Iron Finance Case Study
DeFi is the Wild West of cryptocurrencies. It's both a testbed for many interesting financial experiments aimed at replacing traditional financial system and also a breeding ground for scams. Iron Finance was one such experiment. Their claim to fame was an algorithmic stablecoin called TITAN, based on the forked version of FRAX (another algorithmic stablecoin).
Context
On June 16 of 2021, a promising token called TITAN on Polygon ecosystem went from $60 to $0 in a matter of hours. What made things worse was the overload on the Polygon servers this caused, preventing most of the people affected from being able to withdraw their funds. Thousands watched their funds slowly dwindle to $0, unable to do anything about it.
This wasn't a random "shitcoin". It was a promising project that claimed to have invented a more efficient algorithmic stablecoin, called Iron. A stablecoin is a cryptocurrency pegged to a fiat currency, typically USD. The purpose of stablecoins is to give investors a way to exit their crypto position without having to leave the ecosystem or transferring to an exchange. Iron Finance attracted over $2 billion in liquidity in the first few weeks it was launched, including funds from billionaire Mark Cuban himself.
Stablecoins
So what made Iron Finance stand out from numerous stablecoins we already have (USDT, USDC, BUSD, DAI, UST)? What problem was it trying to solve? Stablecoins suffer from "proof of funds" dilemma. Regular banks are FDIC-insured, I'm talking about US banks here. This means that if the bank doesn't have the money to pay you back, US government will pay on their behalf. This is not the case with crypto, but a stablecoin has to give you the same guarantee. Some coins achieve this by storing physical cash on hand, others through clever algorithmic peg.
Naturally, if you're a a team behind growing crypto with a cash-backed stablecoin, there is an incentive to either put that cash to use or print more stablecoins than you have reserves for. And in fact, this is exactly what Tether, the world's largest provider of USD-backed stablecoins has recently been accused of. Supposedly they passed an audit and are all-clear now, but some sources don't agree, citing multiple flaws in the audit and other accounting issues on Tether's end. For more information on that topic, check out a video from Coffeezilla: Exposing Tether - Bitcoin's Biggest Secret). Clearly we can't trust a single corporation to police itself. As the famous Latin phrase goes: Who watches the watchers (Quis custodiet ipsos custodes?).
The other problem with cash-backed stablecoins is centralization. You're at the mercy of a single entity, and whatever political climate it happens to abide by. US Government has already started to enlist the aid of Circle, a US-based company behind USDC stablecoin, to track transactions and enforce sanctions.
Algorithmic Stablecoins
Algorithmic stablecoins solve both of these problems, and these come in 2 flavors. The first is a crypto-backed algorithmic stablecoin, such as DAI. The coin maintains a peg to USD through a combination of smart contracts over-collateralized by Ethereum. The problem with this approach is over-collateralization. A lot of money ends up locked in contracts, unusable by the economy. It's not a system that can compete with fractional reserve the banks use today.
This is where the second kind of algorithmic stablecoin comes in, the under-collateralized one. Iron Finance claimed to have solved this problem with their Iron token. The token was partially collateralized by USDC and partially by the algorithm minting and burning the supply of platform's native tokens as needed to maintain Iron's peg to $1. On Binance Smart Chain, where Iron Finance launched first, the native token was called STEEL, and on Polygon, the native token was TITAN. The collapse happened on Polygon, but could have just as easily occurred on Binance.
Iron maintained its peg to USD by paying 75% of its value in USDC and 25% in freshly-minted TITAN tokens upon cashing out. Those TITAN tokens could then be independently redeemed for cash, getting burned in the process. To avoid wild price fluctuations and flash-loan attacks during this redeem sequence, Iron Finance used a time-weighted average price (TWAP) for TITAN over the last 10 minutes. The end result would be 100% of the funds in USDC for the user cashing out and appropriate amount of TITAN burned/minted in the process to maintain the peg. The system effectively relied on arbitrage bots to stabilize it.
This clever design is one of the reasons it attracted so much investment from the smart money. The other reason was its high APYs, which started skyrocketing as a result of increased demand, attracting dumb money. The price of TITAN went from a couple dollars to $64 at its peak. The team got cocky, they started bragging about how fool-proof their algorithm was.
