Magnify #13 — Curve Wars: Under “Emergency” Regulation? 🤔

Magnify #13 — Curve Wars: Under “Emergency” Regulation? 🤔

Imagine a fair world where no one loses. Everyone wins. And how do they win? By simply becoming better.

That is the aim of Curve Wars — the higher yields you offer, the more liquidity you attract. It is a non-zero-sum game where there are only winners. But in an instance like this, who gets to attract the most liquidity? Who gets to dominate the Curve Wars? And to what extent can the protocol influence the capping of these wins?

That is the core question around the Mochi-Curve issue last week. In this Magnify, I will explore what the issue was, what it meant for the two protocols individually and why the invoking of the EmergencyDAO does not seem like decentralization but a step that needed to be taken nevertheless.

Let’s dive in.

What Actually Happened

November 10th. A project that drew inspiration from the popular meme coins like DOGE and SHIB enters the Curve Finance protocol. They execute multiple transactions using Convex Finance (a DeFi protocol built on top of Curve that offers additional yield to Curve stakers and LPs). The result? They received a handsome lot of CRV (Curve Finance’s governance token) rewards in the USDM/3CRV pool. The turn of events from here looked like this:

  1. Thanks to the CRV rewards, the protocol attracted just over $170M in liquidity.
  2. They then maximized CRV rewards because that would give them more voting power (more CRV = more voting power).
  3. The Mochi team decided to swap $46M in USDM (their own stablecoin) for DAI in the USDM/3CRV pool.
  4. That DAI was then swapped with ETH.
  5. They, then, used that ETH to purchase CVX (Convex Finance’s governance token) and locked it.

Thus, they had more power to vote on additional CRV rewards for the Mochi pool, which further increased the liquidity, which then led to swap more USDM for DAI and then for ETH, and eventually vote on more CRV rewards for the Mochi pool. They were successful in creating this infinite loop when someone at Curve Finance noticed something.

A quick research revealed that over 1M in CVX token was locked. The EmergencyDAO, which is the “decentralized” name for a team of nine members with powers over CRV reward commissions, was involved and they quickly decided to cut off Mochi’s rewards. To them, it was a blatant “governance attack”. This was the first time in history of DAOs that the power of governance from a token holder was invoked to kill the gauge for Mochi.

Now, before bellowing whether Mochi was wrong or Curve was right or we were just saved from an attack we didn’t see coming, I would like to explore the respective arguments of each sides.

In favour of Mochi

The definition of an “attack” can vary but for the most part, it seemed that what Mochi did was use the underlying mechanism of Curve Finance and exploit it to its own benefits. In DeFi, that is truly the case and most protocols and users have the option to juice out maximum profits from whichever protocol they participate in. The Mochi team has pointed out the almost behemoth-like resilience towards a “small protocol on the outskirts” relying on a rather “bold” move to gain voting power in a protocol that is otherwise dominated by Curve and Convex.

In favour of Curve Finance

Curve Finance pointed out several issues with Mochi before the EmergencyDAO was invoked. One of them was that 99% of MOCHI’s token supply is owned by the team. Furthermore, Mochi had several “security flaws” that were pointed out by some renowned developers on Twitter as well.

Some of the issues that were pointed out include:

  • The protocol minted an incredible amount of tokens to themselves because there was no minting cap or even tokenomics
  • Deposit those tokens onto the MOCHI which has a custom price oracle set by the Mochi team (meaning the Mochi team could mint as many tokens as they wanted if there was enough liquidity to trade it for stables that aren’t backed by air) and 90% LTV and mint $46m USDM

One of the most startling issue was the price oracle that was set up for $mochi, which was just a number being controlled by a hot wallet. The wallet was a 1-of-3 multisig with no timelock. And it held almost 99.5% of all MOCHI. Instant rug pull for the team would have been incredibly easy.

In favour of Decentralization

The Curve Wars is a game. A game between protocols to increase TVL by offering attractive yields to their users. The only way they can do that is by boosting their yield and controlling the Curve governance votes, thus enabling them to attract more TVL. It is a non-zero-sum game with winners occupying a spectrum from small to big.

At its heart, thus, Curve Wars are based on how the protocol performs subject to the given conditions. If a protocol emerges and exploits these rules to squeeze out the maximum TVL and thus attract more liquidity, why should it not be allowed to run? At the end, the users of that protocol are benefiting from that, right?

The argument about Mochi’s team rugging its users is acceptable, but that is beyond the scope of what the EmergencyDAO covers. Why should it worry about the protocol’s tokenomics and smart contracts when it already exists on the platform? Why was that not checked (if it had to be checked in the first place) before?

But, there’s a different side to this as well, which takes root in the definition of what a DAO actually is. Does it mean that all governance token holders have the power to exercise their authority for deciding everything for the protocol? To specifically look at things in this instance, what would the protocol founders be experiencing watching their protocol burn right in front of their eyes?

They cannot be expected to just sit idle and let things happen as they are just because it’s a DAO. Remember the DAO hack from 2016? Ethereum rolled back to set a bad precedence. But that was a crucial step otherwise the network would not have grown so much.

Taking into consideration all the conversations around DeFi and decentralization, I think that at the losing end of all this are users. True, we want to create an ecosystem where users and protocols have the right to build and use however they want. But, in instances like this we do need someone to put their foot down and make the tough decision — or end up compromising an entire protocol and eventually millions of users.

These were some of my thoughts. If you have some ideas, do share with me on Twitter @mohakagr

I cover one interesting topic each week in my newsletter, Magnify. Click here to subscribe.