Just to be clear, my suggestion is to halt all trading on Celo. Liquidation in this sense is Celo paying off its creditors (the stable coin holders, …) and then shutting down.
My suggestion eliminates the possibility rug pull by the investors on the way out, which is what it looks like Terra Luna is doing IMO.
Also by liquidation I mean paying the stable holders in non Celo based assets, BTC, ETH, DAI, …
maybe Valora (the privately held company) should be the one providing the insurance, with eligibility limited to Celo addresses that have completed mobile phone verification.
I personally like the idea of capping the whole thing at $500 to $1k per person; it really seems in line with the stated core values of the Celo project.
Guys, I found that there’s this https://celohuobihack.com/ coming up where there’s some sweet prizes 
and it looks like I have all the way from now until June 20th to build this LifeBoat thing out. Their theme for the hackathon is StableCoin & Sustainability, so I could spin this escape hatch thing for that theme.
The pieces I’m missing is the official cStable peg oracles, so I’m probably gonna borrow the Moola TWAP oracle for the peg until there’s an official peg oracle.
I’ll just open source the whole thing, the smart contract, the offchain keeper bot, and while I don’t do UI development, I’ll probably at least have a CLI tool (lol) to demo off of. Given the time, I’ll teach myself some UI development and build a toy interface.
Wish me luck!
@AustinOheb Valora doesn’t really hold the assets, they are held on the Celo chain.
Essentially Valora just provides access.
Even if you have done everything through Valora up to now, you could, without a withdrawal from Valora, simply install some other wallet like MetaMask or Celo Wallet and start using your coins via that new wallet. You can think of this a bit like Valora being your go to front end when you are using your phone and Celo Wallet the go to front end when on your laptop, there just different tools to look at the same underlying account.
Valora does face certain risks, mostly akin to hacks to steal your coins, it doesn’t really have any roll in a de-pegging.
So @diwu1989 , @ezechiel , et al, I’m going to be really blunt here.
Y’all have a real opportunity to set Celo’s stable coins apart from the rest, if you find a way to make it so that all the stable coin holders, minnow and whale come hell or high water, would get back every last cent if the protocol fails.
That promise would be a highly marketable feature, it would engender lots of trust that could be parlayed into growth.
Similarly that mechanism, whatever it might be, would probably go a long ways toward keeping regulators happy when they come knocking, which I’m going to suggest is closer than you think or want.
Conversely concepts like ‘using your customers money for your own purposes’ tends to make regulators and customers really grumpy.
Worse yet, planning ways not to give your customers back their money, is well, a crime if it actually happens.
Are y’all really comfortable going down that road?
This discussion/initiative is pure gold - let’s do it!
Some food for thought on critical aspects to get right IMO with this solution @diwu1989:
I will build simple version with what I can scrap together for hackathon, we can iterate open source afterwards.
To be honest, if it was my own money that I needed to liquidate, I wouldn’t do it this way. I would instead go to the perpetual futures exchanges and instant open leveraged short positions against cUSD and adjust the size of those positions based on depeg size and unwind when peg restore. This is exactly how Alameda hedge their risks, they would open a position via spot somewhere and then hedge it out elsewhere on futures.
Need chainlink oracles to let us know if dai and usdc is also depeged, so that the contract doesn’t swap into a even worse depeg asset. Also each wallets might also just need to define their own slippage tolerances, like trigger on 95 cents on the dollar but only swap if at least 90 cents on the dollar.
I was gonna make it non upgradeable and leave all parameter tuning to the individual positions. The more parameters contract decides the more liability contract has, non liability if it’s just executing individual parameters controlled by the user.
Most computation is off chain. Keeper code is very similar to my liquidator code. I’m very good at architecting liquidators. There will be batch liquidation cus we will run out of block space if every small wallet had to be liquidated individually. Code will be opensource so anyone can run a keeper for redundancy. Small wallet can even run their own keeper if they do choose.
When user opt into lifeboat I was gonna simply ask for 0.01 celo to cover execution gas & prevent spam. Execution cost with batch liquidation should be trivial per individual wallet so we could just decide to cover this cost for everyone via some celo donations. I’m really not worried YET about cost of liquidating tens of thousands of wallets unless Celo price goes through the roof or we fail to scale the network throughout through Mysten upgrades.
