly, if a trader can redeem an asset for $1 that’s selling on the open market for $0.95, that’s a risk-free arbitrage. This time, rather than minting more FRAX, the user ends up burning FRAX through the redemption process. The trader would buy 1 FRAX at $0.95 and redeem it for $0.84 USDC from the collateral vault and $0.16 of newly minted FXS, receiving a combined $1 in total value.
The total value of the FRAX minted must be equal to the total value of the collateral at the CR and the value of the FXS (which will be burned). When FRAX is redeemed, users will receive back the collateral and the amount of FXS at equal value (this FXS is minted). FXS share in the Frax protocol has unlimited aggregate supply, FRAX offloads its volatility to the FXS token. The graph below shows us that there is a healthy amount of FXS to back up the FRAX market cap.
The number of unique addresses that hold the FRAX tokens seems to be in a healthy uptrend. There is no concentration of whales that can cause shocks in the price stability. It is also worth noting that staked FRAX does not show in this graph so the unique address count might be higher. The volume and price stability seem to be healthy, constant, and stable.
Looking at FXS we can see a majority of FXS holders is holding for a long time however the unique address distribution seems in a healthy uptrend. The trading volume seems a bit on the low side, this can increase once AMOs yield will go up plus the demand for FXS will increase.
PID Controller The system uses a PID Controller to control the CR according to the change in the growth ratio. The growth ratio measures FXS liquidity against overall FRAX supply. A higher growth ratio redeems more FRAX with less overall percentage change in the FXS supply. If redeemers sell the FXS minted from redeemed FRAX, a higher growth ratio would imply less price slippage on FXS and thus less likelihood of any undesirable negative feedback loops.
AMOs - Algorithmic Market Operations
In Frax v1, there was only a single Algorithmic Market Operations controller: this is the simplest implementation. An AMO module is an autonomous contract (or suite of contracts) that enacts arbitrary monetary policy.
But these arbitrary monetary policies cannot change the FRAX’s price.
This means that AMO controllers can perform operations algorithmically but cannot arbitrarily mint FRAX and break the peg. In v2 there are multiple AMOs which allows the protocol to do anything with new FRAX and collateral if the market doesn't respond by pricing FRAX at $.99. If the market responds with $.99 FRAX, these AMOs stop and unwind to increase the CR. Frax v2 expands this mechanism
and introduces three different kinds of AMOs: Lending, Investor, Liquidity and Curve see a full overview here: https://app.frax.finance/amos more AMOs can be added by community vote.
Each AMO can be thought of as a central bank money lego. Every AMO has 4 properties, described in the following.
Decollateralize - the portion of the strategy which lowers the CR.
Market operations - the portion of the strategy that is run in equilibrium and doesn't change the CR.
Recollateralize - the portion of the strategy which increases the CR.
FXS1559 - a formalized accounting of the balance sheet of the AMO which defines exactly how much FXS can be burned with profits above the target CR.
Decollateralization allows for expansion of the money supply and excess collateral to flow burning FXS. Recollateralization mints FXS to increase the collateral ratio and lower liabilities (redemptions of FRAX). All AMOs have predefined recollateralize operations which increase the CR. The AMOs have different caps and ceilings like how Maker DAO has debt ceilings per different kinds of collateral.
There is one modifier contract controlled by a multisig of 4-6 by the core team as well as controlled by on-chain governance which is a fork of Compound’s governorAlpha. There is no EOA control of any part of the AMOs in any way. There is no possibility for 1 external actor or party to rug users of their funds or steal collateral in any way.
Investor AMO: 0xEE5825d5185a1D512706f9068E69146A54B6e076
Curve AMO: 0xbd061885260F176e05699fED9C5a4604fc7F2BDC
Lending AMO: 0x9507189f5B6D820cd93d970d67893006968825ef
Liquidity AMO: 0x3814307b86b54b1d8e7B2Ac34662De9125F8f4E6
FXS1559 binds FXS value capture on the AMO level: this is similar to how veCRV holders earn Curve fee revenue, except FRAX earns revenue on expanding its supply in different places like lending platforms and AMMs. This revenue is then used to buy back FXS from the FRAX-FXS Uniswap pair, burn some of that bought back FXS and send the remaining FXS to the veFXS yield distributor contract so that stakers can earn yield. veFXS stakers earn a yield on their staked FXS based on protocol profits.
