Overview
PAC Finance is an Aave-fork lending protocol deployed on Blast, the Ethereum L2. The protocol gained notoriety for a controversial incident where the team unilaterally modified collateral factor parameters — specifically reducing the loan-to-value (LTV) ratios for certain assets — without prior notice, timelock delay, or governance vote. This parameter change instantly pushed existing borrowers' positions below the liquidation threshold, causing forced liquidations and significant user losses. The incident became a prominent example of the risks of centralized parameter control in DeFi.
Smart Contracts
The underlying smart contracts are based on the Aave/Compound lending model — proven architecture for supply-and-borrow money markets. The core lending logic (collateral management, interest rate models, liquidation mechanics) functions correctly. The problem was not a smart contract bug but rather the unchecked administrative power to modify critical parameters without safeguards. The contracts technically operated as designed — the design itself lacked user protection.
Security
Security failed not technically but procedurally. The ability to modify collateral parameters without a timelock or governance process is a critical security gap. In well-designed lending protocols, parameter changes that could trigger liquidations require advance notice (via timelocks) and community consent (via governance). PAC Finance's unilateral parameter change demonstrated that the admin key held unchecked power over user positions — a single point of failure that negates the purpose of decentralized lending.
Risk Management
Risk management receives the lowest score because the forced liquidation incident represents a fundamental risk management failure. Proper risk management in lending protocols requires: advance notice of parameter changes, timelock delays, governance approval for material changes, and impact analysis before modifications. PAC Finance violated all of these principles. The incident suggests either incompetence (not understanding the impact) or negligence (understanding but proceeding anyway).
Adoption
Pre-incident, PAC Finance had attracted some TVL on Blast, benefiting from the Blast ecosystem's airdrop farming activity. Post-incident, TVL declined as users lost trust. The Blast ecosystem's speculative nature meant much of the TVL was mercenary capital seeking airdrop points rather than committed lending activity. Current adoption reflects the trust damage.
Tokenomics
Token economics are standard lending protocol design — governance, staking, and emission schedules. The token's value has been impacted by the forced liquidation controversy. Token utility claims of "governance" ring hollow when the team demonstrated willingness to make unilateral decisions without governance input.
Risk Factors
- FORCED LIQUIDATIONS: Unilateral parameter changes caused user positions to be liquidated without warning
- No timelock: Critical parameters can be changed instantly by the team
- No governance: Decisions made without community input despite governance claims
- Trust destruction: The incident permanently damaged the protocol's reputation
- Blast ecosystem risk: Built on a speculative L2 with uncertain long-term viability
- Admin key risk: Team retains unchecked administrative power
Conclusion
PAC Finance's forced liquidation incident is a case study in DeFi governance failure. The 2.0 score reflects functional lending infrastructure that failed users through centralized parameter control without safeguards. The lesson is clear: a lending protocol where the team can unilaterally change collateral parameters is not decentralized lending — it's centralized lending with extra steps. Users trusted the protocol with their collateral; the protocol betrayed that trust.