BZx (BZRX)
(Redirected from BZx)
Basics
- Founded in 2017, U.S.-based BZx developed a protocol on the Ethereum blockchain that powers decentralized margin trading with ultra-fast settlement times for the 60+ tokens supported by on-chain liquidity protocol, KyberNetwork.
- Mainnet release: second half of 2018
- DeFi
- Decentralized margin lending protocol on the Ethereum mainnet. bZx is a financial primitive enabling shorting, leveraging, lending, and borrowing.
- Has a lending platform called Fulcrum.
History
"bZx (formerly known at b0x) was conceived in August 2017. The project first started publicly marketing themselves during ETHDenver in 2018. Since then, the protocol published their formal whitepaper in February of 2018, followed by a testnet release in April and a full mainnet launch in August of the same year. During that time, the company chose to rebrand from b0x to bZx, specifically as co-founder Tom Bean stated:
“to make the zero-x aspect of our identity clear and prevent confusion with any companies or protocols named Box.”
Since the rebrand, bZx has been heavily focused on solidifying strong industry partnerships with key players including but not limited to MakerDAO, Kyber, ChainLink, Augur and Set Protocol."
Audits & Exploits
- Bug bounty program can be found here. Max payout used to be $5,000 (29-6-2020). Has been updated to 350k for the most critical of finds (2-9-2021).
- Blockchain Security DB (29-6-2020) shows 2 audits. The latest was in 10-2019.
- Scored a 17% on DeFi Safety (9-2020) at first but then a 87% with their V2 (10-2020). In a third review, it scored 76% (2-9-2021):
"Multiple audits were performed before and after each of the bZx v1 and v2 launches. A full list of all the audits can be found at https://bzx.network/security."
With the comment: "This new V3 is pretty strong in all categories, except for their public testing."
Bugs/Exploits
- From Rekt (06-11-2021):
"Slowmist have been keeping a running total of funds lost, which at the time of writing is up to ~$55M. ~10 hours after the initial announcement, bZx published an update stating that one of their devs had fallen victim to a phishing attack, stressing that the code itself hadn’t been compromised. bZx state that they have reached out to centralised services, requesting that Circle freeze the stolen USDC, while the funds on Binance as well as USDT were quickly frozen."
Flash Loan Incidents
- From CoinDesk (19-2-2020):
"As a post-mortem from the firm describes, the attacker took advantage of pricing data and a bug within the bZx protocol’s code to secure the payout.
bZx quickly shut down Fulcrum using a decidedly non-decentralized master key. Users and analysts saw an update hit GitHub, the code repository, that supposedly locked down endangered funds.
On Tuesday, Feb. 18, attackers hit bZx again, netting $633,000.
In the first attack, for example, through a complex web of transactions, the attacker pumped and then dumped WBTC (“wrapped bitcoin,” an ethereum token backed by actual bitcoin) on a DEX called Uniswap; took profits in ether; repaid the flash loan -- and stiffed bzX on another loan related to the WBTC pumping. “The magic under the hood is the fact how the Uniswap WBTC/ETH was manipulated up to 61.4 for profit,” according to an analysis by blockchain security firm PeckShield. “The WBTC/ETH price was even pumped up to 109.8 when the normal market price was at only around 38. In other words, there is an intentional huge price slippage triggered for exploitation.” In this attack, a poorly set up price feed certainly did not help, but the blame falls on the code, PeckShield CEO Jiang Xuxian told CoinDesk. Where a security wire should have been tripped as the price got out of whack, it failed to go off, Xuxian said.
The second attack came down to bad price data, specifically from DeFi network Kyber, bZx co-founder Kyle Kistner told CoinDesk. This time, the attacker focused on Synthetix USD (SUSD), a dollar-pegged stablecoin on the Synthetix Network. The attacker borrowed 7,500 ether on bZx then pumped the value of SUSD on Kyber by swapping ether for SUSD. The purchase of so much SUSD caused the price to jump 2.5x the prevailing market rate of $1, writes PeckShield. The attacker then took advantage of bZx’s dependency on Kyber for pricing data, putting up the SUSD as collateral for a large sum of ether on bZx; in fact, 2,000 more ether than the same amount of SUSD would have normally purchased on an open market. After paying back the flash loan, the attacker reneged on paying back the under collateralized SUSD/ETH loan just taken out on bZx, resulting in a tidy 2,378 ETH profit and bZx holding buttons.
