Fluid GMC Risk Analysis Process [EXTERNAL]

# Fluid GMC Risk Analysis Process # Section A: Asset Risk ## 1.1 Asset Risk In short, as a large holder of Arbitrum ETH already, holding ETH presents no incremental asset risk to Arbitrum DAO. [This contract](https://arbiscan.io/address/0xAc20CD734C65Baf48a1476447af7D3E3165DC739), is a 3/5 Safe controlled by the Foundation, that holds ETH owned by the DAO. Liquidity for the asset is good and no additional dependencies are presented to Arbitrum DAO by holding this asset. Block censorship stemming from OFAC compliance presents a notable and growing risk to the network, but given Arbitrum's complete dependence on the L1 prior to holding it, it is fair to conclude that continuing to hold ETH presents no incremental risk to Arbitrum DAO. ### 1.2 Architecture ![image](https://hackmd.io/_uploads/HJyHj9Q9yl.png) *Source: Ethereum, [Coingecko](https://www.coingecko.com/en/coins/ethereum), February 19th 2025* ETH is the native asset of the Ethereum blockchain. It is used to validate the network and pay for transactions. The asset's market capitalization has continued a consistent uptrend since inception, with it currently standing at ~$300B. Some 1.3M transactions are processed every day. This asset is a critical part of the Ethereum blockchain and is used to accept upgrades to the network. Validators may collaborate to "fork" the chain to change any part of it, as was seen with "The DAO Hack" of 2016. It is therefore a governance token for the Ethereum blockchain. ### 1.3 Tokenomic Structure ![image](https://hackmd.io/_uploads/B1m2WiXcyl.png) *Source: ETH issuance, [Ultrasound.money](https://ultrasound.money/), February 19th 2025* Ethereum has an infinite supply, with additional ETH being directed at stakers to validate blocks. A certain amount of ETH is burned with each transaction, with current gas fees at their lowest median [gwei in four years.](https://x.com/EntropyAdvisors/status/1892230125208691141) Approximately 17000 ETH are introduced via staking rewards each week, with approximately 1800 ETH burned during the same time period. ![image](https://hackmd.io/_uploads/r1Z1l4L5yx.png) *Source: Top Holders of ETH, [Etherscan.io](https://etherscan.io/accounts), February 21st* The supply of ETH is well distributed, with only Binance holding more than 1.5% of the supply in a custodial exchange address (which is a blend of customer and exchange holdings). Multiple contentious debates occur within Ethereum's ecosystem, with ultimately successful initiatives being included in the network through the [Ethereum Improvement Proposal](https://eips.ethereum.org/) framework. ## 2. Arbitrum Market Outlook ETH's market outlook on Arbitrum presents no risk to Arbitrum DAO. Deep liquidity fragmented across multiple venues by countless LPs results in an sufficiently robust liquidity landscape that allows the DAO to atomically exit its entire position at a notable 3% price impact. ### 2.1 Asset Liquidity ![image](https://hackmd.io/_uploads/BkaK3i79Jl.png) *Source: ETH/USDC trade, [Odos,](https://app.odos.xyz/) February 19 2025* This asset is relatively liquid on Arbitrum. Arbitrum DAO's entire GMC allocation of 7,500 ETH could be swapped for USDC in one transaction at 3% slippage. This would then be quickly arbitraged by liquidity from other chains and centralized trading venues. ### 2.3 Exchanges ![image](https://hackmd.io/_uploads/B1Dy8275Jg.png) *Source: Ethereum, [Coingecko](https://www.coingecko.com/en/coins/ethereum), February 19th 2025* Ethereum is a widely traded asset across multiple exchanges. It enjoys more liquidity than almost every asset in the cryptocurrency industry. ### 2.4 Growth As noted above, Ethereum's market capitalization has continually increased since the asset launched in 2016. Its consistent growth reflects growing confidence in the network's utility as a credibly neutral computation venue. ## 3. Asset Technological Risk ### 3.1 Asset Smart Contract Risk Ethereum is a heavily audited protocol. The main node implementation, GETH, was audited 5 times (with the most recent being done in 2020). [Major