Stress tests are insufficient. They model linear stress (e.g., 10x TVL withdrawal) but fail to simulate the cascading, cross-chain liquidation triggered by a collapsing governance token. This is a systems engineering failure, not a market failure.
algorithmic-stablecoins-failures-and-future
Blog
The Cost of Failing to Simulate the 'Death Spiral' from All Angles
A critique of one-dimensional stress testing. True death spirals are multi-vector attacks involving tokenomics, collateral mechanics, and market psychology—most models only check one box.
introduction
THE SIMULATION GAP
Introduction
Protocols fail because their stress tests ignore the non-linear, multi-chain feedback loops of a true death spiral.
The attack vector is multi-chain. A death spiral on Arbitrum triggers forced selling on Aave on Ethereum Mainnet, which drains liquidity from Uniswap pools, creating arbitrage pressure that floods bridges like Across and LayerZero. The failure domain is the entire interconnected system.
Evidence: The 2022 depeg of TerraUSD (UST) demonstrated this. The death spiral wasn't contained to Terra; it caused systemic liquidations and liquidity crises across Anchor Protocol, Curve pools, and Wormhole bridges, wiping out over $40B in value. The simulation gap was catastrophic.
thesis-statement
THE SIMULATION GAP
The Core Argument: Death Spirals Are Multi-Vector
Protocol failure is a cascade of interdependent system failures that isolated stress tests miss entirely.
Isolated stress tests are insufficient. Simulating a liquidity crisis without modeling the simultaneous validator exodus and oracle failure that accompanies it provides a false sense of security. The real failure mode is the feedback loop between these vectors.
The feedback loop is the kill chain. A price oracle glitch triggers mass liquidations on Aave/Compound, which congest the mempool and spike gas, which causes Chainlink nodes to miss updates, which worsens the oracle failure. This is the spiral.
You must model cross-domain state. A death spiral on Arbitrum will propagate to Ethereum L1 via bridge withdrawal requests, creating a secondary liquidity crisis. Tools like Chaos Labs or Gauntlet that model single-protocol risks miss this cross-chain contagion.
Evidence: The 2022 Solana outage demonstrated this. Network congestion from bot activity (vector one) prevented consensus messages, causing validator churn (vector two), which collapsed the DeFi ecosystem (vector three). No single vector caused the crash; their interaction did.
key-trends
THE COST OF FAILING TO SIMULATE
The Three Reflexive Loops You Must Model
Protocol failure is rarely a single point of breakage; it's a cascade of interdependent feedback loops that amplify initial stress into a terminal death spiral.
01
The Liquidity-Collateral Death Spiral
The classic DeFi failure mode where price drops trigger liquidations, which cause more selling, collapsing the collateral base. This is the reflexive loop that killed Iron Finance and crippled Terra's UST.
- Key Risk: Oracle latency creates a >5% price deviation, triggering mass liquidations.
- Key Metric: A -15% price shock can deplete >40% of protocol TVL in under an hour.
-40%
TVL Shock
>5%
Oracle Lag
02
The Validator Incentive Misalignment Loop
As token price falls, validator/staker rewards in USD terms plummet, disincentivizing honest participation. This reduces security budget, increasing risk of attacks, which further depresses price.
- Key Risk: Real yield collapse leads to validator apathy or exit.
- Key Metric: Security spend (in USD) must stay above $1M/day to deter 51% attacks on major chains.
$1M/day
Min Security Spend
-90%
Real Yield Drop
03
The Governance Capture & Exit Velocity Loop
Downtrends accelerate developer and community exit. Remaining stakeholders are more likely to pass short-term, extractive proposals (e.g., treasury raids), further eroding long-term value and accelerating the exit of remaining talent.
- Key Risk: Voter apathy drops below 5% participation, enabling hostile proposals.
- Key Metric: A -60% token price correlates with a 70% drop in active governance addresses.
