Nuo Network (NUO)

From CryptoWiki

Revision as of 20:30, 19 October 2020 by wiki_crypto>Zeb.dyor (→‎Audits)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Basics

  • DeFi
  • P2P debt marketplace for lending and borrowing
  • "We currently (9-2019) support ETH, DAI, MKR and 8 ERC20 tokens on the debt marketplace"
  • "Nuo Network is non-custodial. All user funds are locked in smart contract based accounts without Nuo Network having any direct or indirect access to those funds. These funds can be accessed only using smart contract based account by a user."

Tech

Oracle Method being used

"Oracle Method

For any currency pair, Nuo uses best price provided by decentralised exchanges (Pd) and hard-fences it using volume weighted average price aggregated over price feeds from centralised exchanges (Pc).

Currently Nuo uses Kyber and Uniswap as decentralised partner exchanges. Among centralised exchanges, Nuo tracks price and volume across all major cexes with >50 total cexes added already.

At any time, for any currency pair, Pd = Best Price across partner decentralised exchanges Pc = TimeDecaySum( Sum( VolumeOfCex * PriceByCex ) / TotalVolumeAcrossAllCexes )

VolumeOfCex, PriceByCex and TotalVolumeAcrossAllCexes use clustering techniques to remove anomalies in price/volume and ignore exchanges with poor pricing.

TimeDecaySum is built to reduce effect of a high volume exchange going offline for a while by reducing the weight of the price obtained from a cex based on the duration when the last trade was recorded from it.

For any currency pair, Nuo hard-fencing ensures the following holds true: lower_fence * Pc < Pd < upper_fence * Pc

Currently, fencing percentage is placed at 10% system-wide. Hence, lower_fence = 0.9 and upper_fence = 1.1. We can expect a tighter fence as dexes get more efficient and liquid in future

At any point in time, if the above condition does not hold true, the exchange market is paused and resumed again when the condition becomes true. This is done to prevent any unwanted liquidations from happening on the platform due to price manipulations or flash crashes across our partner dexes.

There are plans to potentially integrate Chainlink in a future version.

Source

Governance

Upgrades

From DeFi Rate (7-4-2020):

"With the launch of Nuo Exchange, Nuo integrated a number of rising trends for an enhanced DEX experience including:

  1. Liquidity Aggregation – Nuo’s exchange uses smart order routing to pull the best prices from 0xUniswapKyber Network and Oasis.
  2. Custom Slippage – Users have the ability to dictate the maximum amount of slippage they are willing to have, otherwise the transaction fails.
  3. Metatransactions – Trades on Nuo’s exchange come with no transaction cost to the end-user.

Upon the first use of the exchange, it feels great! Users should note that the minimum requirement to swap on the exchange is currently set at 0.25ETH with a maximum order size of $10,000."

Audits

  • Bug bounty program can be found [insert here]. None according to Blockchain Security DB (29-6-2020), which does show 1 audit (4-2019).
  • Scored a 28% on DeFi Safety (9-2020); "Audits should take place before the deployment with corrections if the audit indicates them. It appears Nuo had an audit 3 months after deployment as the repository created for this purpose indicates. The audit report is NOT public. There are evident corrections (as indicated by AccountFactoryV2.sol).

I assume the audit took place after deployment. Nuo does not advertise that it had an audit. The results are not public and no improvements were deployed. Based on this a score of 10% as they are between point 4 and 5, below."

Admin Key OpSec Risk Assessment

"Current Admin Key Config- Time Lock: Unknown

Current Admin Key Config- Multisig: Unknown

Claimed Admin Key OpSec: None

Verified Admin Key OpSec: Unverifiable

Is security of deposited funds dependent on opsec of admin key?: Likely

Admin Key Address: Unknown

Documentation on Admin Key Powers: None Found

Additional Info (if any)?"

How Decentralized is it?

"Nuo’s scores were strongly influenced by the lack of a public audit report, an attribute that contributes to 25% of the entire score. Nuo has maintained a high collateral index score and moderate to high liquidity."

  • Was classified Degree 2 DeFi on the HackerNoon rankings of 25-4-2019. "These DeFi products are non-custodial and have one additional decentralized component which could include price feeds, initiation of margin calls, margin liquidity, interest rate determination, or platform development, while the rest are still centralized."
  • A BIG side note, is that the blog was written by Kyle J Kistner who is Chief Vision Officer at bZx. He gave his own project the highest ranking. What a surprise.

Custody: Nuo contracts are open-source non-custodial from the point of loan origination.

Initiating Margin Calls: Nuo centrally monitors margin positions off-chain, and calls into their contracts when a position has gone under margin maintenance. Liquidations are only executed if the price feed confirms that the position is under margin maintenance. Only Nuo’s whitelisted address can call into the contract to initiate the margin call, making this a potential central point of failure.

Margin Call Liquidity: Nuo sources margin call liquidity from Kyber and Uniswap, making their margin call liquidity decentralized.

Price Feeds: A combination of Binance, Coinbase, and Kyber price feeds are used to guard against premature liquidations and price feed manipulation. This is a centralized aspect of the system.

Interest Rates: Nuo uses algorithmic interest rates. Though the rates are responsive to supply and demand, Nuo controls the underlying parameters and can effectively set the rates.

Development: Nuo is currently being developed centrally by the team. All contracts are open source. The contracts are mutable with no time-lock."

"Nuo's smart contracts are protected by a single admin key that has no timelock and no multisig protection. The admin key is capable of making changes to critical parts of the smart contract ecosystem and could endanger user funds if used maliciously."

Response by a Nuo dev:

"We don't have full power when it comes to upgradeability. However, if the admin key is compromised and is used maliciously, yes, the users fund would be at risks because as explained in our previous chats, the admin key has ability to allow permissions for new versions of loans and trade contracts to access reserve funds."

 Is it trustworthy?

"The project pools tokens into shared liquidity and provides its users with proportional interest. The pooling should ensure instant liquidity for borrowers. What makes Nuo unique at the moment is the offering of 3x margin trading on Kyber and Uniswap. Nuo provides instant liquidity for long or short positions on Bitcoin, Ether and some ERC20 tokens. This makes Nuo a contract to contract implementation usable across DeFi products. The platform seems to be growing fast in Asia.

Nuo is using their own centralized oracle, which is closed source. we can see they highlighted another pain point of decentralized exchanges, and that is the on-chain congestion during extremely volatile periods of price movement. For a sacrifice of your yield you can get a share of the insurance fund, but it is unclear how much of your assets will it actually cover if such a case will happen.

On the Nuo network, in some cases, the lending annual percentage rate can get higher than the borrowing rate. Even though it will probably only happen in low volumes as can we see on the current example with SNX.

This is because on Nuo: “Every loan that gets taken on Nuo has a fixed interest that you have to pay regardless of the time in which you repay. The rate of this interest is determined solely by the reserve utilization of that currency at the time of creating the loan.” 

The projects smart contracts were audited by Quantstamp, but the audit report, as published, can be summarized by this tweet (it's basically saying we audited it but gives no further info)

Summary:

+ Insurance fund can protect you by sacrificing profits, reducing risk

+ Significant potential interest through imbalances on the market

+ Margin trading on Kyber and Uniswap

+ Instant liquidity (untested)

- Lack of proper audit reports

- Centralized closed source oracle which can wipe out your account during network congestion

- Low liquidity in active loans and reserve pools"

Team, Investors, Partners

Team

Partners