EIPs are audited](https://www.chainsecurity.com/security-audit/eip-4788-contract) in order to be included into the protocol Each major change takes place on various testnets in advance of being pushed to the main network, [often multiple times over](https://www.coindesk.com/tech/2022/08/11/ethereums-third-and-final-testnet-merge-goes-live-on-goerli). ### 3.2 Bug Bounty Program The Ethereum Foundation runs a well-publicized bug bounty with a [maximum value of up to $250,000](https://ethereum.org/en/bug-bounty/). This is far below the amount of value being secured by the network and does not present a compelling incentive to a potential blackhat hacker to responsibly disclose a bug. ### 3.3 Price Feed Risk As a bridged asset, it is dependent on cross-chain messaging. As the reference asset for most economic activity on Arbitrum, price feed risk is extremely low. Nevertheless, numerous centralized and decentralized oracle solutions push ETH prices reliably onto Arbitrum. These include: - [Chainlink](https://data.chain.link/feeds/arbitrum/mainnet/eth-usd) ETH/USD - [PYTH](https://www.pyth.network/price-feeds/crypto-eth-usd) ETH/USD - [Chronicle](https://chroniclelabs.org/data) ETH/USD - [DIA](https://www.diadata.org/blog/post/dia-brings-first-fully-on-chain-oracle-to-arbitrum-testnet/) ETH/USD - [API3](https://medium.com/api3/api3-builds-oev-network-on-arbitrum-orbit-b29f8f5d7dcf) ETH/USD API3 and DIA are notable for supporting Arbitrum Orbit chains. ### 3.4 Dependency Risk Ethereum has a number of dependencies to it. Given that Arbitrum is entirely dependent on Ethereum, these dependencies are not incremental risks posed to the DAO. While there is a massive list, some of the most important of these dependencies include: - A proof of stake consensus mechanism, staking infrastructure, smart contract functionality - Hashing algorithms (Keccak-256/SHA-256) - The Ethereum Virtual Machine, gas functionality, language compiling tools - Continual, global internet connection - A functioning mempool - Development libraries, tools, testing frameworks - Execution and consensus node clients - RPCs, block explorers, operating systems from which to run the node (e.g. Linux) Arbitrum ETH is bridged. Almost 1M of that ETH uses [Arbitrum's canonical](https://etherscan.io/address/0x8315177aB297bA92A06054cE80a67Ed4DBd7ed3a) bridge, which is upgradeable, representing the majority of the bridged ETH. It is likely that the ETH the Arbitrum DAO currently holds was bridged using this bridge. ## 4. Counterparty Risk Ethereum, for the foreseeable future, does not present incremental risk from either its governance or existing or planned regulatory environment for Arbitrum DAO. Ethereum's governance is highly distributed and well developed. EIP change management infrastructure is a lengthy process in which developers consider a potential change, design and implement it then pass the new code on to node operators. At a chosen block, all nodes will start running the change, at which point the change will come into effect. Changes must be well socialized in order for this process to occur due to upgrade requirements. Ethereum's highly distributed nature means that it is largely censorship resistant. Thanks to having 6600 nodes across a wide variety of continents, regulatory action would take some time to have an effect on the network. With that being said, [over 50% of nodes on Etherscan.io](https://etherscan.io/nodetracker#) report coming being located in the USA. In addition, [some 51% of blocks produced in the past 7 days are OFAC-compliant](https://www.mevwatch.info/), meaning meaningful censorship is already occurring on the network. This poses risk to Arbitrum. It is not inconceivable that Arbitrum be designated OFAC non-compliant due to the potentially arbitrary nature of their rulings, which could result in blocks not being posted from the L2 to L1. This would effectively exclude Arbitrum from Ethereum and may render the network unusable. While this risk is possible, its likelihood of occurring is extremely low. As a native asset of the rollup, ETH has no