Having read this SIP and had some time to think about points of vulnerability in the architecture. I thought I would share some of my concerns here to spur maybe some debate before this part of the project goes live:
- Regarding the front-running, we well know the protection against the exploit of having a somewhat delayed oracle was to align the fees with the threshold of price pushes for synths. However, with leverage, the spread between the true price and that provided by the oracle is amplified, so as to make it profitable even if fees were 1% and daily funding rates were 10%. I understand the concept of a “privileged” relayer of transactions plays the role of waiting period, but unless that waiting period is until the next price push, maybe that exploit is ominously present.
- Regarding the liquidation mechanism, I am not certain of what was the thinking behind the following: in order to liquidate a contract it will be sufficient to prove only that there was a price in that history that exhausted its remaining margin. However, I feel that if players’ margin’s goes to zero and recovers, then they have an incentive to exit before being liquidated and therefore rendering liquidation based on historical price data irrelevant. Maybe the thinking was that grouping of several accounts for liquidation into a single push would decrease the incentive that needs to be paid to keeper per account. But this will maybe be to the determent of the debt pool.
- Finally on the design of a margin that gets depleted, since crypto prices vary in bursts and often violate continuity, not having a maintenance margin might open up the debt pool to the risk of players opening a long futures position on binance and short equivalent position on synthetix. If the price goes up erratically the participant will potentially gain more on binance then he might lose on synthetix due to this asymmetry in liquidation. If prices were to shoot down, the loss on binance and gain on synthetix offset. So net the participant might be positive ev over many contracts by exploiting this asymmetry on the back of the debt pool. Do want to point out that funding costs might not offset one another which would make this not a profitable play, but wanted to mention the design risk of not having a maintenance margin kind of structure that absorbs tail risk.