The Problem
On June 16, around 6pm, one of the community members noticed suspicious activity on the blockhain. A lot of TITAN was being minted and a lot of IRON was being sold. However, instead of being redeemed through the minting process the team expected, which would have burned excess TITAN, IRON was being swapped directly into USDC via the IRON/USDC pool. This caused the price of IRON to unpeg from the dollar, causing more TITAN to be minted to try to restore the peg.
The problem was that the more TITAN was minted, the faster the price of TITAN fell. Because the protocol used time-weighted average price, the redeeming function was using stale TITAN price data delayed by 10 minutes, giving users less TITAN than they should have received. The minting function, conversely, burned less TITAN than it should have.
Arbitrage bots took advantage of this, effectively minting IRON for 90 cents using stale TWAP data while swapping it back to a full dollar through IRON/USDC pool. When a community member tried to raise an alarm, developers accused him of spreading FUD. They downplayed the incident in general chat, and even muted it to avoid hearing more. Instead of addressing the issue, they gave false reassurance to the victims that system was working as intended.
Within a couple hours 34 trillion TITAN tokens were minted, and $2 billion worth of liquidity was drained out of the Iron Finance. For reference, this means that if TITAN had the market cap of Bitcoin, one TITAN token would still only be worth 1.7 cents. But TITAN's market cap is only a fraction of that, and each TITAN was now worth less than a millionth of a penny. Polygon network itself became unresponsive due to heavy congestion caused by Iron Finance. Users attempting to withdraw their funds were locked out because the bots were offering the system 20-100 times higher transaction fees, and were given priority by Polygon. No one knows how much Mark Cuban lost, but it seems that he reacted swiftly and got out before the majority noticed that something was wrong, leading some to believe that he was the cause of the problem. The situation got nicknamed Cuban Missle Crisis on discord.
The Collapse
By the time Iron Finance team reacted to the problem, their solutions were no longer adequate. They changed the TWAP delay several times, but it had no effect restoring user confidence. It is then that they told everyone to withdraw the funds, or what was left of them. Price of IRON plummted to its peg of 74 cents, but redeeming it became impossible because the devs assumed the price of TITAN could never go to zero. That's right, their smart contract was effectively running into a division by zero error, an edge case they didn't think to test prior to launch.
To remedy the issue, they timelocked the smart contract until a fix the next day allowed IRON holders to redeem 74 cents of USDC for every dollar they put in. Anyone who participated in a pool with TITAN couldn't redeem anything at all, their funds dwindled to zero. The team also published a post-mortem, where they dismissed the problem as a simple "bank run", effectively blaming the community instead of owning up to the glaring flaw in their algorithm that was already pointed out on discord and multiple Twitter accounts. What made matters worse is the team shrugged the whole thing off as a failed experiment, promising the community a new and better product to put their money into, at least for those who still had money left.
The Aftermath
Needless to say, this sparked an outrage within the community, and multiple efforts to try to establish the identities of this anonymous team. A few days later the team issued a more sincere apology, and a promise of a compensation plan. However, even the compensation plan itself turned out to be just another marketing ploy for V2 of their protocol.
Many members within the community believe the team is responsible, and while I don't subscribe to the conspiracy theories floating around about the team being tied to the bots who drained the liquidity, I too believe that the team handled this situation poorly. The team seems inexperienced, and clearly bit off more than they can chew.
There are no signs showing that the team itself profited from this exploit. It was not a rug pull, like many initially thought. And there were no obvious signs that this would happen. However, there was a lot of victim-blaming. After all, it should have been obvious from high APYs that this was a scam. Right?
Well, not really. If you're at all familiar with DeFi, you know that APYs always start high to incentivize early adopters. They drop as more users join, typically within weeks. Iron Finance was only a few weeks old on Polygon ecosystem. The devil was in the details. Only those who dissected the algorithm realized there was a flaw before the collapse occurred. RugDoc, an agency specifically dedicated to finding flaws in smart contracts gave Iron Finance a "Low Risk" rating, which was changed to high the day after the collapse.
If RugDoc missed this, how do we expect a regular DeFi user to catch this? This victim-blaming is no different than laughing at victims of medical malpractice. There are things the average consumer can verify, and things that require domain-level expertise, even if the information is in public domain. It is for this reason Mark Cuban is asking for regulation in the field, not because he's angry that he got hurt, as some claim. And whether we like it or not, the more cases like Iron Finance happen in our field, the more likely we're to see regulation. And even though regulation is not popular in crypto, this is not a bad thing. Ultimately, if we want mass adoption, the average consumer has to feel safe.