access control considerations. Admins may not modify any aspect of the asset, meaning Arbitrum DAO does not face risk from this area. With these points in mind and given Arbitrum DAO's pre-existing dependence on Ethereum, it is safe to say that holding this Arbitrum ETH presents no incremental governance or regulatory risk. # Section B: Strategy Risk Arbitrum DAO faces a variety of risks stemming from Fluid. To begin, the Arbitrum DAO may be unable to withdraw its ETH at all times due to temporary market conditions. This is managed effectively by Fluid's interest rate model. Arbitrum DAO places a degree of trust in the continued compliance and competence of Fluid's development team, who control a variety of protocol-critical settings such as LTVs, global protocol freezes and withdrawal limits on individual addresses. This risk is elevated by a large team presence in India (though non-exclusive, with contributors living in Europe and Dubai too), which has a long history of arbitrary rulings on cryptocurrency issues that may affect their capacity to maintain this protocol. There is also some degree of smart contract risk as the lending protocol has only been audited once. With this being said, these risks are sufficiently managed to the degree that LlamaRisk feels comfortable recommending the Arbitrum DAO to allocate ETH to the protocol - with DAO contributors alongside LlamaRisk continuing to watch the allocation throughout. # Section B: Strategy Risk ## 1. Strategy Design Risk ### 1.1 Design Risk ![image](https://hackmd.io/_uploads/Hy03ExS9Jg.png) *Source: ETH Lend Analytics, [Fluid](https://fluid.instadapp.io/stats/42161/liquidity), February 20th 2025* Thanks to Fluid's straightforward protocol and simple strategy, few risks are presented by the design of this strategy. Fluid's suggested strategy involves depositing naked ETH into their ETH Lend Pool. This will generate approximately 0.8% APR (at current utilization). The pool currently has 8,728 ETH deposited with 4,754 ETH borrowed, with the low interest rate (and high kink position) indicating both high capital efficiency and low demand to short the asset. ![image](https://hackmd.io/_uploads/BJl5ySB5kl.png) *Source: Fluid Architecture,[ Fluid Documentation](https://docs.fluid.instadapp.io/)* This strategy design is very straightforward. Principal is unlikely to be lost (pending smart contract hack or the generation of bad debt). Leverage is not involved (on the Arbitrum Foundation's side), and all positions are overcollateralized. In this pooled lending system, there are no direct counterparties and interest rates manage pool liquidity. As a permissionless DeFi protocol, this strategy may be entered or exited at any time. This reduces risk. #### 1.2 Strategy Mechanics Few risks are presented to the DAO by this strategy. The primary risk, being unable to withdraw deposited ETH, is somewhat managed by interest rates and Fluid's liquidation engine. This protocol strategy (lending ETH) is straightforward. The Arbitrum Foundation will supply ETH to a pool (currently holding 8700 ETH), which other users then borrow. Roughly 4000 of that ETH is lent out to borrowers. This pool is available at [this proxy contract](https://arbiscan.io/address/0x52Aa899454998Be5b000Ad077a46Bbe360F4e497#code), known as the Liquidity Layer. No other protocols are involved and no crosschain dependencies are introduced in this strategy. The primary strategy risk involved with lending ETH to such a pool is that there is insufficient liquidity to withdraw the ETH should the foundation need to. Fluid's aggressive LTs / LTVs, meaning that this risk is elevated. The wstETH/ETH LTV ratio is 93%, an extremely high LTV. This aggressive LTV results in more debt being able to be taken out and the increased liquidation threshold results in borrowers getting liquidated at a later point. This reduces the liquidity of each debt pool, resulting in a situation where the Foundation may not be able to atomically withdraw all 2500 ETH in one transaction. ![image](https://hackmd.io/_uploads/Sknik7BcJg.png) *Source: wstETH/ETH Pool 