ThirdGuard’s Risk in Context series unpacks the hidden risks embedded in today's diverse array of DeFi products, arming you to safeguard your yields through becoming aware of the risks the casual DeFi user implicitly assumes.
We’ll be starting with Coinshift’s csUSDL, although marketed more as a yield bearing stablecoin, at its core, csUSDL is a standard Morpho vault contract, hence why it is visible on Morpho’s UI as ‘Coinshift USDL’. Given Morpho is a TVL + time tested, well audited protocol. The real risk around csUSDL centres on its lend/borrow market configurations. Today, we will examine one of the most significant configuration-driven risk factors: oracle risk.
Although the oracle addresses are available on Morpho’s UI for each unique market, how does the price feed calculation work?
On the generalised oracle contract, the price() function returns the price of one unit of a “base” asset in terms of a “quote” asset, using a combination of vault conversions and external price feeds for both assets. Here’s how it works for the PAXG/wUSDL market.
First we open up the oracle on Etherscan to collect information on all the feeds that make up the price.
Things we immediately notice some assumptions:
-
The XAU / USD feed is used as a proxy for the price of PAXG. This assumes the PAXG / XAU price will always remain at one.
-
The wUSDL / USDL feed has no additional quote feed to overlay the price of USDL / USD which implies the price of USDL will always remain one USD.
While this practice is not perfect, its also not uncommon on Morpho. The XAU / USD oracle is robust in that there are many pricing sources available for gold and the market for it is extremely deep, making it prohibitively large to manipulate. As an alternative one could have used the price of PAXG on Binance (±$20M daily volume) and similar exchanges, as well as the Uniswap v2 pool (±$5M TVL) but this would be more prone to manipulation compared to XAU / USD.
The assumption of USDL always being equal to the USD is one that is vulnerable to tail risk. Yes Paxos is a reputable institution regulated by the NYDFS with 3rd party reserve attestations, but the USDC depeg of 2023 is a stark reminder that even 1 USDC was not worth 1 USD in times of stress. That said the alternative of using a price feed for USDL / USD is also challenging given the low liquidity for the young stablecoin.
Here are the other assumptions built into csUSDL’s underlying Morpho markets, sourced using the same logic as above. Before allocation to csUSDL, one should test each one individually in context for its safety.
Assumptions aside, oracle risk should also not be assessed in a vacuum but conjunction with a market’s LLTV, as it gives us an idea of the safety buffer built into each lending market and to what degree the market could tolerate a collateral asset depeg without insolvencies.
Using the csUSDC/USDL market as an example, with an LLTV of 96.5%, it would have not held up without insolvency in the largest historical USDC depeg. Liquidators can only liquidate based off of what the oracle reports, not off of true market pricing which any market participant could use to abuse market/oracle pricing mismatch via buying the de-pegged asset on the cheap, borrowing more than its worth from the relevant Morpho market.
To conclude, no yield onchain is risk-free. As a practical consideration we do see curators build in pricing assumptions from time to time that carry tail risks. DeFi users demand a diverse collateral base to borrow against, and if not sufficiently liquid curators embed pricing assumptions to satisfy that demand. At ThirdGuard we don’t comment on which markets should exist, or shouldn’t, but rather advocate for users to be fully aware of all embedded assumptions, as to assume any risk, a lender should earn an appropriate risk premium for it.