The Frax Protocol has expressed interest in conducting its FXS buybacks and burns through a FRAX-FXS Curve v2 pool in the future rather than Uniswap to move this volume over to Curve.
FRAX Bridge to Ethereum
The Frax Protocol is multichain with a global state consistent across all deployments. FRAX+FXS tokens are a single distribution across all networks. There is no independent Frax implementation for each chain. The protocol treats each individual bridged FRAX/FXS as a unique liability of that bridge system and names FRAX/FXS moved from other chains with the identifier of that bridge. For example, AnySwap bridged FRAX is referred to as anyFRAX and FRAX bridged with the Wormhole bridge is called wormFRAX.
Swaps can be done any time at https://app.frax.finance/crosschain or interact directly with the native token's smart contract on any chain. The swapping mechanism is built into the native ERC20 FRAX/FXS tokens on every chain (except Ethereum L1).
FRAX as an asset on curve pools
The current Curve pool utilization for FRAX is on the lower side. FRAX wants to increase volume by having more lending/borrowing options for the market and their lending AMOs. Frax’s mechanism might be harder to understand for masses, making adoption curve steep. However, with the recent cvxFXS integration, Convex will make it easier for people to participate in the FRAX protocol. Frax Finance has also expressed interest in launching multiple CurveV2 pools and running the FXS buybacks+burns through a FRAX-FXS Curve v2 pool.
ETH
Arbitrum
Avalance
Fantom
Polygon
Sam Kazemian offered his insights on differences in MIM volume versus FRAX on Curve pools:
MIM offers leverage as the predominant feature of their protocol so when someone borrows MIM they have to immediately sell it into the Curve pool for USDC/UST/whatever to buy more of the asset they want to leverage. So, when MIM is generated it is almost 99% of the time immediately sold into the Curve pools. Then on top of that, MIM allows leverage looping up to 10x for certain collateral so that loop mints, sells, mints, sells, mints, sells the MIM 10 times into the Curve pool to lever up. Contrast this with FRAX that is a better - savings+holding stablecoin - than a leverage stablecoin and you get less velocity of FRAX through Curve but more savers/stakers/farmers/holders/DAO treasuries. For example, over $100m+ of FRAX is held by Temple DAO in treasury/savings, 8 figures are held by Olympus, and many external projects across 4-5 chains hold FRAX as a savings/reserve stablecoin. Contrast this with MIM which is not used in as many treasuries other than their own internal projects like Wonderland. Each stablecoin has different strengths, just different styles. Not better or worse. MIM excels as a leverage stablecoin like LUSD. FRAX excels as a savings/staking stablecoin, unlike MIM. But we are working on dramatically increasing FRAX’s volume+velocity through new lending AMOs and features.
FRAX is loyal to Curve and would love to increase pools and volume/fees. But as for now, we can see that pool emission has been outweighing the fees collected. This data would suggest FRAX is "gauge hacking" they are able to profit because the bribe market isn’t efficient yet. They are selling CRV emissions for CVX this should be clear to all voters, with the sidenote that FRAX can be a good long-term partner and has future potential to bring in more volume/fees and different pools.
Security audits
There seem to be solid in-house technical workflow, understanding, and unit tests. Trail of Bits (very reputable auditor) is currently doing bi-annual audits to harden the security of Frax. So far Trail of Bits and Certik (not reputable) have been the first auditors:
Trail of Bits
Certik
The FRAX protocol has many components and integrations with other protocols such as Aragon, Yearn, and Curve. The protocol is exposed to increased risk due to a large attack surface Trail of Bits in their analysis recommends FRAX to reduce the project scope:
Frax Finance should consider reducing the scope of the project and its integrations with other protocols, including by removing non-essential contracts and protocol integrations that increase the attack surface.
Due to the complexity of the system would recommend reading the Trail of Bits report I will now focus on Curve AMO-related findings.
Finding 19.
Curve AMO assumes the collateral ratio to be constant When calculating the amount of collateral available to the AMO, the CurveAMO_V3 contract assumes that the collateral ratio will not change. This is evident in the mintRedeemPart1 function, which is used to retrieve the global collateral ratio of the stablecoin protocol: FRAX.global_collateral_ratio();
Exploit Scenario Alice, a Frax Finance administrator, calls mintRedeemPart1 to transfer USDC from the FraxPool to the CurveAMO_V3 contract. However, the global collateral ratio simultaneously decreases, so the contract receives less collateral than expected.