<5%
Voter Apathy
70%
Gov. Dropoff
THE DEATH SPIRAL SIMULATION GAP
Post-Mortem: How Major Protocols Modeled (or Didn't)
A forensic comparison of how major DeFi protocols modeled their worst-case economic scenarios, revealing critical blind spots in stress testing.
| Stress Test Scenario / Metric | Terra (LUNA-UST) | MakerDAO (pre-2022) | Compound v2 | Aave v2 |
|---|---|---|---|---|
Simulated Anchor Yield Collapse | ||||
Modeled Depeg Velocity (Time to 0.90) | Not Modeled | < 24 hours | ||
On-Chain Oracle Latency in Stress |
| < 1 block (Pyth) | < 1 block (Chainlink) | < 1 block (Chainlink) |
Liquidator Profitability at -20% | Negative (No Incentive) |
|
|
|
Debt Ceiling for Largest Collateral | Unlimited (UST) | $1B (wBTC) | $500M (wBTC) | $750M (wETH) |
Simulated Cascading MEV Attack | ||||
Post-Mortem Published with Code | ||||
TVL Drop in Simulated 'Black Swan' | Modeled: -30% | Actual: -99% | Modeled: -40% | Actual: -35% | Modeled: -25% | Actual: -55% | Modeled: -35% | Actual: -65% |
deep-dive
THE COST OF BLIND SPOTS
Building a Multi-Angle Simulation Framework
Protocols that fail to simulate adversarial scenarios from multiple vectors will be exploited.
Single-vector stress tests fail. Simulating only a 50% TVL drop ignores the compounding effects of liquidations, oracle lag, and validator churn that create a non-linear death spiral. The 2022 Terra collapse demonstrated this cascade.
You must model cross-chain contagion. A failure in a major bridge like LayerZero or Stargate triggers liquidity crunches and oracle manipulation on your chain. Your simulation must include these external dependencies.
Agent-based modeling is non-negotiable. Simulate thousands of profit-maximizing MEV bots and panicked retail wallets, not just average users. This reveals emergent behaviors like coordinated front-running during de-pegs.
Evidence: The Solana network outage during the IDO craze showed that unmodeled fee market dynamics and bot spam can cripple a system that passed conventional load tests.
case-study
THE COST OF NARROW MODELS
Case Studies in Incomplete Simulation
Protocols that simulate only for profit, ignoring systemic risk vectors, are building on sand. These are post-mortems of models that missed the critical angle.
01
The Terra/UST Death Spiral
The algorithmic stablecoin model simulated arbitrage for peg maintenance but catastrophically failed to model reflexive, panic-driven liquidation cascades.
- Flawed Assumption: Infinite arbitrage demand would always outweigh panic selling.
- Missing Simulation: The negative feedback loop where $40B+ in TVL evaporated as UST depeg triggered mass Anchor Protocol withdrawals.
- The Lesson: Economic models must stress-test for network-wide correlated behavior, not just individual agent rationality.
$40B+
TVL Evaporated
3 Days
To Collapse
02
Solana's Memecoin Congestion Crisis
The network optimized for high TPS and low fees but its state simulation didn't account for fee market failure under extreme, spammy demand.
- Flawed Assumption: User demand and transaction volume would be efficiently distributed.
- Missing Simulation: The >70% failure rate for legitimate transactions when memecoin mania created a non-functional priority fee auction.
- The Lesson: Throughput benchmarks are meaningless without simulating worst-case workload patterns and economic attacks on block space.
>70%
Tx Failure Rate
$4M+
Lost Priority Fees
03
Euler Finance's Flash Loan Exploit
The lending protocol had extensive risk parameters for collateral but its simulation missed a multi-step, cross-function attack vector enabled by donation logic.
- Flawed Assumption: Donating assets to increase health factor was a benign, edge-case function.
- Missing Simulation: The $197M exploit path where a flash loan was used to manipulate internal accounting before a liquidation.
- The Lesson: Security audits must simulate state transitions across all public functions in sequence, not just in isolation.
$197M
Exploit Size
0
Donation Attack Sims
04
Aave's CRV Liquidation Freeze
The protocol's liquidation engine was theoretically sound but failed to simulate the on-chain liquidity depth for a large, whale-position collateral token.
