Archimedes Response — Llama Asset Risk Assessment

We are grateful for the feedback and effort put forth by the Llama Risk team, in their recently released Risk Assessment of lvUSD.

The risk assessment highlighted three main points of risk, of which there is some overlap. These include: Discrepancies in the Documentation, Access Control and Timelocks, and what we’ve categorized as Miscellaneous, or Other Issues.

Archimedes is a protocol that makes security a priority above all else, and as such, will make every effort to address these concerns as quickly and thoroughly as possible.

Here are some of the specific risks mentioned in the lvUSD asset risk assessment, and their short-term remedies being implemented by Archimedes.

Archimedes incorrectly claimed, that fees denominated in OUSD are being used to incentivize LPs. While this is still our long-term goal, it is not currently so.

Archimedes has also claimed to be a real yield protocol, sharing revenues sent to the treasure with LPs. As with the OUSD fee denomination statement this is not currently happening, though it is still a goal of ours.

Archimedes has claimed that all admin and minting actions are protected with a 72 hour timelock, however, these features are still being implemented.

The Zapper contract currently has an EOA with the Admin role, meaning someone with access to that account can upgrade the Zapper contract without any timelock.

Guardian role, Admin role, and Governor role are EOA

The llama risk assessment mentions that while emissions follow a schedule, there is currently a manual computation of $ARCH token’s dynamic emissions, by members of the Archimedes core-team.

Image of Twitter user DeFiMoon mentioning “hidden fee” found in lvUSD Risk Assessment

The llama Risk thread of lvUSD’s risk assessment highlights a “hidden fee” (as displayed above in a Tweet by a DeFiMoon) when unwinding a position. This “fee” is something that our team believes is inaccurately described, as it is not a fee at all, but a byproduct of how Archimedes estimates how much OUSD is needed to repay lvUSD to the pool. In the case they mentioned the estimation was too rough and resulted in a sort of high slippage for the user closing their leverage position, or llama risk put it, a hidden fee.

There was also mention of Archimedes’ lack of a liquidation mechanism. Specifically, in the case of an underlying asset (i.e. OUSD/DAI/USDC/USDT) losing its peg and causing a position to become insolvent. Currently, Archimedes v1relies on user activity to help mitigate this risk.

These last two potential risks are for our more technically inclined users, and the TLDR is that the team is already on it, and will fully resolve these concerns in Archimedes v2.

One concern being, the risk of frontrunning the auction by checking bids in the mempool.

And, the second being, insufficient parameter precision and inconsistent parameter formatting in the ParameterStore contract

All-in-all Archimedes is taking the lvUSD Risk Assessment as constructive criticism that will help us build a better DeFi protocol, and give users the assurances they need to confidently invest.

If you’re reading this and you have suggestions or concerns that you think the team should address please do so here. With Archimedes v2 on the horizon our team is steadily listening to and building with our community.

To learn more about Archimedes visit the official website https://archimedesfi.com/, join Discord and follow on Twitter.

Originally published at https://medium.com on April 13, 2023.