Dissecting the Mango Markets Exploit: How Risk is Mitigated on Perp v2

Mango Markets, a money market and perpetual DEX built on Solana, experienced an exploit on October 12th where ~$116 million in funds were siphoned from the protocol. In this article, we’ll provide an overview of the exploit, diagnose what went wrong with Mango and detail how Perp manages risk in light of these recent events.

How was the Mango Exploit Pulled Off?

The sequence of events that led to a deficit for Mango was similar to a price manipulation attack as shown below that has been seen in the past (e.g., Inverse Finance), but involved moving the price across different trading venues and the exploiter used a large derivatives position to drain the lending pool.

Source: https://arxiv.org/pdf/2104.15068.pdf

The price manipulation attack on Mango worked something like this:

  • A large capital outlay was required from the exploiter. They funded two Solana addresses via FTX (account 1 and account 2), with $10 million in collateral deposited across these two wallets, and a further ~$3 million was used to manipulate spot markets.

  • The two wallets were funded with ~$5 million each and a wash trading technique enabled a large position to be opened. One wallet posted an order to short ~483 million MNGO-PERP contracts while the other wallet bought this order. Note that this is around 50% of the token’s circulating supply!

  • The price of MNGO on spot exchanges such as Jupiter, Raydium and Serum was manipulated via multiple trades (such as this transaction), resulting in a move from ~$0.04 to a high of $0.91. With an average entry price of just 4 cents for the MNGO-PERP position, the manipulation caused the long position to then be worth ~$421 million.

  • Because of the manipulated oracle price, the exploiter was able to borrow more than the fair market value of the collateral. Note that the oracle used a simple median price from just three exchanges with no additional controls to prevent manipulation.

  • As a consequence of manipulating the most illiquid market on Mango (MNGO), the exploiter’s managed to attain an unrealized profit of ~$150 million though their leveraged position.

  • The protocol’s code allowed users to borrow against their unrealized profit, which is exactly what happened. A variety of assets were borrowed (shown below), resulting in ~$116 million being extracted from the lending pool. Depositors were left empty handed and the protocol now had a massive shortfall to cover.

Source: Mango

  • After the attack, the short MNGO position was in a huge profit but no liquidity to exit the trade.

  • Following the exploit, the attacker mounted a governance attack using most of the ~32 million MNGO tokens that were withdrawn to launch and vote for a proposal to return some of the funds in exchange for a bounty and immunity from prosecution. This vote didn’t pass, but a second vote that made depositors whole again and left the hacker with a $47 million bug bounty was passed on October 14th.

Shortcomings of Mango’s Economic Design

The key shortcomings in Mango’s economic design that allowed this exploit to take place were:

  • The price of an illiquid market was used to determine the borrowing power of an account. The addition of MNGO and other illiquid tokens as collateral and for perpetual contracts trading was one of the key reasons why the exploit was able to be pulled off.

  • The oracle was too easy to manipulate. The calculation just included spot prices, which meant it wasn’t safeguarded against temporary market manipulation.

  • There were no limits in place for borrowing or leveraged positions.

This clearly highlights that any DeFi protocol with leverage should avoid using illiquid assets as collateral. Also, a weighted average of recent spot market price would have raised the cost of an attack for a borrower to drain the funds in the protocol using temporary manipulation of the market.

Also, despite being warned several months prior with a detailed description of the exploit, the Mango team did not put any precautions into place to address these shortcomings.

Even though risk management was somewhat overlooked by the Mango, the exploiter took a big risk. If their assumptions had been wrong, they could have ended up losing a large chunk of the capital deployed in this attack since markets may react in unpredictable ways.

Nevertheless, another lending protocol has recently experienced a similar exploit. Moola Markets lost $8.4 million to an attacker who lent CELO and borrowed 1.8 million MOO tokens to use as collateral. As with the Mango case, the MOO token price was manipulated higher, which meant that the attacker’s collateral value also increased and they were able to borrow massive sums in other tokens, which were withdrawn and wiped out all available liquidity.

Can The Same Attack Happen on Perp v2?