In fact, the specific attack against bZx was described months before it occurred by white hat hacker Samczsun in a detailed blog post. Kistner acknowledged that the bZx team believed the oracle problems were considered fixed after Samczsun’s disclosures and even had the code independently audited. Kistner said trading will resume again shortly using Chainlink oracles for pricing, although no new users will be onboarded. For the future, Kistner said bZx will look at replicating the infrastructure of MakerDAO, the largest DeFi provider.""
White Hack and Response
- After the Flash Loan incidents happened, people from 1inch.exchange came forward (21-2-2020) with their story:
"All started on January 11, 2020, when Fulcrum team released their own Flash Loans feature on the Ethereum Mainnet, and we happened to find in it. We discovered that $2.5M of user funds from 3 pools could be stolen within a single transaction. We offered to the Fulcrum team to white-hack their pools at any moment to protect user funds if they had no kill-switch, but they declined. Apparently they thought it it was worth risking user funds during the period of building and queueing a patch in order to avoid integration issues and negative attention.
It took nearly 4 hours for the Fulcrum team to manage the issue, and we got no details from the team about the progress. Additionally, the deployment of the fix took another 12 HOURS, because of special system upgrade timelock in the smart contract. Since we contacted the Fulcrum team and they denied us to white-hack, we were legally unable to help their users and were forced to wait and monitor their contracts for suspicious transactions and Approval
events for 16 hours.
We genuinely feel ashamed that after working through an anxiety-filled night with them, they basically tried to deny us any bounty reward. Please note that it’s usually industry practice to share a percentage of funds saved, while here they are trying to deny us anything based on a technicality. Instead of disclosing the incident to the community as promised, the strategy was now to cover-up. They tried to use the $3.5k [bounty] to silence us and hide the whole thing.
We are not related to any other attacks of Fulcrum, of course. The recent FlashLoan hacks exploited old issues discovered and reported by samczsun. Our hack was related to the buggy implementation of the FlashLoans feature itself in the Fulcrum system."
- Another tweet thread (18-2-2020) also went into the six instances that bZx 'f*cked up'.
- When all smoke cleared, bZx posted a mea culpa blog in which it listed the following points that they would change:
- "We are increasing our bug bounty rewards.
- We are increasing the visibility of our bug bounty program.
- We are removing any points of friction or barriers to reporting a bug such as showing identification or requiring the submission to be via email.
- We will be delegating judgment to an independent panel to remove any conflicts of interest.
- We will create a public record of the bug bounties we have paid.
- We will never deploy unaudited code, no matter how minor."
- From Token Tuesdays (26-8-2020), but sponsored by bZx:
"bZx compensated every affected user out of pocket, along with a buyback program for iETH LPs who faced illiquidity following the protocol being restricted. Now, bZx is gearing up for a relaunch that has undergone extensive auditing."
Third Hack
- Used their admin key to delete attacker’s gains (15-9-2020).
- "BZRX got hacked again today; 4.700 ETH worth gone" (14-9-2020).
- From The Defiant (14-9-2020):
"The hacker was able to duplicate tokens received in exchange for deposits in the protocol, called iTokens, and then use those iTokens to withdraw more funds than they had initially deposited. The attack yielded about 219k LINK, 4.5k ETH, 1.8M USDT, 1.4M USDC, and 668k DAI, or about $8M in tokens. The bZx team was able to cover the stolen funds with its own insurance fund, which is made up of the project’s token treasury and cash flows, and in a statement said “the protocol will move forward unimpeded.”
Some in the Ethereum community were perplexed by the team’s apparently nonchalant attitude after losing around 30% of total value locked in its smart contracts to yet another hack. Additionally, Bitcoin.com engineer Marc Thalen said in a tweet he alerted the team to the hack hours before they responded.
“Please, please pause operations until this can be re-audited and thoroughly analyzed--instead of saying ‘no big deal,” Compound Finance founder Robert Leshner said in a tweet.
bZx, which upgraded its protocol after the February hacks, had security firms Peckshield and Certix audit the code and it also performed “extensive automated testing,” according to its post mortem. The post also said the scope and ambition of the protocol make it harder to secure than others."
- From Bitcoin.com (17-9-2020):
"Bzx has recovered the $8.1 million it lost to a hacker a few days ago. The company claims it was able to track down the cyber thief, whom it refused to name for legal reasons, through their on-chain activity. Cornered, the attacker returned the loot.
