Security of Algorithmic Stablecoins: Magic Internet Money

Author: Konstantin Nekrasov
Security researcher at MixBytes
There are many stablecoins that attempt to achieve their peg algorithmically or through collateralization, and there are at least 23 failed projects as of today.

In this article we provide a list of questions that you can use to find hidden pitfalls in algorithmic stablecoins.

As an example, we analyze a collateralized stablecoin Magic Internet Money (MIM).
What is MIM is a lending platform that uses interest-bearing tokens (yvWETH, yvUSDC, xSUSHI and others) as well as traditional tokens (WBTC, WETH and SHIB) as a collateral to borrow a USD pegged stablecoin Magic Internet Money (MIM) that can be used as any other traditional stablecoin.

If a user's debt becomes unhealthy, then the collateral is sold with a discount. It gives some guarantee that the value of the stable coin will not go lower than the value of the locked collateral itself.

MIM relies on arbitrage to stabilize its price:
  • If MIM/USD > 1$. Borrow MIM and sell it for USD in the prospect of the price going lower.
  • If MIM/USD < 1$. Buy MIM and burn it to return the debt for a net profit.
Unhealthy loans are sold for MIM with a discount — this additionally supports the MIM price.
№1. Death spiral thought experiment
This is the basic question of what will happen if the price of the token is constantly going down.
Can the stablecoin, even in theory, safely "wind down" to zero users? Or more precisely: what happens if the expected future activity drops to zero?
MIM analysis
MIM's security depends on assets external to the MIM system (yvWETH, yvUSDC, xSUSHI, WBTC, WETH, SHIB and others), so MIM has a better chance to safely wind down to zero users without going into a death spiral.

If the demand for lending drops faster than for holding, then the MIM price can go higher until it hits the ceiling of 2$ (but probably much lower) after which it will become profitable to buy collateral on the market to borrow and sell MIM for more value than the collateral itself.

If the demand for holding drops faster than for lending, then the MIM price may decrease. There is a hypothetical scenario of market events that can affect the price of MIM:

  1. An adversarial «whale» borrows a large amount of MIM and sells it on the market for a price close to the 1$ peg.
  2. The attacker launches a F.U.D. campaign targeting MIM holders so that they start selling their MIM.
  3. The MIM price starts to drop and people start to buy MIM to return their debt for cheap.
  4. This continues until only «whale» debtors remain in the system, who are ready to wait until the price drops even lower.
  5. If MIM holders continue to sell in a panic, whales can wait until the coin drops to the lowest point and buy it back only then.

It is necessary to emphasize that the aforementioned scenario is unrealistic. The adversarial «whale» will still need to return the debt to unlock their collateral. The only way to do it is to buy back MIM. This will create an opportunity for other players to buy MIM before the whale in order to dictate a higher price to the whale themselves.
№2. Ponzi thought experiment
This is the basic question of what will happen if the price of the token is constantly going up. Is there a mechanism to counter it?

If the stablecoin has no mechanism to respond to situations where demand for holding exceeds demand for minting, then the price of the stablecoin may rise above the peg and the stablecoin may become vulnerable to extreme price movements in both directions.

In order to check for such a mechanism, Vitalik Buterin suggested conducting a thought experiment: what happens if you try to peg the stablecoin to an index that goes up 20% per year?

He claims there are basically two ways for a stablecoin that tries to track a Ponzi index to turn out:

  1. It charges some kind of negative interest rate on holders that equilibrates to basically cancel out the USD-denominated growth rate built into the index.
  2. It turns into a Ponzi, giving stablecoin holders amazing returns for some time until one day it suddenly collapses with a bang.
Vitalik claims that for a collateralized automated stablecoin to be sustainable, it has to somehow contain the possibility of implementing a negative interest rate in three ways:

  1. RAI-style, having a floating target that can drop over time if the redemption rate is negative.
  2. AMPL-style, having balances change over time.
  3. DAI-style. Be a hybrid stablecoin that uses both pure crypto assets and centralized assets like USDC as collateral.
MIM analysis
MIM can be considered a hybrid stablecoin since 43.46% of the total collateral is stable:

If the MIM price rises above 1$, there will be a profitable opportunity to borrow MIM by locking a stable collateral without liquidation risks. This will push the price down (see MakerDAO case).
№3. Oracle weaknesses
Check what applies:

  1. Flash loan price manipulation.
  2. Low volume market price manipulation.
  3. TWAP manipulation. You can check a Rari Fuse VUSD Price Manipulation hack. Use Uniswap Oracle Attack Simulator to calculate how much money you need to move the TWAP of a crypto asset.
  4. Out-of-date prices:
    4.1. TWAP lag arbitrage. For example, by using the ten-minute weighted-average price of TITAN as opposed to the spot price, users were able to create and redeem IRON in the primary market using a price of TITAN that was different from the price of TITAN in the spot market [*].
    4.2. Rare price updates. This may be especially interesting if there is a public method for an update. For example, the oracle price in xSUSHI/MIM lending pool was so out of date that a hacker was able to use a flash loan to open a cheap CDP, update the price and then immediately liquidate the position with a profit over $100K (see the note and the transaction).
  5. MEV arbitrage (oracle price update frontrun).
  6. Collusion of oracle data providers. Is the profit from such an attack much higher than the potential loss?
  7. Buyout the oracle. Is the price of the controlling share much lower than the total stable coin value?

Additionally, you may want to search for an oracle attack checklist.
MIM analysis
MIM lending pools use Chainlink to measure collateral prices. There is a public method updateExchangeRate() that should be called to update the price. The call of that method is not mandatory so there is a possibility the last price measurement in a pool may become outdated.

This was exploited by a hacker who was able to use a flash loan to open a CDP in xSUSHI/MIM lending pool with an outdated (high) price, update the price and liquidate the position with a profit over $100K (see the note and the transaction).
№4. Governance attacks
Does stablecoin have a governance? Is the price of the controlling share much lower than the total stable coin value?

Additionally, you may want to check governance attack checklists:
MIM analysis
The governance of happens through a snapshot page. Thus, even if an attacker buys a large amount of sSPELL tokens, they won't be able to forcefully execute a malicious proposal.
№5. Collateralization questions
Crypto-collateralized stablecoins are backed by other cryptocurrencies. The reserve cryptocurrency may also be prone to high volatility, so it is over-collateralized: the value of the cryptocurrency held in reserves exceeds the value of the stablecoins issued (e. g. DAI, RAI, MIM).

Questions to ask:
  1. Is the collateral ratio sufficient for the collateral volatility?
  2. What happens if the coin becomes under-collateralized?
  3. What happens if the debt holders do not buy the stablecoin back when it falls below the peg and wait until it falls even lower? Will this lead to a death spiral?
  4. Insufficient mint event. If the collateral price starts to drop,there is a risk of mass liquidations. Borrowers will buy stablecoin from the market en masse to repay the debt. This will push the price of the stable coin up. At the same time, no one will risk staking an additional collateral to mint new coins, in fear of getting liquidated with the falling price of the collateral itself. Thus, with a limited and shrinking volume of the stable coin, its price will rise even more. This scenario did occur to the DAI and was fixed by introducing an ability to mint DAI via USDC. The question is — does the stable coin have a mechanism (like DAI's stable-stable mint) to counter such an event?
MIM analysis
Mostly everything is OK with MIM. But there are things to be noticed.
~15% of MIM's collateral is FTT:

The MIM price responded with a 2% drop but soon returned to the peg:
The problem is that the FTT volatility is not over yet and the FTT price may go even lower. This will be an interesting stress test for the MIM protocol and its community.
In this article we provided a short analysis of Magic Internet Money — an interesting stablecoin that perhaps has a bright future ahead. Use the provided security checklist for other stablecoins to ensure that the bright light ahead is not lit from a funeral fire!

Stablecoin hacks:

TWAP attacks:

DAO attacks:
Other posts