In response to these recent events, a lot of our community members have asked: can this attack happen on Perp v2?

The answer is that the same exact exploit isn’t possible because of the following reasons:

  • Perp v2 doesn't have a lending market or list illiquid tokens as collateral.

  • Chainlink is used as an oracle, which is the largest decentralized oracle provider, to determine the index price and we apply a time-weighted average price (rather than a simple median) to provide some defence against sudden price fluctuations.

  • Unrealized PnL is not included in the free collateral calculation and cannot be used to withdraw any assets.

But while the same exact exploit isn't possible, any leveraged system has inherent risks. Only risk control and monitoring can lessen these risks. The Mango incident is an interesting case study in DeFi security and our team is currently engaged in a deeper review to see what more we can learn and harden Perp’s security, the outcomes of which we’ll share with our community at a later date.

In the following, we’d like to share our approach to risk to keep users' funds safe.

  • Because the exploiter could take on leverage, this was one of the key factors that enabled them to successfully drain funds from Mango.

Mango has leverage capped to 20x, but they listed assets with much lower liquidity as compared to the markets available on Perp v2. Perp v2 has a maximum leverage of 10x, although it can be changed through a governance vote. We do not plan to increase leverage until the protocol is more robust, since if more users can be leveraged it requires the liquidation system to be a lot more accurate and efficient.

  • Given Perp v2 has a multi-collateral feature, another relevant risk is the listing of new assets and determining the appropriate collateral weights. What’s stopping someone from manipulating the price of one of the supported collateral types and pulling off a similar exploit?

The assets accepted as collateral on Perp v2 are carefully considered by our internal risk team, are much more liquid and their prices much harder to manipulate than for MNGO. To determine collateral parameters such as the collateral ratio and discount ratio, we have adopted the risk methodology used by Aave (one of the largest DeFi protocols by TVL).

By following this methodology, it means factors such as the token’s market capitalization, trading volume, volatility, and so on, are taken into account when considering new assets as collateral and monitoring the existing collateral types supported on Perp v2. New collateral types will only be added once they meet these listing requirements, which makes it very expensive to manipulate the prices of these assets.

Our risk team analyzes potential listings and the parameters mentioned above on a weekly basis. The community will be notified if there’s any change in these parameters. In most cases, only the deposit cap and discount ratio will be adjusted to make sure our protocol is efficient and safe when liquidations happen. Collateral ratios will rarely change, and only if there’s an update to the metrics used in Aave’s risk methodology. The Mango incident has had no effect on our existing collateral measurement process.

  • Open interest and/or position limits are two fixes that could’ve helped avoid the Mango exploit. Perp v2 doesn’t have such limits in place currently, but there are caps for all collateral types, would limit the damage caused if a collateral’s price ends up being manipulated, and a price band limitation for preventing manipulation.

One area where we could improve and are currently assessing whether to implement an IMF parameter like FTX, which restricts open positions by charging a higher percentage margin for larger positions. Introducing an IMF parameter would help to further limit anyone from taking on an excessively large position that could put the protocol at risk, along with the collateral caps and price band limitations that are already in place.

  • Mark price controls: For better mark price controls, we are working on some future changes that were already planned prior to the Mango exploit. First, shortening the interval of the time-weighted price index, an adjustment to the mark price formula to better represent the actual fair market value and a potential change to the funding rate formula. All these planned changes will make liquidations more efficient, offer a better trading experience making it more lucrative for makers and improve capital efficiency for takers.

Perp will continue to iterate and improve as we’ve done in the past three years and we want to reassure our users that they are safeguarded from similar economic exploits. As we’ve detailed above, there are different measures in place to monitor and manage risk, and we aim to keep improving these processes. Bug reports from our community are always taken seriously and acted upon in a timely fashion. Immunefi bounties are also in place to encourage white-hats to follow responsible disclosure procedures and reduce the risk of any potential exploits being carried out.

Subscribe to Perpetual Protocol 🥨
Receive the latest updates directly to your inbox.
Mint this entry as an NFT to add it to your collection.
Verification
This entry has been permanently stored onchain and signed by its creator.