Marc Thalen, the Bitcoin.com lead engineer who discovered the bug, has finally been paid a bounty of $45,000. Initially, Bzx did not want to pay out that much amount of money to Thalen, offering him just $12,500 as bounty because “Marc had only reported the issue when the attack had mostly concluded.”
Governance
Admin Keys
- From DeFi Safety (2-9-2021):
"bZx's access control documentation was found after looking through their blog section on their website. Article introducing the bZx DAO.
a) Contracts are clearly labelled as upgradeable through the bZx voting architecture.
b) There are clear and defined Judicial, Executive, and Legislative roles that are distributed to members of the DAO.
c) The capabilities for change in the contract, and what the users can vote on, are described.
Note: The staking contract's code can be upgraded through the implementation of a "StakingUpgradeable.sol" contract. The swap contract's code can be upgraded through the use of calls to interface contracts, as well as the delegatecall function. The governance contract's code can also be upgraded through the use of the Initialize function. Lastly, the farm contracts, specifically the MasterChef ones, all have a "Upgradeable.sol" contract called.
bZx does not mention any Pause Control or a similar function in any of their documentation. However, there is a PausableGuardian contract in their software repository that acts as a Pause Control."
- The following was written before the announcement about their DAO (see bellow)
- Was classified Degree 5 DeFi on the HackerNoon rankings of 25-4-2019. "These DeFi products are non-custodial, have permissionless margin calls, permissionless provision of margin call liquidity, decentralized price feeds, and decentralized interest rate determination, but centrally control platform developments & updates."
- A BIG side note, is that the blog was written by Kyle J Kistner who is Chief Vision Officer at bZx. He gave his own project the highest ranking. What a surprise.
- From the comprehensive blog post:
"Custody: bZx smart contracts are open source and non-custodial from the point of loan origination.
Initiating Margin Calls: Anyone can initiate margin calls. The process is permissionless, decentralized, and incentivized.
Margin Call Liquidity: Anyone can provide margin call liquidity through KyberNetwork. In the near future there will be ways to provide margin call liquidity through 0x or directly from the caller’s assets.
Price Feeds: bZx uses KyberSwap’s secure, decentralized price feeds. Kyber aggregates information from Uniswap, Binance, Bitfinex, Huobi, and its own internal inventory. Kyber’s prices stay within predefined bounds in the absence of a price update from reserve managers, mitigating the potential for price feed manipulation.The KyberSwap price feed does not have a central point of failure.
Interest Rates: Interest rates are determined by the market through an orderbook. Since each person is playing a role in setting interest rates, this is a completely decentralized mechanism for interest rate determination.
Development: bZx is centrally developed by the team and the contracts are open source. The contracts are mutable but will be guarded by a 28 day time-locked multisig after the first major round of liquidations."
- From DeFi Weekly (17-2-2020):
"TLDR: they own the protocol fully. Their lack of proper testing is extremely scary as what they're writing is essentially YOLO code that has guarantees that it works, but not guarantees that it can stand not-expected inputs. Furthermore, they've only had an initial audit for their code but nothing for the subsequent upgrades that don't have unit tests to rely on either!"
DAO
- bZx announced (16-1-2020) that they are transitioning to a DAO governance model:
The Trias Politicas
There is a rich history of experiments in governance going back hundreds of years in the form of liberal democracy. These experiments show that the most enduring and stable governance structures have both checks and balances. Instead of reinventing the wheel, we have reinterpreted it in the context of the blockchain. As with most systems of governance in the real world, the DAO has three main branches: the legislative, the executive, and the judicial.
The Legislative is a variant of liquid democracy with representatives elected by token holders staking BZRX. The three representatives with the highest number of tokens staked to their address become the legislature. At any point, token holders can change the representative(s) to whom their tokens are staked, but they cannot directly vote on proposals. Proposals passed by this branch must pass by a majority vote.
The legislative branch approves upgrades to the protocol and sets the critical parameters:
- the margin maintenance covered by the insurance fund,
- the assets supported by the protocol,
- the percent of interest collected from lenders,
- the coefficients of the interest rate model,
- the minimum staking time for token holders,
- the rate of inflation of the BZRX token,
- and the distribution of BZRX tokens minted via inflation.