- Flawed Assumption: Sufficient decentralized exchange liquidity exists for any size liquidation.
- Missing Simulation: The $100M+ bad debt scenario where liquidating a massive CRV position would crash its price on Curve, making the liquidation unprofitable and stalling the mechanism.
- The Lesson: Oracles and liquidation logic must be simulated against real on-chain liquidity curves, not just theoretical markets.
$100M+
Risk Position
~$0
Liquidation Depth
future-outlook
THE COST OF IGNORANCE
The Next Generation: Integrated Stress Testing
Protocols that fail to simulate cascading failure modes pre-launch are subsidizing their own collapse.
Isolated load testing is insufficient. Simulating a single component's failure ignores the cascading cross-chain dependencies that define modern DeFi. A liquidity crisis on Avalanche must be modeled with its impact on Stargate bridge flows and GMX perpetual positions.
The 'Death Spiral' is a systems problem. It is not a single exploit but a feedback loop of liquidations, oracle lag, and MEV extraction. Protocols like Euler Finance learned this through a $200M hack, not a simulation.
Evidence: The 2022 Terra collapse demonstrated that algorithmic stablecoin failure propagates through the entire Cosmos IBC and Wormhole bridge ecosystem, causing billions in contagion that no single-chain test could predict.
takeaways
SIMULATION FAILURE MODES
Key Takeaways for Builders and Auditors
A protocol's death spiral is a multi-vector attack; missing one angle invalidates your entire security model.
01
The Oracle-Governance Feedback Loop
Price oracle lag during a crash creates a governance arbitrage. Attackers vote to drain collateral at stale prices before the oracle updates, as seen in early MakerDAO incidents.
- Simulate governance latency vs. oracle heartbeat.
- Stress test with >30% price drops in <5 blocks.
- Model governance bribe markets (e.g., Curve wars) as attack vectors.
5-10 blocks
Attack Window
$100M+
Historical Losses
02
MEV-Enabled Liquidity Drain
Liquidations aren't fair. In a spiral, searchers front-run user withdrawals and protocol treasury exits, accelerating the collapse.
- Model block-space auctions (Flashbots, bloXroute).
- Assume the top 3 searchers will extract >80% of exiting value.
- Your "safe" withdrawal limit is meaningless under MEV pressure.
80%+
Value Extracted
~0s
Front-Run Latency
03
Cross-Chain Contagion via Bridges
A death spiral on Chain A creates insolvent wrapped assets on Chains B, C, and D via bridges like LayerZero, Wormhole, or Axelar.
- Map all bridge mint/burn delays and pause functions.
- Stress test the native chain's failure on all connected chains.
- The weakest bridge's security (e.g., a 2/3 multisig) becomes your system's ceiling.
2-20 min
Bridge Delay
Multichain
Case Study
04
The Staking Derivative Time Bomb
Liquid staking tokens (LSTs) like stETH or rETH are treated as risk-free collateral. A validator slashing event or withdrawal queue freeze triggers simultaneous de-pegging and mass liquidation.
- Simulate the correlation spike between the native asset and its LST.
- Model validator churn and >1 week withdrawal queues.
- Your LST oracle is only as strong as the underlying consensus layer.
1.0
Correlation at Crisis
7+ days
Queue Risk
05
Composability is a Backdoor
Your protocol is safe in isolation. But when integrated into a money market like Aave or a DEX pool on Uniswap V3, its failure becomes a systemic solvent.
- Audit all integrators and their risk parameters.
- Assume your token will be listed as collateral with >70% LTV elsewhere.
- One protocol's spiral can cascade via recursive liquidations across DeFi.
70%+
External LTV
Aave, Compound
Vectors
06
The Treasury Run
Protocols hold treasuries in their own token or LP positions. A death spiral triggers a bank run on the treasury itself, as governance races to convert assets before they're worthless.
- Stress test treasury exit liquidity against >50% of TVL fleeing.
- Model governance hijack via token price collapse (attack cost plummets).
- A diversified treasury (e.g., USDC, ETH) is the only mitigation.
50%+ TVL
Exit Pressure
$0
Attack Cost at $0
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall