Skip to main content

· 2 min read
Taisuke Mino


Carapace Works With Sherlock for Smart Contract Audit With Up to $5M Protection Carapace Protocol will be working with Sherlock to make our contracts secure and to protect our users from capital loss due to smart contract hacking.

Sherlock has a unique approach to auditing where they combine the best of the legacy audit model (designated senior security expert on each project) with an audit contest model (50+ independent auditors competing head-to-head). On top of that, Sherlock offers protection to audited contracts. Carapace Protocol will be protected up to $5M in the 1st version.

We appreciate Sherlock's method because they maintain skin in the game; they are strongly motivated to thoroughly audit our smart contracts because they will be required to make a payment if there is a hack of the smart contract.

Sherlock determines if a certain smart contract hacking event is eligible for a claim based on the public-facing coverage agreement with each protocol. You can find examples here. The Carapace coverage agreement will be available at the very end of the auditing process, and it won't be too dissimilar from the example agreements above.

Carapace takes smart contract security seriously, and we are glad to work with Sherlock.

· 6 min read
Rohit Sabnis

Carapace Logo

In this article, we cover how the recent FTX fallout impacted DeFi lending. More specifically, we call out some of the risks that came to light post-FTX while also providing some ideas/solutions on how these risks can be mitigated in the future. We remain very optimistic about the DeFi lending landscape — it’s time for us to come together and buidl!

Issue 1: Contagion Risk

Carapace’s offering for protection sellers includes a diversified pool of loans/loan baskets in order to minimize contagion risk. But is that really possible in times of extreme cycles / black swan events? Some illustrative examples to consider -

  • Crypto: Despite being a centralized exchange, the FTX fallout had several implications as several DeFi investors (both institutional and retail) had kept funds on FTX — unsurprising given that FTX was the 3rd or 4th largest centralized exchange in the world. There have been defaults in excess of $40m already and there might still be more coming.
  • Real-World: The world today is globalized and many countries’ economies are deeply interconnected. Protocols like Goldfinch and Credix focus on real-world risk where loans primarily end up in emerging markets. However since a majority of these loans need to be repaid in USDC (stablecoin pegged to the USD), these loans carry currency exchange risk and small changes in local currencies can have a major impact on the repayment amount.
  • Potential Solutions

  • Build systems to ensure we are capturing borrower-level borrowing data across the protocols. The same could/should be done at a currency/country/industry level.
  • Assuming we are able to build this sort of system over time, Carapace will aim to ensure that no one protocol/currency/country etc. makes up more than X % of the risk in a given pool
  • Hedging solutions that can help mitigate currency risk across the board

  • Issue 2: Reliance on Delegate / Lead Backer model

    Criticism includes Mismanagement of Funds + Lack of Skin in the game

    Several protocols work off a model where one of the parties — typically a sophisticated credit investor — assesses the quality of the loans and is considered to be the lead party conducting due diligence. In return, they receive economic benefits and also stand to lose if the loans end up defaulting

    In the Maple example, one of the delegates, Maven 11 allowed Orthogonal Trading’s loan to make up 80% of their pool in Dec 2022 (from 14% in Sep 2022). This happened because other borrowers returned funds to the pool which were being withdrawn by lenders. However, this sort of scenario which concentrates this amount of risk on one borrower should have been avoided. One of the criticisms from the incident has been that the stakes aren’t high enough for lending pool managers like M11 which will end up losing <500k on default of over $30m for this incident.

    Potential Solutions

  • Compile data standards around borrower-level data that we will need to collect — especially for one being added to the Carapace pool.
  • Include information on backer/loan manager/delegate and specifically the incentives/fee schedule on offer to them. Especially important to get clarity from credit protocols on what happens in the event of default. While the Carapace core team will not take a view on what is good or bad, we should aim to be transparent and capture + pass on this information for our protection sellers.
  • Push more borrowers to undertake pool covenants as done by Cauris here

  • Issue 3: Re-hypothecation Risk

    Sherlock lost >$4m in their ~$10m staking pool as they had invested a large proportion of funds in Maple’s Maven 11 pool. As seen in the case of Sherlock, investment management is a hard job — and a very specialized one too. While Sherlock did communicate to their users about investing in Maple, there was limited information on how this investment would occur, and in which pools. In addition, stakers did not have any control over how these funds were invested so they were only able to make a decision on whether to stake or not stake their funds in the Sherlock pool. Due to not raising the expected amount of capital for their pool, Sherlock ended up in a scenario where funds were invested across 2 protocols despite earlier intentions to invest in 4 protocols.

    Potential Solutions

  • Re-hypothecation strategies should be geared around choice for the users to make decisions on where their capital is being invested. Where possible, best to get professionals to manage these pools. Early indications suggest that Sherlock will adopt some of these practices going forward.
  • Communication is key when it comes to clarifying the risk involved in re-investing customers’ assets.

  • Issue 4: Borrowers lying/misrepresenting facts

    As alleged by Maple and Maven11, Orthogonal Trading lied about not being impacted by FTX. In fact, Orthogonal Trading did not provide any indication that they would default on their loan until one of their repayment dates on Sunday 4th Dec. There are additional allegations that Orthogonal might have lost more money in riskier trades in an attempt to recover the lost funds (Note: this claim has not been verified).

    However, the key concern coming out of this incident is that borrowers can lie/make up data and it is unclear whether this will lead to any legal action against Orthogonal. Maven 11 has stated on Twitter that Orthogonal has breached the contract but it is not clear whether Orthogonal will face penalties as a result of the incident.

    Potential Solutions

  • Standardization of the liquidation process (if collateral exists)
  • Clear litigation frameworks to tackle such scenarios
  • Ability to access as much on-chain collateral data as possible.

  • Issue 5: Borrowers borrowing from multiple protocols

    As seen from the example of Auros, they ended up borrowing on Clearpool as well as Maple. For both protocols, they ended up requiring extensions in December from both protocols to return their loan. There was no requirement for Auros to be transparent about their borrowings across protocols and lenders. Thus, one protocol might never become aware of an entity’s borrowings from another protocol

    Potential Solutions

  • Building tools that capture a borrower’s credit activity across multiple protocols and ensure that no one borrower makes up a significant concentration within a pool or even the protocol as a whole)
  • Communication channels between various protocols to ensure there is transparency across the board regarding an entity’s borrowing activities

  • As you can see from some of the examples above, under-collateralized lending is still in its building phase and the industry will need to build these solutions (and more) to tackle some of the challenges in the space.

    That’s the only way we’ll see DeFi lending and borrowing go mainstream. We are Carapace remain very bullish on this space and are building protection against default risk for under-collateralized loans. You can visit us at to learn more!

    · 2 min read
    Rohit Sabnis

    Carapace Logo

    They say it takes a village to raise a child — the same applies to getting a startup business off the ground — and a DeFi protocol like ours is no different. At its earliest stages, a DeFi protocol benefits from its network of advisors, investors and partners. We at Carapace are fortunate to find one such awesome partner in Goldfinch, with whom we’ll launch our first pool in Q1 2023.

    The phenomenal team at Goldfinch is building one of the most interesting protocols in DeFi by helping bridge real-world assets with crypto lending. Backed by a16z, Goldfinch currently has ~100m USDC in outstanding loans.

    How it all started

    My co-founder Tai met Blake West (Co-Founder, Goldfinch) at a hackathon in Autumn 2020. Tai shared his vision for building a protection market for under-collateralized loans. Blake loved the idea and continued to be in touch with the Carapace team throughout the build

    Blake and the wider Goldfinch team has been extremely generous with their time and have gone to many lengths to help answer our queries. Access to the Goldfinch team was instrumental in helping us understand the Goldfinch protocol in-depth. And it was an easy decision to kick-off our product launch by first building on the Goldfinch protocol.

    Initial Pool Launch

    Carapace’s first protection pool will be launched in Q1 2023 by combining 10 Goldfinch pools which currently yield between 17–20% for junior Goldfinch backers — full list will be released soon.

    We selected these loans in order to maximize diversification (thus, minimizing contagion risk) across a range of factors including, but not limited to:

  • Borrower Type
  • Borrower strategy
  • Geographical location of where the funds are being applied
  • Industry where the funds are being applied
  • …and more

    After our launch with Goldfinch in Q1 next year, we’ll look to partner with more protocols in the space as long as they meet our security requirements.

    For now, we are focused on building for the Goldfinch eco-system and excited about the traction and response we are receiving from the Goldfinch (and wider DeFi community).

    Sign up for our beta below!

    Click here.

    · 3 min read
    Rohit Sabnis

    Carapace Logo

    Our protocol will create a market that provides protection against default risk for under-collateralized DeFi loans and will pilot with Goldfinch, a leading crypto credit protocol

    In early 2022, we set out to build a protocol to help solve one of the largest pain points for lenders in DeFi — lack of protection against credit risk. Since then, the team has been hard at work to develop this idea into a real product. Today we are pleased to announce our pre-seed round and waitlist for the test version of our product.

    The Problem: Current Lack of Protection for Lenders of under-collateralized Loans

    Cryptocurrency lenders today face risk of borrower default while funding under-collateralized DeFi loans. As the DeFi lending market continues to grow, several primitives will need to be built to support the growth of under-collateralized loans. Carapace is building one such core DeFi primitive to make the industry more mature, more capital efficient, and to increase access amongst a diversified range of investors.

    “Crypto loans are growing at an incredible pace, from a nominal amount to more than $25B last year, and will only continue to explode,” explained Morgan Beller, General Partner at NFX who led the $2.5m pre-seed round. “With very little protection for lenders of under-collateralized loans, Carapace’s protocol will provide a key piece of infrastructure that DeFi will need to grow.”

    Carapace’s Solution: Making DeFi Lending Safer

    Carapace’s protocol solves this by permitting lenders on DeFi lending markets to purchase protection against default in order to hedge their default risk. Carapace will allow sellers — investors seeking yield who believe that the underlying loans are safe — to provide such default protection. Pricing of risk fluctuates with supply and demand in a system where protection sellers provide capital for risk protection in exchange for a premium. If a default event occurs, a payout is made to protection buyers.

    Early Supporters

    We are backed by some of the best investors and entrepreneurs in the industry. NFX led the $2.5m pre-seed round which also saw participation from Tribe Capital, Ledger Prime, GSR Ventures, Synthetix, Titan Capital and 30+ firms and investors.

    Carapace’s first pool will be built on the leading credit protocol, Goldfinch, and will initially be closed to users in the United States and certain other jurisdictions. Carapace has partnered with the Goldfinch team for its initial launch. “I first heard about Carapace about a year back after meeting Tai at a hackathon. I believe the project has great potential and will be really useful for the Goldfinch community” stated Blake West, Co-Founder of Goldfinch.

    The current bear market for crypto has forced participants to be more aware of the return-risk tradeoff on their investments and we believe that we can help investors understand and mitigate credit risk on their DeFi loans.

    Tai and I met through the South Park Commons programme, which is a community of builders based in San Francisco. While all interactions remained remote due to COVID, we both really enjoyed our conversations together despite coming from different backgrounds. While Tai is a crypto-native who has built various DeFi projects including Asia’s first mobile DeFi wallet, I come from a TradFi background with stints in ANZ Bank and Uber’s Fintech team.

    Sign up for our beta below!

    Click here.