I agree and that’s why I want to structure the life boat contracts as dummies down versions of stop loss orders.
People on stock markets understand how stop loss orders work and this is basically that with a cap.
As for your idea of hard capping the collateralization ratio and halting mento trades when ratio low, that seem like a complementary idea for governance process to work through. (Not something a builder like me can act on though)
I don’t see these two as mutually exclusive, and I want to build something in the immediate time just to see how users react to it.
So @diwu1989, will that protect every single Celo stable coin without discrimination for any reason?
What I’m getting at is that the balance held by any particular wallet/account/key should not be used as a criteria, period.
Discrimination against whales, dolphins, sharks, tunas, Mahi, or Salmon: in favor of minnows and sardines and such; is still discrimination and still a crime.
Again I’m going to be blunt again because having a strong product (100% trustable stable coins) is what I believe will lay the foundation for Celo’s success.
Having a life boat that essentially says to your customers:
’By the way, if something goes wrong here at Celo, we’re keeping (stealing) everything over $1000 that you have here.’ ;
is not a get out of jail free card, nor does it really engender trust or mass adoption.
If Celo want’s the trust of ‘the people’ that Celo wants to have as customers, the investors (the business/protocol side) need to take the whole hit in any failure.
No Celo stable coin holder regardless of their ‘balance’ should ever lose anything.
Would you put your fiat in any bank that made the claim ‘we’ll protect the first $1000 you put in’?
What limit would that put on that bank’s growth?
Hi @markbarendt,
First of all, thanks for being so active and engaged on this forum (and the many others that I know you’ve been involved in). I definitely understand your concerns and when you phrase it as “stealing” everything over $1000 I’m sure no one would want to be involved with something like that.
I still need to better understand the idea that @diwu1989 is suggesting, but my point about focusing on regular consumers and not crypto whales was not to discriminate against the whales, but rather I wanted to look at other concepts that exist in traditional financial systems and see if there are any lessons that can be applied.
And one such idea is deposit insurance, which in the US currently has a cap of $250,000 per person per depository institution (although there are some complicated loopholes that make this figure higher depending on the assets held). That cap was originally set at about $1000 back in the 1930’s when the insurance was first created and has grown as the market for deposits has grown.
I’m not sure it’s fair to say that any deposits over the cap (whether it was the original $1k or today’s $250k) would effectively be stolen from that individual. In fact, banks do effectively say that we will “protect the first $250k you put in” so I’m not sure how this would be any different – though of course the size of protection would be much smaller at first.
By the way, when I was first thinking about this idea I started looking at data and more than 90% of all addresses that held Tether or USDC had less than $1000 in that wallet. Now of course, it could be that people have multiple wallets so a more thorough analysis needs to be done, but it was a useful first step. Additionally, the average amount of cUSD that a wallet address holds is only about $300 so having a limit up to $1000 could effectively help the vast majority of holders.
Now again, as it pertains to the Celo-specific idea that has been put forth in this forum I need to better understand the specifics. I certainly don’t want to discriminate against anyone, but I would like to find a solution that helps build trust in the system.
For anyone interested, here is a link to the full article that was just published on this idea: How to insure against the risk of stablecoin runs - OMFIF
Why are we debating between these as if they are mutually exclusive?
Having a simple opt-in LifeBoat mechanism doesn’t exclude the idea of closing Mento when collateral ratio is low.
Automated liquidation into safer asset has limits, so I literally cannot cover bigger wallets. That’s a fact of constrained on-chain liquidity. I dont even want to try to build a system to liquidate whales because they already have strategies in place like the ones I would use for myself…
Thank you for the response @ezechiel
The concept you keep coming back to relates to fractional reserve banking. Celo isn’t designed as a fractional reserve bank, nor does it reside in a fractional reserve regulatory framework.
Using that idea is like trying to solve a craving for apples with oranges. It’s an inappropriate tool for the job at hand.
The concept that Celo was created in, and to this point sold as, resides in the rules (social expectations) that fully collateralized banks and annuity companies (insurance companies offering financial products) operate under.
For example Kraken is establishing a Bank here in the USA to solve the on/off ramp issue and Kraken will have to have, IIRC, have a 108% of reserve in stable government approved securities to cover 100% of every dollar of their customer’s money. If Kraken falls below that reserve percentage they have to stop doing business until they fix that problem.
That is also the essence of the idea I’m suggesting.
At the reserve threshold, investors in the enterprise might be asked to add funds to keep the project (Kraken or Celo or Mutual of Omaha or whoever) going, if the investors decided that was worthwhile that fresh money could get the project running again, if not the enterprise is ‘simply’ liquidated in an orderly manner and every customer gets all their money back and the investors walk away.
Investors need to take the full risk, any mechanism that shifts investment risk to any customer is only a benefit to the investor. It is always a bad deal for the customer.
Here, today at Celo, with non-stable assets backing the stable coins that reserve percentage has been rightly kept at a much higher percentage. That choice is necessitated as a direct result of the choice to use crypto as the reserve instead of RWAs. (I include stable coins there also, they only have different utility but still have very significant risks.)
For Celo to thrive the stable coin holders have to be able to believe that they can get back every last dollar without question.
@diwu1989 as we have all just witnessed with Terra/Luna, once a full on crash is in play it’s game over. The only real question remaining is who gets to keep the leftovers.
See my reply to @ezechiel re Kraken.
If Kraken falls below the reserve threshold an outside entity steps in, the business stops operating, and the third party manages the process going forward. At that point investors either cough up more cash or the third party liquidates and distributes the reserve to pay off ALL the customers without discrimination.
The one concept that I don’t think is really getting taken to heart, is the thought that: the money denominated in Celo stable coins doesn’t belong to Celo, it belongs to Celo’s customers.
There should never be an expectation put upon any Celo stable coin holder to carry investment risk.
Discriminating to save one ‘class of holder’ over any other is simply wrong.
That’s fine, put up the governance proposal to pause Mento minting of cStable once overcollateralization ratio drops below 1.5 or some other safe threshold, and only allow burning of cUSD for CELO (to be sold off) until the reserves ratios are back to healthy.
This is basically a safety mechanism to prevent massive printing of cUSD without the reserves growing in tandem. So that when things break, we have better assurances the reserve can cover the obligations.
The technical details of how to accomplish this and are way outside my skill set.
I will though try to start a discussion working toward that goal.
Thanks, @markbarendt
To be clear, my initial idea was never meant to be specifically and only for Celo. The idea was to look at ways in which we as an industry can bolster public confidence in stablecoins. I certainly understand that Celo is not a fractional reserve bank, in fact it’s not a bank at all.
Additionally, I’m a bit confused about the focus on investors. I’m simply looking at holders of cStables (in this case cUSD specifically). I’m not talking about CELO the governance token. Holders of cUSD are not really investors, at least not in the way I view them. They are using cUSD as a means of transacting. Of course they could invest their cUSD into a DeFi product to earn yield, but that’s an entirely different use case that I’m not currently focused on.
I still think that the general idea of stablecoin providers working together with a government agency to create a stablecoin insurance program is something that merits consideration. Obviously there are lots of details to consider. But I appreciate the engagement. Thanks.
So, if your mechanism protects the entire industry, great.
My suggestions above are more localized.
That is my point too. They only own the coins they hold and the value that represents.
Using a mechanism that only protects the minnows though in a protocol failure changes that dynamic. If cUSD holders with over $XXXX.00 are asked to take a ‘haircut’ in a failure, those holders would be forced into bearing what should only be an investor’s risk.
Yes Valora is a non-custodial wallet, but Valora is also a privately held company that can offer their own financial services (or another company’s services, for instance, Bidali) via the wallet. I just figured maybe they could offer some sort of insurance that gives a user the right to redeem, say, up to 500 cUSD at or near the face value; and the insurance costs will be subsidized through some sort of Celo program. You use the wallet to opt in to the insurance.
It’s doable if we have chainlink or official sorted oracle reporting trust worthy prices of every asset class in the reserves.
Then on mento bucket refill, we check the total reserve ratio to minted cStable and pause minting but still allow burning.