The tokens can be distributed to representatives, token holders, or through grants. A consequence of there being only three representatives in a system requiring majority rule is that an attack on the DAO requires at least 2/3rds of the active voting power. To pass a resolution, votes must be signaled twice, and between each signal at least 16 hours must elapse. This prevents a representative from making even a single finalized vote without the full consent of their stakers.
The Executive is composed of the two leads of the core development team. The members of the executive branch will not always be part of the original core development team. Representatives may submit proposals to elect new executives. However, since this requires the vote of the executives themselves, the model resembles a Web of Trust. Much like the executive branch in traditional political systems, the executive has no power to propose or pass proposals on its own. Instead, the executive is to simply act as a check on the legislative branch, vetoing malicious proposals and attempts by representatives to form cartels. By restricting the powers of the executive to ratifying upgrade proposals and inflation reward distributions, regulatory risk is minimized. In the worst case scenario, a regulator could prevent further upgrades to the protocol by apprehending the executive administrator keys. To mitigate this risk, executives can be replaced by an unanimous vote of the legislative. Replacement of the executive does not require approval of the executive.
The executive has the ability to unilaterally pause the protocol for 48 hours, after which there is a 3 month refractory period before another pause can be invoked. If a serious security issue is found in the protocol, security researchers can disclose the vulnerability discretely to the executive, have the system paused, and then allow for the vulnerability to be disclosed to the legislature. If the legislature cannot mobilize a comprehensive response within that 48 hour period, the pause period can be extended through the normal governance process.
The Judicial is the smart contract code and the EVM. Both branches can only act within the constraints of the smart contracts governing them.
The Economics of Staking
In order to begin earning staking rewards, token holders must deposit their funds into the governance contract and stake their tokens to a representative. Doing so entitles holders to staking rewards created through minting new BZRX tokens. If all token holders are staking to representatives, the result is that all holders maintain their overall share of ownership over the protocol. However, it is unlikely that all token holders participate in staking. The result of this is that the token holders participating in governance and staking to a representative slowly increase their share of protocol ownership while those not staking are slowly diluted. Staking rewards are effectively a tax on free riders and speculators that can be used towards sustaining protocol development and/or enriching existing token holders.
Aligning The Incentives of Stakeholders
It is anticipated that one of the first proposals the legislature and executive will pass is the ability for BZRX holders to redeem a given percent of BZRX for a proportional amount of the insurance fund. Since the health of the insurance fund is critical to the overall health of the protocol in every respect, this ensures that token holders have an incentive to choose representatives that steward the protocol parameters judiciously. If the insurance fund becomes excessively denominated in BZRX, token holders can vote to rebalance the fund. Since in most circumstances BZRX will be worth more than its redemption value, it is unlikely that the fund comes to be excessively denominated in BZRX. In the rare event that it does, token holders should rebalance the insurance fund when the market price of BZRX rises above the redemption price."
Following are their proposed solutions on the problems they identified, which you can read about in Governance.
"Solutions to Governance
Participation
Representative democracy prevents individual token holders from having to understand the minutiae of every governance proposal, reducing their decision down to the most qualified and knowledgeable representative – likely someone with a track record of activity and visibility in the community. Staking represents both a carrot and a stick at once. Inflation dilutes free riders neglecting to participate in the governance process, serving as a stick. Those same inflation rewards function as a carrot for those actively participating in the governance process. Along an extended time horizon, protocol ownership condenses completely in the hands of those participating in governance.
Shadow Voters
It is not possible to stop lending protocols from listing the BZRX token, nor is it possible to prevent attackers from staking BZRX tokens that have been borrowed from lending protocols. The only recourse against shadow voters is to force exposure to collateral, margin calls, and interest payments. This can be accomplished by requiring an extended minimum staking period. We propose an initial staking period of one year. This imposes, as much as is feasible, significant costs on shadow voters. This also has the dual purpose of both aligning the incentives of current token holders with the long term health of the protocol and also selecting for holders with a longer time horizon.
Plutocracy
As the tokens become unlocked and voting is weighted linearly, it becomes possible for a few large parties to collude with 66.67% of the tokens to loot the DAO. There are two safeguards against this. First, the executive branch can simply veto any malicious proposal to loot the DAO even if someone comes to own over two-thirds of the tokens. Second, if the executive branch collaborates with the attackers, any changes passed by both branches will be required to pass through a two day time lock, allowing protocol users to evacuate their funds. Undertaking such an action will have the effect of hurting the BZRX token price, serving as a deterrent to seizing funds.