5, [Fluid](https://arbiscan.io/address/0x52Aa899454998Be5b000Ad077a46Bbe360F4e497#code), February 20th 2025* This risk is then compounded by the interest rate model, with an interest rate kink only kicking in at 90% utilization. At this point, interest rates will spike and new ETH will be deposited to the protocol. With this in mind, it is important to note that utilization remains low and that this risk is not likely to be realized. [Few interest rate spikes ](https://fluid.instadapp.io/stats/42161/vaults#5)have occurred on this pool, with no spike greater than 8% of them being sustained for more than 4 hours. The sharp Slope2 of this interest rate means that liquidity for this market is quickly restored, meaning the DAO's ETH should be available for withdraw within 12 hours regardless of volatility. This manages this risk effectively. #### 1.3 Economic Incentive Structure There is very low yield variability risk from this strategy. The yield that the ETH will generate is paid by borrowers. While the yield that is paid is a function of the demand for leverage across the network, it is "real yield" paid for by willing economic participants likely generating profit from elsewhere. It is therefore reliable, even if it is low at under 1% APY. No emissions are powering this yield, meaning other ecosystem participants are not having their own profitability affected by this strategy. #### 1.4 External Protocol Dependency Risk External protocol dependency risk is low. This strategy lends ETH to wstETH holders for leveraged staking. As such, it is dependent on Lido's wrapped Staked Ether. LlamaRisk has conducted a full asset risk analysis on this asset under our Aave strategy risk analysis document, linked here. In short, few risks are presented to the DAO from wstETH though special attention will be paid to governance changes passed through Lido DAO - especially relevant given Lido's upcoming V3. ## 2. Market Risk ### 2.1 Market Volatility Exposure This strategy is entirely ETH denominated for both borrowers and lenders. The risk of price deviation from ETH is low. There is no precedence of ETH deviating from ETH's price in Fluid on Arbitrum (or any network). wstETH, the collateral for this strategy, has only sustained one prolonged depeg before withdrawals were live. ![image](https://hackmd.io/_uploads/ryB0ENS5Jg.png) *Source: Fluid wstETH/ETH [vault analytics](https://fluid.instadapp.io/stats/42161/vaults#5), February 20th, 2025* Brief interest rate spikes are documented during periods of significant volatility, such as the flash crash of February 3rd. This is indicative of exposure to broader market sentiment, though the increased APY stemming from low liquidity was quickly arbitraged as new ETH was deposited to the liquidity layer while borrowers deleverage positions. The risk stemming from the broader market to Arbitrum DAO is therefore demonstrably low. ### 2.2 Liquidity Risk As a lending pool, liquidity risk is present on this DeFi strategy. As mentioned in section 1.2 and 2.1, Fluid interest rate modelling manages this liquidity risk, with demonstrable results in periods of high volatility with liquidity returning back to levels at which the Arbitrum Foundation may fully unwind the allocation in under 6 hours. There is no time lockup on this strategy and this strategy is not susceptible to MEV. No DEXs are used by the Arbitrum Foundation because the deposit remains in ETH. On the other side of the pool, wstETH collateral must be able to be liquidated, under correct health factor conditions, to keep positions sufficiently collateralized. As identified in our other report, wstETH liquidity on Arbitrum remains sufficiently robust to facilitate large liquidations across a long time period. This means even with Fluid's low liquidation bonus and "soft-liquidation" technology these [liquidations process smoothly.](https://x.com/DeFi_Made_Here/status/1820486118086766917) ### 2.3 Systemic Risk Despite tight LTVs, both sides of this market are ETH-denominated meaning that this strategy is less vulnverable to a deleverage spiral. wstETH's price in ETH