💡 Take note that Solend does not conduct due dilligence or verify the safety of each Permissionless Pool. Read this page to understand the risks of Permissionless Pools.
How does a user stay safe in Permissionless Pools?
Understand all the tokens present in any Permissionless Pool (even if you are depositing USDC).
Make sure the parameters are realistic.
Ensure that a liquidator is running in the pool.
Check that the oracle is displaying the correct price.
Understand who (individual/multisig/dao) owns the pool. As pool owners are able to change parameters or add new assets to the pool at anytime.
Note: Solend does not reimburse for losses incurred in a Permissionless Pool. It is important to conduct your own research on each pool.
Let’s assume a pool of the following two reserves when discussing risks:
SNDO: A governance token of a new project
USDC: Standard USDC
SNDO is a new token that you might not be familiar with. The risk of this token will affect the entire pool, even if you are just depositing USDC. For example, if a user managed to mint infinite numbers of SNDO, and deposits it to borrow USDC, it is possible to drain the pool. This could happen via an exploit by external parties or the team behind the token.
To assess this risk, you can research the mechanisms of the SNDO token, mainly around how new tokens enter the market (how tokens are minted), and the smart contract risks associated with the platform.
As tokens can be listed permissionlessly with configs up to the creator, there is a chance of low-liquidity tokens being listed with “stable/safe” configs.
For example, if an open LTV of 75% is set, users can borrow $0.75 of USDC against $1 of SNDO. However, if SNDO is a new token with low liquidity, it might be common to have 15-20% slippage.
This means that a liquidator might not be able to reliably liquidate SNDO to pay back USDC debts, causing user’s health to turn negative, and bad debt for the pool.
For Permissionless Pools, Solend will not be operating a liquidator to ensure that all the pools are kept healthy. Pool creators are responsible for ensuring that a liquidator is operating for smaller tokens such as the SNDO token.
Users should use pools that have a reliable liquidator. Learn more about how to run one here.
For Permissionless Pools, pool creators are expected to create their own oracles. These oracles can be prone to error or used incorrectly (e.g. USDC oracle used for UST price). SNDO’s price might be inaccurate or stale, causing liquidations or preventing users from withdrawing or borrowing.
We have a doc on Switchboard oracle listings here. Pool creators can follow it to learn how the existing oracles are created. Users can also read it to self-verify that an oracle is well created.