These updates are meant to be published monthly, but we are a bit behind on this one. As a result, this update covers the period spanning August 1 to September 19, and the next few updates may span slightly less than one month each.
Regarding Three Rocks personnel, @gerg has reduced his working hours to part-time. With some extra wiggle room now available, we have re-engaged with @joaobrunoah on a part-time basis. Given the change, it is possible that Three Rocks will end up with excess capital, which will be returned at the end of the funding period. Since neither Greg’s nor João’s working hours is set in stone, it is not possible to predict up front how much funding will be left over.
- Vulnerability response
- Worked with the SC Team to analyze the whitehat’s report and build PoC exploits for testing.
- Built a script to scrape all transactions, internal transactions and token transfers of linear pools and create a list of partners and external protocols that interact with the vulnerable pools in any manner.
- Worked with the Marketing Team to disseminate information quickly to all partners as part of the public disclosure.
- Assisted the Blueberry team in developing their Bloom TBY price oracle.
- Code review
- Managed pool documentation has been completed following the addition of a subsection on circuit breakers.
- LVR capture arbitrage bot
- An outstanding Grants RFP seeks to develop an arbitrage bot to capture LVR (Loss Versus Rebalancing) by out-competing other arbitrage bots on reduced swap fees. It will return a portion of its profits to LPs.
- We contacted Grants about absorbing this work to save the DAO from paying out the grant to an unproven team.
- About 90% of the on-chain execution contract is now finished, and next month will focus more on the off-chain listener.
- Python tooling
- Built a script to generate historical rate provider price charts w/ derivatives (see sample chart below). This is intended for internal usage to expedite code reviews.
- Generalized an existing Etherscan Python library to work with all *scan endpoints (polygonscan, arbiscan, etc).
- Improved contract dependency graph for rate provider (and other) code reviews.
- Integrated SOR routing into balpy.
- This was a Balancer Grants RFP. Given our intimate familiarity with balpy, we decided to take this on to save the DAO some money.
- Ongoing Telegram support for many partner teams and third-party devs.
- Aave Safety Module should go live soon. (This work was completed in prior months but has not launched yet.)
The following metrics are intended to showcase the value to the Balancer ecosystem of various integrations developed and code reviewed by our team. We obviously cannot claim full credit for each of these metrics, as the integration process is long and involves multiple parties from business development all the way to governance execution. It is also not possible to estimate how much of the overall metrics can be attributed to our team directly vs other teams, so we simply present the numbers in their entirety.
The presentation of these numbers is rather crude for now, but this is only a first iteration of our metrics. The goal is to establish some means of evaluating the worthiness of each endeavor to inform decisions around future similar endeavors. We continue to be open to feedback.
- Bloom TBY development work
- Time spent: 20 hours
- First pool
- TVL: $1,206,552
- Volume: $32,943
- Fees: $3.29
- More pools upcoming (a new TBY is created every month)
- Rate Provider reviews
- Time spent: 10 hours
- TVL: $3,471,581
- Volume: $375,401
- Fees: $37.54
- Time spent: 2 hours
- TVL: $8,748,699
- Volume: $2,049,752
- Fees: $715.34
- Time spent: 5 hours
- TVL: $2,173,777
- Volume: $101,034
- Fees: $40.41
- Time spent: 3 hours
- TVL: $285,152
- Volume: $174,838
- Fees: $69.94
- Time spent: 4 hours
- Pool (gauge not active yet)
- TVL: $8
- Volume: $0
- Fees: $0
- Time spent: 5 hours
- TVL: $875,392
- Volume: $60,574
- Fees: $24.23
We recently inserted a small tag into all transactions originating from the Python-based
balpy toolkit. This does not track any sensitive user data but simply gives us a window into which on-chain transactions are being submitted via
balpy. Since introducing this change within the last couple of months, we’ve seen the following activity across all chains:
We still believe that boosted pools are a core differentiator for the Balancer tech stack when measured against other DEXs, but linear pools have been officially sunsetted following the recent vulnerability. So, we are heads-down working with the Balancer Labs Smart Contracts Team to design an even better version. This will require significant time expenditure but will be well worth it from our perspective.
Unfortunately, we can’t say much about this yet. A high-value DeFi partner has proposed a pool(s) that could significantly increase Balancer TVL. We are actively brainstorming possible configurations and/or engineering solutions. Neither side has made a firm commitment yet, but we hope that we can secure this opportunity and deliver a big TVL boost for the Balancer ecosystem.
This focus area has been through so much adversity, from read-only reentrancy to the more recent rate manipulation attacks, that it’s tempting to cut it altogether. At various points over the last several months, we have been uncertain as to the future of BPT as Collateral and have put the work on hold.
We still believe that having external use cases for BPT creates a strong magnet for Balancer liquidity. And with the official sunsetting of linear pools last week, we see an opportunity. Excluding linear pools actually simplifies the problem and allows us to focus on the area where we are seeing the most demand for BPT as Collateral: LST pools.
The ongoing work with Aave is now in internal review.
We often hear the question, “can I put X in a stable pool?” and we believe that partners would benefit from a tool that helps to answer that question. Our first goal is to research the effects of different rate provider volatilities on stable pool performance. We will examine the impact of various forms of arbitrage and rate update sandwich attacks.