Vault liquidations for lending protocols like Compound and Aave can often be chaotic processes. MEV exploits see a rush of front-running and gas wars, as bots compete to harvest profit. Soda Labs’ garbled circuits offer a way to avoid much of this harmful activity, resulting in more orderly liquidations and better prices for vault holders and protocol users.
Trustless lending is one of DeFi’s most important use cases. Protocols like Aave and Compound were some of the first decentralized applications to be built on Ethereum. Today, these “OG” dApps hold around $73 billion in TVL: approximately half of all TVL.
Lending platforms enable users to deposit one token as collateral, and borrow another against it. Users pay fees for borrowing, and earn fees for supplying assets for borrowing to the protocol, with rates being set by the market.
Maintaining Protocol Health
For example, a user may deposit ETH and borrow USDC. There will be a specific collateral ratio or loan-to-value ratio for each asset, which is determined by the asset’s liquidity and volatility. An LTV of 80% means that for every $100 in collateral, the user can borrow $80.
If the price of ETH falls below a certain threshold, the dApp allows anyone to liquidate that vault to prevent the protocol incurring bad debt. The liquidation threshold is generally set slightly above the maximum LTV.
The protocol aims to ensure all vaults are over-collateralized, to protect against losses in extreme market volatility. In other words, vaults are typically liquidated well before they become undercollateralized. The user that triggers the liquidation pays back part or all of the borrowed tokens using their own funds (sometimes using a flash loan), and is allowed to seize a matching portion of the collateral, plus an additional percentage as a bonus, to incentivize users to help maintain healthy protocol debt ratios. The collateral is generally sold to recover the funds paid to the protocol. Any remaining collateral is returned to the vault holder.
For instance, if a user has deposited 1 ETH and borrowed $3,600 with a liquidation threshold of 90%, then if the price of ETH falls below $4,000, their vault will be eligible for liquidation.
In practice, vault liquidations are carried out by automated bots. Blockchain transparency ensures prompt liquidation when necessary – but it also creates opportunities for exploits.
MEV Exploits On Vaults
Vault liquidations, particularly for large vaults, attract a good deal of attention due to the liquidation rewards and other opportunities for profit.
Thanks to the transparency of the blockchain, collateral ratios for all vaults are visible in real time. MEV hunters can use this to their advantage in various ways:
- Front-running each other, paying more and more gas to try to ensure their transaction is confirmed first and they collect the rewards.
- Sandwich attacks, placing buy/sell orders either side of a large liquidation trade.
- Market manipulation. In some cases, well-capitalized entities can force liquidations by selling assets to push the market down below the threshold (or attacking oracles more directly), then profiting from the liquidation fee and/or further market volatility.
This results in higher slippage and worse liquidation prices, as well as blocks being filled with unnecessary transactions and increased gas prices. Liquidators get a worse deal, the vault owner receives less of their collateral back, and regular users pay more for ordinary transactions.
We can use garbled circuits to avoid these problems.
A GC-Based Solution
GCs excel at targeted applications, where we need to know specific pieces of information but no more.
In this instance, we can create a system whereby DeFi vaults are encrypted, and their contents and collateral ratios are unknown, but anyone can query the protocol to learn whether a vault is undercollateralized.
A bot or other entity uses a garbled circuit to check with the protocol smart contract whether a vault’s current collateral ratio is lower than the liquidation threshold. The result is simply “Yes” or “No”, not the actual ratio.
This means that no one can tell whether a given vault is close to the liquidation threshold, and neither can they tell how profitable it will be to liquidate it (since the size of the vault is unknown).
If the GC outputs “Yes”, anyone can submit the liquidation transaction. The liquidation amount is revealed only at execution.
This stops attackers from pre-emptively targeting a vault with front-running or sandwich attacks, and it stops them profiling vaults to carry out attacks by manipulating markets or oracles.
It is not a perfect solution, and does not eliminate all MEV attacks. Vault liquidations still need to be executed, so gas bidding wars may still occur. Block builders and proposers can also profit, if they know the details of the transaction. Nonetheless, this approach still prevents certain types of the most toxic MEV.
Robust MEV Resistance
The scenario above highlights how confidential transactions are a great starting point for preventing the worst types of MEV exploit, but how we need further measures to combat all forms of MEV
For example, platforms with private mempools (such as Base and Solana) have attracted a huge number of complex MEV transactions as a result of this protection, as Flashbots notes. “Providing essential defense against frontrunning, this also blinds searchers to user orderflow. Unable to see and react to transactions before they are included in a block, searchers are forced to blindly probe for opportunities by leveraging the expressive transactions above to do their MEV searching onchain.” The outcome is that almost all available block space is filled with speculative MEV spam, creating a persistent and artificially high baseline for gas fees.
In order to avoid broader exploits beyond front-running and sandwich attacks in the solution we propose above, further measures would need to be included – for example, sealed-bid batch auctions, in which encrypted bids are submitted via another GC, and only revealed once the auction closes. This adds complexity, but allows liquidations to occur on the best possible terms for the protocol and its users, while MEV is minimized.
Garbled circuits offer a powerful building block for building private, fair Web3 ecosystems, with applications for vault liquidations, as well as DEX trading, prediction markets, decentralized compliant privacy, confidential stablecoins, and more.
Follow Us
To find out more about Soda Labs’ work on garbled circuits, explore our documentation, join the gcEVM Vanguards Telegram group, or stay up to date with the latest developments by following the project on X.