Users face endogenous and exogenous risks when using zkLend. We advise users to carefully DYOR to understand these risks before committing funds. Below includes some, but not all of the risks.
Types of Risks
Users should understand the endogenous and exogenous risks and how they relate to possible loss and / or liquidations of collateral.
Endogenous
Exogenous
Smart Contract
Volatile asset prices
Illiquidity
Centralisation
Bad Debt*
Oracle Risk:
Code vulnerability
Centralisation
*Defined as positions that do not incentivise borrowers to repay their debts.
Risk Mitigation and Security
To reduce risk, the following have been taken the following measures to prioritise a secure, scalable, and transparent protocol.
In addition, the zkLend team has established a partnership with Hypernative since May 2023 to ensure protocol security soundness. These include a review of the security framework, standard operational procedures. Additionally, Hypernative will work to provide early warning systems for potential attacks on AMM pools and bridges, monitor price oracles, detect asset price deviations from expected, and warn against reentrancy attacks.
Our Endogenous Risk Mitigation Practices
Smart contract risk
Audit:ABDK and Nethermind Smart Contract Audit, completed in April 2023
Formal Verification: Nethermind Formal Verification, completed in April 2023
Centralisation risk
DAO transition: Eventual DAO transition for ZEND holders with transparent and fair onchain governance
Results of our audits and any vulnerabilities identified from bug bounties will be shared with the community and the reports may be found under Audit and Formal S. Note that this list is live and on-going as the team will continuously work to ensure the smart contract security and eventual decentralisation of zkLend to a DAO.
Our Exogenous Risk Mitigation Practices
Collateral assets
Selective whitelist: Whitelisting conservative, trusted assets with higher market caps for collateral in the initial ramp up phase, following with DAO governance for future collateral parameters
Dynamic Interest Rate: Interest rates separate for different markets
Reserve Ratios and Borrow Factors: On top of managing utilisation ratio at around optimal utilisation point, reserve ratios and borrowing factors are implemented in asset pools available to borrow to maintain sufficient liquidity to service withdrawal
Bad debt
Interest Curve: Varying optimal utilisation rate (65-90%) reflective of asset and debt risk
Safety Module: Allocating market specific reserve ratio for zkLend safety module for liquidity backstop
Liquidator Incentive: Fixing liquidator discount for all collateral across the protocol
Oracle
Code vulnerability: Selecting partners with relevant code audits, formal verification and bug bounties
Counterparty / centralisation risk: Partnering a trusted oracle partner, Pragma, with high quality price data and roadmap
Self price deviation checks: Implement own system of checks with automatic trigger and backstop
As the protocol continues to evolve, the team will actively modify risk management procedures where necessary. Users should continue to do their own research and stay informed when using any DApp, including but not limited to zkLend.