stETH和可重置代币的一些”毛病“ (stETH and the Hazards of Rebasing Tokens)

Chainlink was recently integrated with Euler for asset pricing. As mentioned, we at Euler Labs believe this is necessary to protect Euler users during the Ethereum Merge upgrade (although we are still proponents of on-chain pricing like TWAPs wherever possible— see some of our recent research).

Chainlink最近与Euler集成 ,用于资产定价。如前所述,我们 Euler Labs 认为这对于在 Ethereum Merge 升级期间保护 Euler 用户是必要的(尽管我们仍然尽可能支持 TWAP 等链上定价 - 请参阅我们的一些 最近的研究)。

However, another benefit of Chainlink pricing is to securely support assets that don’t have liquid Uniswap3 pools. One such asset is Lido’s stETH token. This is a token that represents shares of Lido’s staking protocol. In order to maintain price parity with regular ETH as fees are accrued, the stETH contracts implement a daily rebase. This means that once per day the rewards (and slashing, if any) are credited to token holders by proportionally increasing everyone’s balances. This is a very convenient way to distribute rewards but causes many complications in down-stream products like Euler.

然而,Chainlink 定价的另一个好处是安全地支持没有流动性 Uniswap3 池的资产。其中一项资产是 Lido 的 stETH 代币。这是一个代表 Lido 质押协议份额的代币。为了在产生费用时保持与常规 ETH 的价格平价,stETH 合约实施每日 重置。这意味着每天一次,奖励(和削减,如果有的话)按比例增加代币持有者的余额。这是一种非常方便的奖励分配方式,但会给 Euler 等下游产品带来许多复杂性。

If you plan to deposit or borrow stETH on the Euler platform, please read the following article because there are some important points you should be aware of.

如果您打算在 Euler 平台上存入或借入 stETH,请阅读以下文章,因为您应该注意一些要点。

重置和保险库 (Rebasing and Vaults)

One common issue with rebasing tokens is how they are handled by vault-like systems. For example, consider a contract that accepts an stETH deposit, records how much was deposited, and allows you to withdraw that amount later on. What happens when a rebase occurs? The contract’s balance increases but the record of how much you can withdraw does not, because it’s internal to the contract. So this means that the Lido rewards effectively accrue to the contract, not the depositor. If there is no way to “skim” unaccounted-for tokens out of the contract, then they are irretrievably lost.

可重置代币的一个常见问题是它们如何被类似保险库的系统处理。例如,考虑一个接受 stETH 存款的合约,先记录存入的金额,并允许您稍后提取该金额。发生重置时会发生什么?合约的余额会增加,但你可以提取多少的记录不会增加,因为它是合约内部的。因此,这意味着 Lido 奖励有效地累积到合约,而不是存款人。如果没有办法从合约中“拿出”下落不明的代币,那么它们将无法挽回地丢失。

This is actually the reason that Euler’s eTokens are not rebasing. Like Compound’s cTokens, balances don’t update with accrued interest, but are instead exchangeable for a growing amount of underlying tokens. By contrast, AAVE’s aTokens are rebasing, which results in the vault issue described above.

这实际上是 Euler 的 eToken 并非 可重置 的原因。与 Compound 的 cToken 一样,余额不会随着应计利息而更新,而是可以兑换成越来越多的对应/基础代币。相比之下,AAVE 的 aToken 可重置的,这会导致上述保险库问题。

Uniswap3 is another vault-like system. Because of the concentrated liquidity feature, each position’s balances are tracked internally in the contract (as opposed to using the contract address’s balance, like Uniswap2 and others). This is likely one of the reasons there are no liquid Uniswap3 pools for stETH. Although the pools exist, liquidity providers will not earn the Lido fees, which means they will most likely be less profitable than they would be on Curve or Uniswap2.

Uniswap3 是另一个类似保险库的系统。由于集中流动性的特点,每个头寸的余额都在合约内部进行跟踪(而不是使用合约地址的余额,如 Uniswap2 等)。这可能是 stETH 没有流动性 Uniswap3 池的原因之一。尽管存在池,但流动性提供者不会赚取 Lido 费用,这意味着它们的利润很可能低于 Curve 或 Uniswap2 上的利润。

wstETH又如何?(What about wstETH?)

wstETH is a “wrapped stETH”. Its purpose is to provide a non-rebasing interface to stETH. Like Euler’s eTokens, wstETH becomes exchangeable for a growing amount of stETH over time (assuming earned rewards are greater than slashing). Because it is non-rebasing, the above issues do not apply.

wstETH 是一个“封装的 stETH”。其目的是为 stETH 提供一个非重置的接口。与 Euler 的 eToken 一样,随着时间的推移,wstETH 可以兑换成越来越多的 stETH(假设获得的奖励大于削减)。因为它是非重置的,所以上述问题不适用。

Euler has supported wstETH for some time, both as a collateral and borrowable asset. Its Oracle rating is currently Low Risk, which means the cost of manipulating its price on Uniswap3 is very high.

