- Outflow caps reduce the impact of an exploit on the protocol.
- Caps have been placed on all pertinent assets on Hubble.
Hubble Protocol addresses risk management in several ways. In addition to regular security audits, the protocol performs a wide range of tests on all updates before they are released.
However, it is necessary to implement additional parameters to minimize impact in worst-case scenarios. This is why Hubble has coded Net Outflow Caps into its smart contracts.
Net Outflow Caps Explained
Net Outflow Caps serve to limit the loss of funds on the protocol in the case of an exploit. All assets on the protocol, including all collateral types and USDH itself, have net-outflow ceilings.
These ceilings are regulated in set time windows, and after each window, the ceiling resets. Thus, if the outflow cap of a certain asset has been reached, withdrawals are halted, and they only resume in the next window.
In addition to preventing a loss of user funds in the case of an exploit, Outflow Caps also allow the protocol to investigate edge cases. For example, should a large position be closed and the withdrawal cap is reached, the protocol has a sufficient period to investigate the action and ensure everything is above board.
Net Outflow Caps are determined on an asset-specific basis, and the protocol remains flexible in changing the parameters of each asset according to balance changes and user feedback.
Why a “Net” Outflow Cap is Preferable
Net Outflows are a more reliable measure than “gross” outflows, as they more accurately reflect changes to the protocol's user activity.
If, for example, a single entity deposits $2M SOL on the platform in a certain time window, and 5 other users withdraw $400K SOL each within this same window, the net SOL outflow is effectively zero. In this case, the Outflow Cap is not triggered.
Note that the protocol will still be notified of significant actions on Hubble. These actions include, but are not limited to, an unusually large deposit, even if they do not trigger Outflow Caps.
How Net Outflow Caps can Limit Impact of Exploits
One case in which the Net Outflow Cap can prevent a mass outflow of funds is if an Infinite Mint exploit should take place. If this occurs, the exploiter would be able to mint up to a certain amount of USDH in a given window. However, the Net Outflow Cap on USDH prevents the exploiter from minting an “infinite” amount of USDH, while also giving the protocol time to react.
Initial Parameters for Outflows
Net Outflow Caps are implemented in 3 areas:
- Each collateral assets
- USDH minted from collateral
- USDH minted from PSM
Caps on Collateral
Collateral outflows are calculated simply as: Amount of xAsset Withdrawn - Amount of xAsset Deposited.
Initial Cap: $1M for each asset on the protocol
Time Window: 8 hours
Cap on USDH Outflow from Loans
The loan-based USDH outflow parameter is calculated as: USDH Minted on Loans - USDH Repaid on Loans.
Initial Cap: 2.5M USDH
Time Window: 8 hours
Cap on USDH Outflow from PSM
The PSM-based outflow parameter is calculated as: USDH Minted from PSM - USDH Burned in PSM.
Initial Cap: 1M USDH
Time Window 8 hours
Keep in Touch