What are isolated pools? And why they’re important
Isolated pools are separate lending markets that support a set of assets that can be used as collateral for loans against each other. This is in contrast to having a single cross-collateral pool in which any asset can be borrowed against any other. If you look at solend.fi today, you’ll see just one global cross-collateral pool.
In a protocol with just a single cross-collateral pool, listing new assets has to be done very carefully since it opens up the protocol to a new attack vector every time. The entire TVL of the lending protocol could be at risk. For example, Cream Finance has been hacked multiple times for $19M and $130M due to listing assets with non-standard implementations.
SPL tokens on Solana are forced to conform to the SPL standard with no custom behavior possible. This is unlike ERC20 which is a loose standard with countless “ERC20” tokens not properly conforming to the spec. While this standardization saves developers and auditors headaches, attacks are still possible. Consider two examples:
Example 1: POO, an imaginary token with minting controlled by a DAO, is listed on Solend. The POO governance process is subverted, allowing an attacker to mint an infinite number of POO tokens. The minted POO tokens are deposited in Solend and used as collateral to borrow all other available assets on Solend. POO is dumped, bringing the value of collateral to effectively 0. In this scenario, the value at risk is min(deposit limit * POO LTV, available liquidity).
Example 2: POO, an imaginary token, is listed on Solend. POO has low liquidity which makes it easy to manipulate the price. POO’s price is manipulated and misreported as extremely large. Once again, POO tokens are deposited and used as collateral to borrow all available liquidity. In this scenario, the value at risk is simply all of the available liquidity. Note that deposit limits and LTVs don’t help here since even one POO token is effectively worth an infinite amount.
Because of these, we require assets listed on Solend to have reasonable liquidity and access controls if still mintable. Thus, there are many assets that haven’t been listed on Solend yet.
Introducing: isolated pools
Isolated pools are not a silver bullet! The attacks described above are still possible. However, the value at risk is limited to the isolated pool, rather than the entire TVL of the protocol. You can think of it as a quarantine for risky assets.
This limitation is key, as users can continue using the cross-collateral pool as normal while creating a sandbox for experimental assets.