Recommendations Short term, analyze the effects of a change in the global collateral ratio on the expected value of the collateral. Long term, analyze the implications of transaction atomicity for all blockchains in which this code will be deployed.
Resolution from FRAX’s side: Not fixed.
Frax Finance stated the following: Will document when we move to be more decentralized / have an algorithm here.
Finding 21.
Risks related to CurveDAO architecture CurveAMO_V3 relies heavily on Curve Pools to tighten the stable FRAX peg. Frax Finance should be mindful of the following considerations:
If the kick function in LiquidityGauge is not monitored, users who abuse the system will not be penalized. (See TOB-CURVE-DAO-001)
It will be necessary to ensure that rewards are distributed to users fairly.
The differences between calls to balanceOfAt and totalSupplyAt should be documented. (See TOB-CURVE-DAO-016)
Exploit Scenario Governance wants to deploy a new pool for a collateral token with 20 decimals. The deployment fails, making it impossible to use that type of collateral. Recommendations Short term, ensure that FraxPool can handle tokens with more than 18 decimals. Long term, review the Token Integration Checklist and implement its recommendations on integrations with arbitrary tokens.
Resolution from FRAX’s side: Not fixed.
Frax Finance stated the following: We cannot control this, and it is a known risk.
Trail Of Bits also highlighted the risks associated with configuring CurveAMO_V3 as publicly callable.
FRAX Multisig There is one modifier contract controlled right now by a multisig of 4-6 by the core team as well as controlled by on-chain governance which is a fork of Compound’s governorAlpha. They are planning to remove this multisig in 3-6 months so that it is purely governance on-chain. Most critically, there is NO EOA control of any part of the AMOs in any way. There is no possibility for 1 external actor or party to rug users of their funds or steal collateral.
FRAX Conclusion
Frax is a well-designed bleeding-edge DeFi protocol and is a pioneer in fractional-algorithmic stablecoin design. The FRAX team/community is capable to keep innovating, is loyal to Curve DAO, and wants to increase FRAX volume by having more lending/borrowing options for the market and their lending AMOs. The Frax Protocol also expressed interest in launching multiple CurveV2 pools and running the FXS buybacks+burns through a FRAX-FXS Curve v2 pool.
A risk seen with the Fax protocol is that it includes many components and integrations with other protocols such as Aragon, Yearn, and Curve. It has a large attack surface, which exposes the system to increased risk. Trail of Bits in their analysis recommends FRAX to reduce the project’s scope. The new AMOs model is great but there are cascading risk effects, it is hard to control and segregate the risk in case of a black swan event in one of the assets used in multiple AMOs. FRAX has not seen any black swan scenario as for example with maker DAO during black Thursday (Maker DAO black swan scenario). There could be a scenario where the PID Controller might not rebalance fast enough; this can result in a wrong growth ratio and unforeseen price slippage in FXS, leading to undesirable negative feedback loops.
FRAX is currently pegged to USD but aspires to become the first decentralized, permissionless native unit of account that holds the standard of living stable. It is unclear when this will happen but when it starts to float off peg by design it is important to adjust the parameters of the pools where FRAX is used.
Does the asset meet minimum requirements?
Is it possible for a single entity to rug its users?
NO - There is NO EOA control of any part of the AMOs in any way. There is no possibility for 1 external actor or party to rug users of their funds or steal collateral.
The AMOs are innovative mechanisms however due to their integration
with other projects can cause a rug not caused by the FRAX team themself.
The PID Controller might not rebalance fast enough and that can lead to users losing funds.
If the team vanishes, can the project continue?
Yes - There is a vibrant and active community that could take over parts of the project however due to its complexity there should be knowledge transfer from core people to the new maintainers.
They are planning to fully decentralize the project and remove the multisig but there is no clear timeline/roadmap to do so.
The core team has been super helpful with providing information and education this shows they are interested in developing the project long-term.
Do audits reveal any concerning signs?
Yes - Curve AMO assumes the collateral ratio to be constant this could make the protocol less collateral than expected. This will be fixed when the move to be fully decentralized is completed.
The protocol is exposed to increased risk due to a large attack surface Trail of Bits in their analysis recommends FRAX to reduce the scope of the project.
Our recommendation is as follows: The FRAX asset meets the requirements for receiving CRV emissions.