Cartels and Bribes
The role of the executive is to disrupt rent-seeking cartels from establishing a Cournot equilibrium. The two powers of the executive are to veto protocol upgrades and inflation reward distribution proposals. If representatives pass a proposal that is cooperative rather than competitive, it is the purview of the executive to veto that proposal. One weakness of this model is that legislative cartels can collude with the executive by offering a bribe.
The executive will rationally accept a bribe if:
BV>ΔTV+ΔCV
BV is the value of the bribe
ΔTV is the resulting change in value of the tokens held by the executive
ΔCV is the resulting change in value of the discounted future cash flow derived from the protocol
An executive will be more resistant to accepting a bribe from the legislature the larger their existing stake in the token and the larger their stake in deriving revenues from the protocol.
The value of BZRX tokens play an important role in the security of the protocol. It is important that DAO participants are forced to maintain exposure to the price action of the tokens after each vote. After every vote ratified by both the legislature and the executive, the staking period of every participant is extended by 24 hours. The system is secure if the value of the tokens held by all attackers exceeds the value held by the protocol. Since two thirds of the tokens are required to pass a malicious proposal, this means that the system is secure against a rogue executive so long as:
TVLt+3>23TV
TVLt+3 is the Total Value Locked 3 days after a malicious proposal passes
TV is the value of all BZRX tokens
If an attacker derives an income stream from the protocol independent of the token, the discounted value of these future cash flows should be added to the value of the tokens staked when calculating the cost of an attack. This means that participation by legislators or executives with a business built on the protocol increases the security of the protocol governance by reducing their incentive to cooperate with an attack."
Treasury
Token
Launch
"b0x.network conducted an ICO in December of 2018, raising $7.8M of the targeted $36.5M hard cap, possibly indicating why token usage and secondary exchange trading has been so limited (especially with the company being based out of the US)."
- Made a big splash in it’s Initial DEX Offering in July 2020. From DeFi Rate (14-7-2020):
"The offering kicked off roughly 30 minutes after the suggested start time, with $500k in capital being seeded to a Uniswap pool by the core team using presale investors migrated tokens. As expected, the token price absolutely skyrocketed just seconds after listing, peaking at a 12x the listing price under 60 seconds of the pool being created. Underpinning eager DeFi day-traders were a few savvy individuals who ran scripts to be the first to purchase tokens in the first block that liquidity was added.
What resulted was a few whales scooping up most of the early priced tokens, while the price of BZRX immediately spiked to $0.60/token by the time the bZx team had shared the pool via their public channels. This lead to a bunch of hot takes from the DeFi community, many of which were quick to recount how the early market makers had outsmarted the vast majority of DeFi power users. For those who missed it, the whole reason behind this Initial DEX Offering was the start of the v3 token model"
Token allocation
- Can be found in their blog post (28-7-2020), but main take aways are: 20% liquidity mining, 20% team, 20% builder fund, 5% security fund, 13.65% presale and 21.35% vesting.
Utility
- From DeFi Rate (9-7-2020):
"BZRX, is primarily used by relays to collect trading fees. With governance being a strong focal point of the project at large, BZRX token holders are said to help shape how the bZx protocol will be updated in the future.
Furthermore, token holders receive the right to claim assets from the insurance fund corresponding to the respective weight of their BZRX token holdings. This function was disabled by initial design, but token holders can still vote to enable it in the future. Said another way, owning BZRX gives you a right to a portion of the total insurance fund."
Token Details
- From DeFi Rate (1-7-2020):
"bZx has three key fees broken down as follows:
- Origination fee: 0.09%
- Trading fee: 0.15%
- Interest fee: 10% of interest paid
With this new model, those fees are directed to two Balancer pools. Rather than issuing them directly to BZRX token holders, those who stake their tokens on bZx will receive Balancer Pool Tokens (BPTs) representing a claim on the assets in the revenue pools. This design not only encourages staking, but it also gives stakers a means of capturing BAL governance tokens from liquidity mining in tandem with a fraction of every asset supported on the lending protocol.
“There will be two Balancer fee token pools, a stablecoin pool with no impermanent loss, and a variable fee pool that holds more volatile assets such as ETH and other ERC20s.”"
Stablecoin
Tech
- Whitepaper can be found here.
- Code can be viewed [insert here].
