Hey!
Just a small correction first: collateral assets usually are also cross tier assets, but not every cross tier asset can be a collateral asset.
Being a cross tier asset simply means that one can borrow a bunch of cross tiers assets versus the same collateral in one sub account. For eg, WOO and FLOAT are isolated assets, so I cannot borrow both WOO and FLOAT in one subaccount against DAI (my collateral). I’d have to borrow WOO vs DAI in subaccount_1 and FLOAT vs DAI in subaccount_2. However, UNI and LINK are cross tier assets, meaning I can borrow them in one account against DAI. (Note that as of now, UNI is a collateral asset, LINK isn’t).
While cross tier assets aren’t as systemic as collateral assets, they’re still quite systemic unlike isolated assets, which is why I think the bar for becoming a cross tier asset should be sufficiently high.
Isolated attack example: XYZ is not a cross asset
If a user (Alice) lends USDC to borrow a highly illiquid asset XYZ, and an attacker (Bob) manipulates the XYZ oracle higher while holding a big chunk of XYZ beforehand, Bob can force Alice into violation. Bob will repay the debt using XYZ he bought beforehand and liquidate Alice’s collateral + liquidation bonus (profit). This sucks for Alice, but notice how it’s just her losing her collateral to the attacker.
Cross attack example: XYZ is a cross asset
A cross attack would be somewhat different. Bob (the attacker) would lend USDC (collateral asset) and borrow XYZ and UNI in one subaccount. He then manipulates the XYZ oracle, pushing himself into violation. He then repays the debt himself using XYZ he bought beforehand, and takes back some of his collateral. He keeps doing this multiple times until he’s taken back his USDC collateral.
Notice how in this case, the attacker retrieves his USDC but also keeps the UNI tokens. There is hence bad UNI debt that UNI lenders are exposed to now. The risk is systemic, because XYZ is illiquid and a cross tier asset and that leads to losses for UNI lenders.
Criteria
This is exactly why the criteria for being a cross tier assets are quite substantial.
Namely:
- Oracle strength*
- Smart contract risk*
- Decentralisation
- Liquidity*
- Volatility
It’s extremely important that cross tier assets has a very strong oracle and liquidity, otherwise systemic attacks such as the ones mentioned above may occur.
The issue with promoting something based on oracle rating is also that it’s prone to attacks. An attacker could provide temporary liquidity to a Univ3 pair, and once an asset is a cross tier asset, perpetrate the attack described above. This is why it’s more of risk assessment tool for users rather than a part of the protocol.
We are constantly working on improving our oracle assessment tool though, which is why we’ll be incorporating things like the diversification of liquidity providers on Univ3 as well as cost of attack. We’ll be posting on that later.
I hope this helps! 