Introduction
Silo creates secure and efficient money markets for all token assets through a permissionless, risk-isolating lending protocol.
Secure, efficient, and permissionless money markets are characterized by:
Compartmentalizing risk through design, not through watchdogs tracking risk for each token
Minimizing governance; governance is not needed to whitelist assets
Accepting all token assets
Being highly liquid and fluid. Liquidity is concentrated and bridged, accepting any token as collateral
Liquidity constraints are set by the market, not governance. An asset ability to be used as collateral is only determined by its ability to find counter-parties.
In May 2021, the DeFi community realized that shared-pool lending protocols were in fact vulnerable to market-related risks when Venus — the biggest lending protocol running on Binance Smart Chain — experienced insolvency as a result of the price manipulation of a collateral asset (XVS). With $100M of bad debt accrued, many users in the protocols lost their deposits (1).
Fast forward to October 2021, CREAM Finance suffered from $130M of bad debt as a result of a $2B flashloan attack (2). This is not the first flashloan attack to hit DeFi or CREAM; CREAM lost $19M in a flash attack two months prior.
When a shared-pool lending protocol whitelists a token as collateral, the entire protocol is exposed to the risk posed by the token. Lending protocols such as Aave, Compound, and CREAM have this flaw baked into their design; they are as secure and strong as their weakest collateral asset. Therefore, as they expand lending support for long tail assets, their entire protocol inherently becomes less credit worthy. When CREAM whitelisted the then illiquid token, $FTT, the community understood the protocol’s security had been weakened by this expansion. The community acted swiftly upon discovery, requesting the token be delisted, but not before the token had been heavily used to short many assets (3).
Aave and Compound, unlike CREAM, mitigate market risks through implementation of rigid risk policies that account for factors such as liquidity, centralization, and volatility of the token being considered as collateral. But even comprehensive risk policies cannot entirely mitigate the systemic risk inherent to their design.
For example, what if the liquidity of a collateral token plummets before governance could deactivate its borrow function in time? The majority of governance models implement a timelock before a passed proposal is enacted, meaning that this hypothetical is a real possibility. In November 2021, Aave’s community (4), in the aftermath of the CREAM misfortune exploit, proposed to deactivate borrow markets for $DPI and $xSushi, fearing an exploit might take place. Two days elapsed between the creation of the proposal and its execution. The CREAM flash loan attack took place in less than a few hours. The exploit could have been conducted because it was identified by the proposal and because of the slowness of governance to act.
In short, shared-pool lending protocols are always trading off asset support and safety of deposits. The lending protocols of today are designed for efficiency at the expense of scalability.
Isolated lending protocols offer a better design for money markets. There are several protocols that implement them today through various mechanisms. Among the implementations, two extremes emerge:
Isolated markets, such as Kashi’s fragmented markets: Kashi creates a money market for any pair imaginable. For Dai alone, Kashi has over 30 markets. This implementation achieves high security through extreme isolation of markets but markets are spread too thin; they cannot perform efficiently.
Isolated pools, such as Rari’s Fuse pools. To solve for efficiency, a Fuse pool functions like Aave or Compound. Because a pool can consist of many tokens, the entire pool is rendered risky when one of the token assets cannot be trusted for any reason — as seen with Rari’s Tetranode pool 6 (5). In this situation, if a user doesn’t trust one of Tetranode’s 19 token assets, the entire pool is rendered worthless to them. Solving this problem requires Rari to create an infinite number of pools that match the risk profile of a large user base. In addition, each fuse pool has a manager that can change the parameters of the pool unilaterally, thus placing the security of a pool on a single point of failure. In other lending protocols, we see governance perform this functionality.
But what if we could design a lending protocol that achieves the near-efficiency of shared-pool lending protocols and the security of isolated money markets.
Enter Silo
Our journey started on Sep 15, 2021, when we entered ETHGlobal’s 2021 hackathon with an idea for a lending protocol that would do for lending what Uniswap did for liquidity. In a space of 3 weeks, we had written a codebase from the bottom up for a non-custodial lending protocol capable of implementing secure, efficient, and inclusive money markets
Silo’s high-level protocol overview
Secure
The protocol mitigates risks by design. It implements isolated money markets — we call them Silos — with each Silo consisting of two assets only, the bridge asset and a unique token. By isolating the risk of any asset to a specific silo, new and higher-risk assets can be immediately utilized in lending markets without causing systemic risk to assets held in other Silos.
Efficient
The protocol implements one Silo only for a token asset. This design concentrates liquidity in single pools and allows any token to be used as collateral to borrow other tokens.
Inclusive
Silo Finance is and will always be a permissionless protocol. Any user will be able to create a market for any token.
Rundown of Silo Protocol
Silo: A Silo is an isolated money market that supports only two assets, the bridge asset (e.g. ETH) and a unique token. When created, all Silos share the same collateral factors that can be configured for each Silo.
Bridge Asset: The bridge asset (e.g. ETH) connects all Silos in the protocol. For a collateral token to borrow another, the process requires creating two positions, both are denominated in ETH so they approximately cancel each other out. The user’s exposure to ETH is minimized but the exposure to the long and short is maximized.
Collateral Factors: Silos provide similar risk isolation as Liquidity Provider (LP) pools on AMMs such as Uniswap. Similar to Uniswap v1, each Silo v1 has the same parameters for Loan to Value (LTV), Liquidation Threshold, Liquidation Penalty, and Oracles. And like Uniswap, a Silo can be created for any asset. Users can borrow up to 50% of the value of their collateral. Collateral will be liquidated when the debt position is 62.5% of the collateral. This high liquidation threshold reduces the risk of any silo becoming under-collateralized during a liquidation event. All factors can be adjusted on a Silo.
Interest Model: Interest rates are set dynamically based on an 80% target utilization for collateral. With dynamic rates, Silos continue to increase or decrease the borrow/lending rate of an asset until 80% of the collateral is utilized. This optimizes utilization while also maximizing liquidity. Dynamic rates are a meaningful improvement on the linear utilization models of Aave, which have an upper bound on the interest rate at 100% utilization that has occasionally left depositors unable to withdraw their deposits at will.
Token: The network’s native token that is used to participate in the governance of the protocol. Token holders will comprise a DAO, which will oversee the protocol-controlled assets and adjust collateral factors, among other functions.
Protocol Governance
Silo will launch with a fully decentralized DAO — we call it the Silo DAO. The governance token gives the holder a say in the future of the protocol through voting and delegation rights. The core contributors team have laid the foundation for the protocol to flourish, but it is the community that will ensure we become the leading protocol for secure money markets. We ask the community to join the journey. It is open for everyone.
Silo will likely implement a governance model of delegated voting, similar to one Compound uses. To ensure the technological implementation goes smoothly in the early days of the protocol, the core development team will act as the warden of the protocol and the executor of snapshot-based votings. The development team will not have any control over the Silo DAO’s treasury at any point. Meanwhile, the community will retain 100% control over the Silo DAO’s treasury, and can create proposals to affect changes through voting. As the dust settles following the protocol launch, the development team will slowly hand over the administrative responsibilities entirely to the Silo DAO.
When the delegated governance model is implemented, token holders can either vote on proposals or delegate their voting power to other members of the community. Over time, we will build a complete application for on-chain governance, which will consist of a voting dashboard with real time reporting and tracking of the DAO’s assets. More information regarding the exact logistics of the DAO and its governance will be provided in a future post.
Silo will be governance-minimized. Money markets are permissionless and therefore don’t require any active intervention by governance to create or operate.
Token holders will be able to vote on the following aspects among others:
Directing the protocol-controlled assets to where it’s beneficial to the growth of the protocol.
Turning on/off DAO’s revenue mechanisms.
Adjusting collateral factors such as LTV and Liquidation Threshold for each Silo.
Approving important product milestones.
Similar to established DAOs, the Silo governance forum will be a place where governance members can share their opinion by broadcasting proposals to the other members of the organization. Each token holder can then vote to accept or reject any proposal.
We believe community control will be achieved through a fair and public distribution of the Silo DAO’s governance. We will publish more information about the token distribution soon.
Roadmap
Each Product roadmap offers a long-term perspective on the project and communicates founder commitment and transparency. However, the blockchain and DeFi move at the speed of light, and projects have to adjust roadmaps based on market dynamics.
With that said, our product roadmap from Q4 2021 to Q1 2022 is as follows:
Q4 2021 — Q2 2022
Silo DAO
Genesis Token Auction Event
Security reviews & audits
Silo protocol beta
Collateral factors optimization
Interest model optimization
Liquidity incentive mechanism
Data analytics & performance tracking
Improved UI/UX
TWAP Oracles security
Developer toolkit for bridge-asset yield strategies
Our roadmap will evolve gradually in response to the protocol performance and our efforts to explore new opportunities with partners and community members.
Exploring Areas of Opportunity
Our product vision is to build value capturing money markets for the Ethereum blockchain and beyond. Given the composability of DeFi, exploring value creation opportunities relies significantly on aligning Silo with the right partners.
We are currently exploring key areas of opportunity with a group of thought leaders and builders in DeFi, including Joey Santoro from FEI Protocol, Sam Kazemian from Frax, Santiago R Santos, Tyler Reynolds, Ameen from Reflexer, Tyler Ward from BarnBridge, and many others.
We will present the areas we’re exploring in future posts and invite the community to participate in conversations to shape the product vision for Silo.
The Future of Money Markets
Silo improves drastically on existing implementations of lending markets. By providing secure, efficient money markets to potentially all crypto assets, Silo will grow to become an important primitive in DeFi.
We are excited to share Silo with the community.