Implementations
"The system leverages the 0x protocol to offer deeper liquidated spreads through the use of shared lending pools. Furthermore, bZx is a strong user of the Ethereum Name Service (ENS), giving each asset and trading strategy a unique domain in an attempt to make their service more digestible to average users."
- Set for Q1 2021 to launch its Fulcrum and Torque platforms on Avalanche as well (7-1-2021).
- bZx's Torque and Fulcrum went live on Binance Smart Chain (17-3-2021).
How it works
"Without going into too much detail, Lenders and Borrowers place orders via a Relayer, and once matched, the Borrower receives a margin loan. While these margin funds are being used, off-chain bounty-hunters are monitoring the solvency of a margin account. If there’s a risk of borrowed funds being lost, bounty-hunters initiate position liquidation and subsequent refund to the Lender. Borrowers are free to do whatever they wish with their newly loaned tokens, prompted to deposit additional funds in the event of collateralization ratios that may induce future liquidation.
Interestingly enough, unlike other lending services such as Dharma, bZx relies on the upkeep of a deep insurance fund to ensure that lenders will always be covered in the event that borrowers are unable to pay back their loans. “The protocol collects 10% of all interest earned by lenders and aggregates it into an insurance fund.”"
Fees
Upgrades
- From Token Tuesdays (26-8-2020), but sponsored by bZx:
"The relaunch of bZx will feature a new and improved Fulcrum 2.0 along with an updated version of Torque featuring Flash Loans.
Alongside the protocol upgrade are new incentives and features like:
- Sustainable Yield Farming
- Collateral Management
- Gas Token integration
- Order Histories
- Liquidation Engines"
- The relaunch has happened, staking is live (1-9-2020).
Staking
Liquidity Mining
- From DeFi Rate (1-7-2020) who gets sponsored by bZx:
"With this program, 20% of the total supply will be allocated through liquidity mining as follows:
- BZRX Rebates (17 %) – Each time a user pays a fee, 50% of the value of the fee is refunded to them in the form of BZRX.
- Protocol Usage (3%) – BZRX will be distributed in batches of 2,575,000 (0.25% of the supply) every week for the first three months in accordance with the fees generated from lending and borrowing – similar to the COMP model.
On top of this, bZx will look to incentivize BZRX LP staking similar to the SNX/USDC liquidity incentives, basically rewarding those who stake their proof of staking participation with extra governance weight and perhaps higher staking rewards."
Interoperability
Other Details
Oracle Method
- BZx sees the partnership with Chainlink as a key step in its vision of ushering in a new generation of decentralized exchanges and says that Chainlink opens a wider range of integrations, such as real-time pricing. Announced: November 2018
- Also integrating Band Protocol (7-7-2020).
"Oracle Method
bZx uses separate Chainlink Price Reference Data contracts for each of the 6 price oracles (BTC/ETH, KNC/ETH, LINK/ETH, ZRX/ETH, DAI/ETH, and SUSD/ETH) needed to secure the accurate issuance and liquidation of loans for margin trading.
Chainlink’s Price Reference Data Contracts are decentralized oracle networks made up of at least 7 independent, security reviewed, and Sybil resistant node operators. They derive from a growing pool of 30 independent node operators run by leading blockchain DevOps and security teams, many of which have extensive experience running POS nodes across multiple blockchain networks.
On-chain prices are calculated by having each independent node retrieve data from one of the numerous different market data aggregators, with every network containing at least seven independent data aggregator APIs. The nodes’ individual responses are then aggregated together on-chain into a collective response that becomes a new on-chain price update to the Price Reference Data Contract. Updates occur every 1% deviation in price (2% for KNC/ETH and BTC/ETH), with a minimum time-based update every hour if the deviation threshold is not reached.
Source
Privacy Method
Compliance
Their Other Projects
Fulcrum
- DeFi lending platform
How Decentralized is it?
- After Flash Loan 'attacks' happened, they closed down the platform centrally, so, there is your answer.
- ConsenSys Codefi released (9-2019) a scoring website for DeFi projects. As of 2-11-2019 it has also analysed
"Fulcrum’s recent addition of a bug bounty programs brings them on par with dYdX in the domain of smart contract risk. Fulcrum’s stablecoin pools (DAI & USDC) have less liquidity than dYdX but also lower utilization rates. This contributes to slightly higher scores for these pools."