terms has consistently risen in a predictable manner for 2 years without incident. The large depeg event of 2022 predates wstETH withdrawal activation, whose activation is a major cause for stability. This is further backstopped with robust DEX liquidity for wstETH. While another wstETH depeg is possible, the risk of this is low. A deleverage spiral is highly unlikely to adversely affect Fluid, meaning the Arbitrum DAO's position (which is unlevered) should not be affected by it either. ## 3. Operational Risk ### 3.1 Strategy Smart Contract Risk Smart contract risk, while ever present, has had steps taken to mitigate it. Fluid has been audited four times. Neither Fluid nor Instadapp have not been hacked. - In December 2023, [Statemind ](https://docs.fluid.instadapp.io/2023-12-29_StateMind_Fluid_Audit.pdf)found 3 criticals, 8 highs and 15 medium risk issues. 1 high and 6 mediums were left unresolved. - In June 2024, [MixBytes](https://docs.fluid.instadapp.io/Mixbytes_Fluid_Vault_Protocol_Audit.pdf) found 2 medium risk issues when reviewing the Vault protocol. - In December 2024, [MixBytes](https://docs.fluid.instadapp.io/Mixbytes_Fluid_Dex_Audit.pdf) found 3 low risk issues when reviewing Fluid DEX. - In January 2025, a [Cantina competition](https://docs.fluid.instadapp.io/cantina-audit-dex.pdf) concluded which resulted in 2 medium risk issues on Fluid DEX. It is worth noting that Fluid lending had a high number of criticals. This is the building block of this strategy. A $500K [bug bounty is live on ImmuneFi](https://immunefi.com/bug-bounty/instadapp/information/). This is reasonable, but could use increasing given Fluid's TVL increases. ### 3.2 Oracle Reliability Oracles present limited risk to the Arbitrum DAO in this strategy. Fluid is unique in that it blends [Uniswap and Chainlink](https://dune.com/murathan/oracle-price-comparison?ref=blog.instadapp.io) as oracle sources, making forced liquidations harder to enact. Given that these assets are ETH-denominated, risk of price deviation leading to erroneous liquidations is low. This [specific market uses a Chainlink/Redstone exchange rate oracle](https://arbiscan.io/address/0x9eB64904D28b999Ba10c59575c309a76B67E2827#code), which should mitigate liquidation risk during periods of volatility (as opposed to a market oracle). ### 3.3 Automation Risk The primary risk to Arbitrum DAO from automation in this instance is liquidations, and this risk is low. Fluid provides a small discount to liquidators keeping the protocol whole, resulting in economic incentive to maintain position health. Thanks to this discount, automation risk is low on Fluid. ### 3.4 Mitigation Techniques No leverage is involved in this strategy, meaning the primary concern for risk mitigation should be market liquidity. As previously identified, liquidity risk is mitigated by Fluid's interest rate model. This is easily verifiable on Fluid's frontend and on the smart contract level. While no liquidity buffers are mandated, there have been multiple deleverage events in which Fluid has functioned as intended. Indeed, [Fluid is refining its methodology with which withdrawals](https://gov.fluid.io/t/increase-withdrawal-in-borrow-limits-to-address-poor-ux-during-high-volatility/1170) are possible during such flash crashes, increasing access to deposits for lenders. ## 4. Counterparty Risk ### 4.1 Ownership Model Risk Fluid has a nascent governance system. The forum currently does not function. Delegate programs operate, but few contribute outside of the core team. Snapshot is used in an arbitrary manner, with many processes left to the core team. This DAO is underdeveloped, which presents risk through uncertainty in change management processes. Compared to an Aave DAO proposal lifecycle, Fluid's DAO proccesses are core-team dominated with user Instadapp COO DeFiMadeHere leading decision making. Delegates Lito and Bougie contribute, but discussion on parameter changes is far more limited and risk analysis is not explicitly front and centre in decision making. This is especially important considering there is no clear process as to