Ensure the security of your smart contracts

BendDAO Protocol Overview

Author: Pavel Morozov
Security researcher at MixBytes
In this article, we will describe BendDAO, an NFT lending protocol that allows users to obtain instant liquidity on their blue-chip NFTs. The article comprises three sections: an overview of the main protocol features, technical details of the most important modules, and possible security risks introduced by this new concept.
Protocol description
BendDAO is an NFT liquidity protocol that enables users to use their NFTs as collateral to obtain loans in ETH against their value and make down payments while purchasing different NFTs.
Main features
1. Collateral Listing
NFT owners can bring their blue-chip NFTs to the protocol and receive up to 60% of their ETH floor price as instant liquidity. This feature provides sellers with immediate access to liquidity. The NFT is brought as collateral, and debt is created against its value. In the future, the buyer can close the debt and receive the underlying NFT.
2. NFT Down Payment
The buyer can pay at least 40% of the NFT’s value and become a borrower (having borrowed the NFT and having a debt against it). The remaining 60% is paid through an Aave flash loan and repaid through an instant NFT-backed loan on BendDAO. As a result, the buyer owes 60% of the NFT floor price to BendDAO. The buyer must repay that amount to receive the underlying NFT. Anyone can purchase different NFTs on supported marketplaces, such as the BendDAO marketplace itself, OpenSea, LooksRare, or X2Y2.
3. Liquidation Protection
BendDAO introduced a 24-hour repayment window for loans. During that time, the borrower can repay their outstanding debt without any losses. This feature prevents users from suffering any losses due to market fluctuations.
4. Bound NFT
When a user deposits an NFT into the BendDAO pool, they receive a wrapped version of that NFT called a bound NFT (bNFT). During borrowing against the original NFT, the bNFT is minted, and during loan repayment, it is burned. The bNFT has the same metadata and tokenId as the original NFT. It is non-transferable and non-approvable to prevent owners from hacking. The bNFT gives access to airdrops, claimable and mintable assets.
5. Flash claim
Users can develop their own smart contracts to receive their originally deposited NFTs to claim airdrops or participate in third-party project activities. It is similar to an Aave-like flash loan that should be returned in the same transaction. All claims and interactions can be performed between receiving and giving back the original NFT.
6. ETH Deposit
ETH depositors can earn APR on their deposited ETH to the BendDAO pool, and rewards are paid in BEND tokens. Those ETH are used to give access to instant liquidity for NFT depositors.
7. DAO
The veBEND token is used to vote for listing different NFT projects on the BendDAO protocol. VeBEND is a vote-escrowed BEND token, and users can lock their BEND tokens for a maximum period of four years. veBEND holders also collect income from NFT-backed loans and down payments.
Technical details
1. BendDAO protocol codebase
The BendDAO protocol uses Aave best practices to provide NFT lending and borrowing. The LendPool contract is the main entry point for users, allowing them to interact with the protocol by performing depositing, withdrawing, borrowing and repaying, auctioning, and liquidating positions.

The LendPoolAddressesProvider and LendPoolAddressesProviderRegistry contracts are used to store information about different markets, corresponding assets, and price oracles in an Aave-like fashion.

The BToken is similar to the Aave AToken - an interest-bearing token that users receive when they deposit ERC20 tokens to the BendDAO.

All active loans are stored and tracked by the LendPoolLoan contract. Every call to LendPool is followed by that contract after necessary validations. It updates the loan state or creates one if needed.

The NFTOracle contract provides data about listed NFT collections’ floor prices. These prices are pushed to that contract by an EOA with admin permission.

The ReserveOracle contract utilizes ChainLink price feeds to get prices for different reserves. These prices are used during NFT collateral calculation.
2. Collateral listing
A seller or borrower can list their NFT by calling borrow function on LendPool contract. User should specify an asset and a desired amount to be borrowed. validateBorrow function inside ValidationLogic library then checks loan health factor according to current LTV for that particular NFT collection.

The BorrowLogic library uses the _borrow function to check if a loan already existed for the specified NFT id. If a loan is being created, the NFT is transferred from the user to the BendDAO protocol. In return, the user receives their borrowed funds and the bNFT token, which is minted by the LendPoolLoan contract inside the createLoan function.

A seller or borrower can list their NFT by calling borrow function on LendPool contract. User should specify an asset and a desired amount to be borrowed. validateBorrow function inside ValidationLogic library then checks loan health factor according to current LTV for that particular NFT collection.

In return user receives their borrowed funds and boundNFT token which is minted by LendPoolLoan contract inside createLoan function.
If a loan already existed, it is just updated, and the user receives only the borrowed funds.
3. NFT Down Payment
The logic for NFT Down Payment is not a part of the BendDAO protocol. However, it is still represented as a set of contracts that includes the main logic for purchasing NFTs and different adapters for various marketplaces.

The Downpayment contract has a main function - buy, a payable function that accepts ether to perform a purchase and triggers an Aave flash loan. One of the previously mentioned adapters accepts that flash loan, purchases the targeted NFT, borrows ETH from the BendDAO pool against the purchased NFT, and repays the Aave flash loan. All main actions are performed inside the executeOperation function of BaseAdapter contract, from which all particular adapters inherit logic.
4. Unhealthy positions
If someone’s position becomes unhealthy, then it becomes the target for starting an auction on that position. Such an auction acts as protection from the instant liquidation process.