- Was classified Degree 4 DeFi on the HackerNoon rankings of 25-4-2019. "These DeFi products are non-custodial, have permissionless margin calls, permissionless provision of margin call liquidity, and decentralized price feeds, but centrally determine interest rates and centrally control platform developments and updates."
- A BIG side note, is that the blog was written by Kyle J Kistner who is Chief Vision Officer at bZx. He gave his own project the highest ranking. What a surprise. They also are behind Fulcrum, which they gave a 4 out of 5.
- From the comprehensive blog post:
"Custody: Fulcrum smart contracts are open source and non-custodial from the point of loan origination,
Initiating Margin Calls: Margin monitoring and margin call initiation is permissionless, decentralized, and incentivized. Margin callers receive a bounty for successfully executing a margin call.
Margin Call Liquidity: Provision of liquidity is permissionless, decentralized, and incentivized. Liquidity is sourced from KyberSwap.
Price Feeds: KyberSwap’s secure on-chain price feed is used for decentralized price information. Kyber aggregates information from Uniswap, Biniance, Bitfinex, Huobi, and its own internal inventory. Kyber’s prices stay within pre-defined bounds in the absence of a price update from reserve managers, mitigating the potential for price feed manipulation. The KyberSwap price feed does not have a central point of failure.
Interest Rates: The bZx team controls the interest rate model parameters, allowing the rates to effectively be set centrally. There are plans to increase the decentralization of this by allowing token holders to set rates in the future.
Development: Fulcrum contracts are centrally developed and open source. The contracts are mutable with a 28-day time lock on core functions."
Torque
"Another lending product, Torque, to offer indefinite-term loans and fixed interest rates. By integrating a web3 wallet such as Metamask, Torque leverages the ENS loan system described above to allow users to borrow supported assets by sending collateral to an ENS domain. Better yet, Torque does not require users to set up an account or pay any loan origination fees."
Roadmap
- Can be found [Insert link here].
Usage
- Went from a high of $20M TVL down to less than $2M (7-7-2020).
Projects that use or built on it
Competition
Pros and Cons
Pros
- From Token Tuesdays (26-8-2020), but sponsored by bZx:
"We expect that the introduction of sustainable yield farming in tandem with a growing treasury will make bZx one of the more consistent players in the rising degen landscape of DeFi meme coins. Having undergone a crisis type event, we can rest assured that bZx is taking security extremely seriously, a major win in the land of unaudited smart contracts rising today. Backed by community insurance and a well-thought-out governance schema, we expect BZRX to quickly find its footing in an ever-growing DeFi landscape."
Cons
- Got hacked twice and did not react well at first.
- Got hacked a third time (14-9-2020).
- Got accused of hacking Uranium Finance. From Rugpool twitter (9-10-2021):
"Update on Uranium Finance Hack: We found strong indirect on chain evidence from Tornado Cash that some core team member(s) behind @bZxHQ can be related to both 2 exploits of Uranium Finance."
Team, Funding, Partners
Team
- Full team can be found [here].
- Kyle J Kistner; Chief Vision Officer
- Tom Bean; CEO and co-founder
- From DeFi Rate (9-7-2020):
"The bZx team currently lists 8 team members and 3 advisors on their official website. With most of the core team being strongly focused on development, it should come as no surprise that the company has already shipped a number of products since it’s mainnet release in the second half of 2018.
bZx was founded by Tom Bean, a self-starter with years of experience working with top-profile car companies using GPS technology. After teaching himself Solditiy, Tom teamed up with the now COO, Kyle Kistner, to co-architect the whitepaper and full vision for the protocol. Supplemented by developers, designers and project managers who have worked on everything from iOS applications to other Ethereum dApps, its’ safe to say that bZx boasts a quite well-rounded team."
Funding
Partners
- Part of the WBTC community (still as of 8-2019)
- Part of the DeFi Network
- Has a 'working relationship' (15-2-2020) with Staked
- Is part of (2-3-2020) the first members of the Ren Alliance, as an Utility member integrating RenVM or adding renBTC, renZEC, etc.
- Is partners with (9-7-2020) MakerDAO, Kyber, ChainLink, Augur and Set Protocol
(:
Knowledge empowers all and will help us get closer to the decentralized world we all want to live in!
Making these free wiki pages is fun but takes a lot of effort and time.
If you have enjoyed reading, tips are appreciated :) This will help us to keep expanding this archive of information.