how LTVs or LTs are set. There is also no clear advertisement of changes made to markets. It is worth noting that [Fluid has previously used $ARB given to it by the DAO](https://snapshot.box/#/s:instadapp-gov.eth/proposal/0xca15cef1935e9dcf58b59b31adc8883c4922929db3d3b7884ed9f4b3d77467d0) to fund gas rebates for users. ### 4.2 Access Control Risk Significant access control risk is present in Fluid's current configuration. Arbitrum DAO places large faith in the continued compliance and competence of Fluid's governance / development team, even if the DAO's ETH is never custodied. There is no timelock documented on these contracts. A wide variety of variable changes may be made by this 7/13 Avocado [smart contract wallet](https://arbiscan.io/address/0x4F6F977aCDD1177DCD81aB83074855EcB9C2D49e#readProxyContract), which owns ```FluidLiquidityProxy``` (where protocol funds are stored). Amongst other actions, this mutlisignature wallet may: - Freeze addresses - Update "Guardian" roles - Modify interest rate / debt parameters - Active a global freeze function - Modify withdrawal limits These are significant permissions trusted in the hands of an DAO / team that do not clearly delineate power and ownership with effective, public governance and change management frameworks. These 13 signers are: - [0x1d895E5CF6E5288C9A56fACE942E016696Fb0C90](https://arbiscan.io/address/0x1d895e5cf6e5288c9a56face942e016696fb0c90) - [0x4604E3bFbaCcB317a6FfEde8Bf24105F476A7329](https://arbiscan.io/address/0x4604E3bFbaCcB317a6FfEde8Bf24105F476A7329) - [0x5612C18E33Ff219f29d463D39Bb7e68731638fAc](https://arbiscan.io/address/0x5612C18E33Ff219f29d463D39Bb7e68731638fAc) - [0x7284a8451d9a0e7Dc62B3a71C0593eA2eC5c5638](https://arbiscan.io/address/0x7284a8451d9a0e7Dc62B3a71C0593eA2eC5c5638) - [0x97399C934d1a8b36FF6bDE553bC8ed769cE730bd](https://arbiscan.io/address/0x97399C934d1a8b36FF6bDE553bC8ed769cE730bd) - [0x9a30B8Ca14f07B5D33BC6485223de5D8792A8607](https://arbiscan.io/address/0x9a30B8Ca14f07B5D33BC6485223de5D8792A8607) - [0xa385B298d5Cb1051e3a34269dcC7D5Eb12fA6013](https://arbiscan.io/address/0xa385B298d5Cb1051e3a34269dcC7D5Eb12fA6013) - [0xa7615CD307F323172331865181DC8b80a2834324](https://arbiscan.io/address/0xa7615CD307F323172331865181DC8b80a2834324) - [0xa9061100d29C3C562a2e2421eb035741C1b42137](https://arbiscan.io/address/0xa9061100d29C3C562a2e2421eb035741C1b42137) - [0xC0c72156C4007B727d1CA4A583d06A2fF9E554F3](https://arbiscan.io/address/0xC0c72156C4007B727d1CA4A583d06A2fF9E554F3) - [0xC7810aA3b0c6A2778EEcC114B93d59B2E9Da9E05](https://arbiscan.io/address/0xC7810aA3b0c6A2778EEcC114B93d59B2E9Da9E05) - [0xD33D3fcE969F0470c723E45A3e5b34cE2eD78db7](https://arbiscan.io/address/0xD33D3fcE969F0470c723E45A3e5b34cE2eD78db7) - [0xD625c7458Da1a0758dA8d3AC7f2c10180Bf0E506](https://arbiscan.io/address/0xD625c7458Da1a0758dA8d3AC7f2c10180Bf0E506) These signers are members of Fluid's core team. ### 4.3 Regulatory Risk Instadapp / Fluid is maintained by a global team with contributors based in Europe, Dubai and India. There is significant regulatory risk stemming from confusing and arbitrary government rulings in India specifically, presenting some degree of risk to continued protocol operations. There is limited regulatory clarity in most jurisdictions relating to DeFi, but India's legal system has been especially dynamic with regards to cryptocurrency rulings. With limited clarity comes uncertainty, and it is not inconceivable that Fluid's core team based in India may be forced to cease operation with limited warning. Claims of regulatory exemption based on decentralization may not be defensible for emerging projects that still maintain significant centralized elements. In Fluid's case, its early developmental stage and relatively centralized operational structure could create regulatory exposure in jurisdictions where a meaningful connection or presence can be established. Given that the project will not cease to operate thanks to a globally diversified team and its non custodial nature, Arbitrum DAO should be aware of this risk but should not avoid proceeding with this allocation.