The auction can be started when the position health factor is below 1. After the auction is started, borrowers have time to repay their loan but with a fine paid to the first auction bidder.
Anyone can participate in an auction. Bidders should place their orders at a higher price compared to others. The highest bidder receives the collateral asset if the borrower does not repay the debt.

The LendPool contract has an auction function which then calls auctionLoan inside LendPoolLoan. The auctionLoan function tracks the highest bidder and their price. Between those calls, the LiquidationLogic library transfers the bid reserve assets from the current bidder to the protocol and returns funds to the previous bidder. This ensures that the bidder would be able to purchase the collateral asset. After the auction succeeds, the highest bidder has a redemption period when they should claim the auctioned collateral asset. This is done via the redeem function in LendPool contract.
There is a liquidate function in LendPool contract. It then follows to a liquidateLoan in LendPoolLoan with a check performed in LiquidateLogic in-between. It checks whether an auction happened and ended (liquidation protection for the borrower) and whether no bids cover the borrower’s debt. Only if those checks are passed can the liquidator perform their action and receive the collateral asset in return.м
5. Bound NFTs
Bound NFTs are ERC721 tokens with enhanced functionality - all transfer functions are overridden, and they revert on any call, making bound NFTs non-transferable. Bound NFTs are implemented via the BNFT contract. There are two main functions - mint and burn. Minting accepts actual NFTs from the user and returns bound NFTs with restricted transfers. Bound NFTs have the same metadata and tokenURI as the original NFTs - for example, the tokenURI function proxies call to the underlying NFT.

There is an important flashLoan function that helps to implement Flash Claim logic. It allows users to use the underlying NFT in one transaction to claim an airdrop or participate in an original NFT project. That function transfers the original NFT to a caller, allows the receiver to perform executeOpeartion on their side, and succeeds if it was able to transfer back the original NFT.
6. NFT floor price Oracle
The BendDAO team runs the NFT price oracle. Initially, price data is fetched from different marketplaces and aggregated via an off-chain node. It is not disclosed when those prices are being fetched, but those nodes push price data to an NFTOracle contract, which collects TWAP prices for all supported assets.

There is also a maxPriceDeviation parameter, which determines if the price is correct. It is used to compare the current price with a previous observation. If the difference between those prices is bigger than that parameter, the price is considered invalid.
The node pushes the price data via the setAssetData function, which is restricted to calls only by the contract admin.
Security risks
1. NFT floor price data pushing
There is a risk of an off-chain service providing incorrect data or not working. The BendDAO team claims that they operate multiple nodes and push prices as frequently as the current volatility on an asset arises. We can assume that this logic applies well, but we cannot be 100% sure that it works as described, especially during high volatility.

Also, the validity check on the price can lead to missing price changes when the floor price grows/drops too fast.
2. Bad debt/protocol insolvency
The NFT market still needs to be more mature/liquid than other assets in DeFi. Governors decide which NFT asset should be listed as acceptable collateral. Despite having a high entry level for NFT collections, it is still possible that any collateral asset could suddenly drop in price significantly so that no one would be interested in participating in the auction/liquidation process to buy back that collateral. As a result, the BendDAO protocol could become insolvent, having an outstanding debt to ETH depositors.
3. NFT floor price manipulation
Coordinating a floor price manipulation on a specific collateral asset is possible to force someone’s position to become unhealthy. This is much more possible than traditional DeFi assets due to lower NFT liquidity.
4. Protocol configuration by owner
It is important to have a trusted protocol owner who can pause the lending pool, access the NFT floor price oracle, and bound NFTs. BendDAO introduces a 7-day timelock for any changes and a 3/5 multi-signature wallet. An emergency pause can be performed without a timelock, but multiple signatures are still necessary.
5. Potential reentrancy
There is an airdrop claiming functionality in the Bound NFT implementation. It is used to claim all distributed rewards to original NFTs without using flash claim functionality. It is possible to re-enter a function like claimERC20Airdrop or claimERC721Airdrop. Such functions have a nonReentrant modifier to prevent a reentrancy attack to have the ability to claim one airdrop multiple times.
6. Forced spending fees by an NFT oracle
Price data is pushed to the NFT Oracle via an EOA account, which triggers a transaction. BendDAO documentation says that prices are fetched and pushed according to market volatility. Theoretically, it is possible to guess the fetching price strategy and manipulate prices on needed marketplaces to force the EOA to push prices more frequently so that it spends its funds on unnecessary updates. That action can lead to DoS and outdated NFT floor prices on the BendDAO protocol.
This article demonstrates the significance of adequately proving and testing all new concepts. In the case of BendDAO, it is crucial to offer trustworthy and persistent price feeds for NFTs and take appropriate measures if any ongoing manipulations may lead to forced liquidations.
Furthermore, it is essential to note the risks associated with the underlying NFT collections. Early and relatively illiquid markets present speculative opportunities that can result in bad debt situations and collateral loss for ETH depositors.
Who is MixBytes?
MixBytes is a team of expert blockchain auditors and security researchers specializing in providing comprehensive smart contract audits and technical advisory services for EVM-compatible and Substrate-based projects. Join us on Twitter to stay up-to-date with the latest industry trends and insights.
The information contained in this Website is for educational and informational purposes only and shall not be understood or construed as financial or investment advice.
Other posts