无论是作为抵押品还是可借用资产,Euler 支持 wstETH 已经有一段时间了。它的 Oracle 评级目前为低风险,这意味着在 Uniswap3 上操纵其价格的成本非常高。

However, there has been significant demand to also support stETH directly. stETH does have some advantages over wstETH. In particular it can be considered soft-pegged to the value of ETH, and as such is well-suited for use on systems like Curve1.

然而,直接支持 stETH 的需求也很大。 stETH 确实比 wstETH 有一些优势。特别是它可以被认为与 ETH 的价值软挂钩,因此非常适合在像 Curve1 这样的系统上使用。

借入stETH (Borrowing stETH)

On AAVE, stETH is supported as a collateral asset, but you cannot borrow it. Certainly its rebasing nature complicates borrowing, but Euler’s governance has voted to support borrowing stETH with a borrow factor of 0.91. At Euler Labs we agree with this decision because we believe that the ability to borrow (and therefore to short sell) an asset is key to a healthy market.

在 AAVE 上,stETH 被支持作为抵押资产,但你不能借用它。当然,它的可重置性质使借贷复杂化,但Euler的治理已投票 支持使用0.091的借贷因子借入stETH。在 Euler Labs,我们同意这一决定,因为我们认为借入(并因此卖空)资产的能力是健康市场的关键。

However, there are some caveats that stETH borrowers should be aware of, which we will describe below.

但是,stETH 借款人应该注意一些警告,我们将在下面描述。

还款的复杂性 (Complications with Repay)

If you look into the implementation of the stETH contract, you will see that the way it implements rebasing is by tracking an internal “shares” value for each user, and then converting these shares to and from balances when balanceOf() , transfer(), etc are called. The unfortunate consequence of this is that when converting shares to balances or vice versa, rounding can occur. This means that there are some values for balances that cannot be precisely represented.

如果你查看 stETH 合约的实现,你会发现它实现 可重置 的方式是跟踪每个用户的内部“份额”值,然后在 balanceOf() transfer()等被调用时将这些份额转换为余额。这样做的不幸后果是,当将股份转换为余额或反之亦然时,可能会发生四舍五入。这意味着有些余额值无法精确表示。

For Euler users, this means that repaying stETH loans is slightly more complicated than with other assets. Because of the rounding, when the Euler contract pulls a precise amount from your wallet to repay a loan, it might receive a few wei less than requested, leaving you with a very small amount of “dust” debt. While this isn’t necessarily a problem, it does have some downsides:

对于 Euler 用户来说,这意味着偿还 stETH 贷款比使用其他资产稍微复杂一些。由于四舍五入,当Euler合约从你的钱包中提取一个精确的金额来偿还贷款时,它可能会比要求的少一些 wei,给你留下非常少量的“尘埃”债务。虽然这不一定是问题,但它确实有一些缺点:

  • You will not be able to exit the stETH market on this sub-account

  • You may not be able to take out any other loans on this sub-account due to borrow isolation

  • You have to keep a small (dust) amount of collateral locked in this sub-account

  • You don’t get the gas refund for setting a storage slot back to exactly 0

  • 您将无法在该子账户上退出 stETH 市场

  • 由于借入隔离,您可能无法在此子账户上提取任何其他贷款

  • 您必须在此子账户中锁定少量(灰尘)抵押品

  • 将存储槽设置回 0 不会获得 gas 退款

Euler Labs is working on a UI-level fix for the Repay action that will automatically get rid of this dust for you. Please follow our discord for updates on this progress.

Euler Labs 正在为还款操作进行 UI 级别的修复,它将自动为您清除这些灰尘。请关注我们的 Discord 以获取有关此进展的最新信息。

交换的复杂性 (Complications with Swap)

Unlike many other lending protocols, Euler has a built-in mechanism for Swapping tokens on DEXs like Uniswap3 and others (via 1inch). This is useful for setting up and unwinding leveraged positions with an EOA (non smart-contract) wallet.

与许多其他借贷协议不同,Euler 具有用于在 Uniswap3 等 DEX 上交换代币的内置机制(通过 1inch)。这对于使用 EOA(非智能合约)钱包设置和平仓杠杆头寸很有用。

However, a related problem can occur here as with repay. Currently, when a 1inch swap is requested, our Swap module checks the bought amount returned by 1inch. For rebasing tokens this amount is incorrect, as it is the amount that 1Inch requested to be transferred, not the actual amount that Euler received (which may be less). This can cause the swap to fail.

但是,与还款一样,这里可能会出现相关问题。目前,当请求 1inch 交换时,我们的交换模块会检查 1inch 返回的购买金额。对于可重置代币,这个金额是不正确的,因为它是 1Inch 请求转移的金额,而不是 Euler 收到的实际金额(可能更少)。这可能会导致交换失败。

While our swap module does also support directly swapping with Uniswap3, this is not a good option in this case since (as described above) there are no liquid stETH pools on Uniswap3.

虽然我们的交换模块也支持直接与 Uniswap3 交换,但在这种情况下这不是一个好的选择,因为(如上所述)Uniswap3 上没有流动的 stETH 池。

Euler Labs developers have designed a major improvement to the Swapping architecture (currently under audit) and believe we will have a comprehensive solution to this in the near future.

