How Does Silo Finance Work?
A lending protocol where each token gets its own isolated market, so a hack in one market cannot spread to others. It holds $400M in deposits with $32M in funding. Its B grade reflects solid risk isolation design, offset by the fact that anyone can create new markets for risky tokens.
TVL
$28M
Sector
Lending
Risk Grade
B-
Value Grade
C+
Core Mechanisms
Lending/Risk-Isolated
NovelSeparate lending markets per asset pair preventing cross-asset contagion
Each token gets its own isolated lending market (silo) paired with a bridge asset (ETH or stablecoin). Exploits in one silo cannot affect others. Core design differentiator.
Lending/Permissionless-Market
NovelPermissionless creation of isolated lending markets for any ERC-20 token
Anyone can create a new silo for any token. Democratizes lending but allows markets for thin-liquidity tokens susceptible to oracle manipulation.
Lending/Hook-System
NovelSilo V2 customizable hooks for extending market behavior
V2 introduces hooks that allow custom logic to be attached to lending operations. Powerful extensibility but increases smart contract interaction surface.
Oracle/Multi-Source
Per-silo oracle configuration with Chainlink and other price feeds
Each silo has its own oracle setup. While this localizes oracle risk, it also means each market's security depends on the quality of its specific price feed.
Lending/Interest-Rate
Dynamic interest rate model per isolated market based on utilization
Standard utilization-based interest rate curves applied independently to each silo. Rate parameters can differ per market.
Governance/DAO
SILO token governance for protocol parameters and risk management
DAO governance controls global parameters, oracle whitelisting, and risk configurations. Low market cap raises governance capture concerns.
How the Pieces Interact
Permissionless markets for obscure tokens may use unreliable oracle sources, enabling price manipulation to drain the isolated silo through artificial collateral inflation.
Custom hooks from third-party developers could introduce reentrancy or logic bugs that bypass the isolation model within a specific silo.
All silos share a common bridge asset (ETH or stablecoins); a major de-peg or liquidity crisis in the bridge asset could simultaneously stress all silos despite isolation.
Thin markets can see extreme utilization spikes causing interest rate jumps that trap borrowers unable to repay, leading to cascading liquidations within the silo.
What Could Go Wrong
- Risk isolation depends on correct oracle pricing per silo; a faulty oracle in one market can still drain that silo's liquidity
- Permissionless market creation allows siloed markets for low-liquidity tokens vulnerable to price manipulation
- V2 hook system introduces extensibility risk from untested third-party logic attached to lending markets
Permissionless Silo Oracle Manipulation Drain
ModerateTrigger: Attacker creates a silo for a low-liquidity ERC-20 token with a manipulable oracle feed, then inflates collateral value to drain the silo's bridge asset (ETH or stablecoins)
- 1.Attacker deploys a silo for a thin-liquidity token with a DEX-based oracle — Silo is live with the manipulable price feed accepted by the permissionless creation process
- 2.Attacker manipulates token price upward via flash loan on the DEX — Oracle reports inflated collateral value; attacker borrows maximum bridge asset against inflated position
- 3.Attacker drains the silo's ETH or stablecoin bridge asset reserves — Silo becomes insolvent; legitimate depositors of the bridge asset suffer losses
- 4.Attack is replicated across multiple permissionless silos with similar oracle vulnerabilities — Protocol reputation damage; users question safety of all permissionlessly created silos
Risk Profile at a Glance
Overall: B- (29/100)
Lower score = safer