Euler Labs 开发人员设计了对 Swapping 架构的重大改进(目前正在审核中),并相信我们将在不久的将来有一个全面的解决方案。

In the mean-time, if you have any issues with, or questions about, swapping, please open a support issue on discord and someone from Euler Labs will help figure out the best solution for your situation.

同时,如果您对交换有任何问题或疑问,请在 discord 上打开支持问题,Euler Labs 的人员将帮助您找出适合您情况的最佳解决方案。

收益窃取攻击 (Yield Theft Attack)

Since stETH does a daily (as opposed to continuous) rebase, there is another issue to be aware of. While the previous issues only affect borrowers, the following affects depositors (but is a consequence of borrowing).

由于 stETH 每天(而不是连续)进行重置,因此还有另一个问题需要注意。虽然之前的问题只影响借款人,但以下问题会影响存款人(但这是借款的结果)。

When you deposit stETH into Euler, you are earning yield from two separate sources:

当您将 stETH 存入 Euler 时,您将从两个不同的来源获得收益:

  • The portion of the pool that has been borrowed. The borrowers pay interest according to a special interest rate model. This model starts with the Lido rewards as a base interest rate, and then charges additional interest depending on the utilisation of the pool.

  • The portion of the pool that has not been borrowed. This balance sits in the Euler contract and receives rebasing rewards which are proportionally allocated to stETH depositors.

  • 已借用的池部分。借款人根据特殊利率模型支付利息。该模型以 Lido 奖励作为基本利率,然后根据池的利用率收取额外的利息。

  • 池中未借用的部分。该余额位于 Euler 合约中,并获得按比例分配给 stETH 存款人的重置奖励。

The intent of the above is to ensure that depositors at least earn the Lido reward that they would by simply holding stETH, and maybe extra depending on the pool’s borrowing activity.

上述内容的目的是确保储户至少能够通过持有 stETH 获得 Lido 奖励,并且可能会根据池的借贷活动获得额外奖励。

However, there is a subtle attack that can be used to steal the daily yield on the rewards for the unborrowed amount. If you knew exactly when the rebasing was to occur, right before the rebase you could borrow the entire amount remaining in the pool, wait for the rebase, and then immediately repay the borrowed amount, pocketing the reward. This can even be done within a single block by sandwiching the transaction that triggers the rebase, in which case you would pay no interest on the borrow.

但是,有一种微妙的攻击可用于窃取未借出金额奖励的每日收益。如果您确切知道重置发生的时间,那么在重置之前,您可以借入池中剩余的全部金额,等待重置,然后立即偿还借入的金额,将奖励收入囊中。这甚至可以通过将触发重置的交易在一个块内完成,在这种情况下,您无需为借款支付利息。

In fact, you could do this for any system that allows you to temporarily withdraw stETH and re-deposit the same amount. For example, you could buy a ton of stETH on Curve right before the rebase, earn the reward, and then sell it back to Curve.

事实上,您可以对任何允许您暂时提取 stETH 并重新存入相同金额的系统执行此操作。例如,您可以在重置之前在 Curve 上购买大量 stETH,获得奖励,然后将其卖回给 Curve。

In general, this attack is only worthwhile if the amount earned is greater than the amount expended in terms of gas and protocol fees.

一般来说,这种攻击只有在赚取的金额大于gas和协议费用的支出时才值得。

While the fees charged by Curve almost certainly offset the profit you would earn, on Euler taking a loan and immediately repaying is free, except for gas. Fortunately, our analysis has shown that this attack will not become profitable until the Euler pool reaches a large TVL.

虽然 Curve 收取的费用几乎肯定会抵消您将获得的利润,不过Euler贷款并立即偿还是免费的,虽然gas除外。幸运的是,我们的分析表明,在Euler池达到较大的 TVL 之前,这种攻击不会变得有利可图。

Euler Labs will soon be proposing an upgrade to governance that allows assets to be configured with a “loan origination” fee, which will charge a very modest fee to borrowers when they initiate a loan. This should ensure that this attack is not possible, no matter the pool size.

Euler Labs 很快将提议对治理进行升级,允许为资产配置“贷款发起”费用,这将在借款人发起贷款时向他们收取非常适中的费用。这应该确保这种攻击是不可能的,无论池大小如何。

关于Euler (About Euler)

Euler is a capital-efficient permissionless lending protocol that helps users to earn interest on their crypto assets or hedge against volatile markets without the need for a trusted third-party. Euler features a number of innovations not seen before in DeFi, including permissionless lending markets, reactive interest rates, protected collateral, MEV-resistant liquidations, multi-collateral stability pools, sub-accounts, risk-adjusted loans and much more. For more information, visit euler.finance.

Euler 是一种资本效率高的无许可借贷协议,可帮助用户从其加密资产中赚取利息或对冲波动的市场,而无需受信第三方。 Euler 具有许多在 DeFi 中前所未有的创新,包括无许可的借贷市场、回应性利率、受保护的抵押品、抗 MEV 清算、多抵押品稳定池、子账户、风险调整贷款等等。有关更多信息,请访问 euler.finance

赞赏