Assessing Risks in DeFi

DeFi risk framework

DeFi

As decentralized finance (Defi) continues to grow and attract capital, investors need to familiarize themselves with the risks surrounding this space. Defi platforms offer a range of financial services that include payments, loans, insurance, stablecoins, derivatives, and interest-bearing accounts. Defi applications run on top of the blockchain. This feature enables Defi to remove the middlemen, increase transparency, automate processes and allow for fast and convenient (real-time) transaction processing. DeFi brings unprecedented benefits but also introduces new risks.

How DeFi differs from TradFi

Custody — Defi relies on software to store assets and facilitate transactions, while TradFi has central parties that perform these functions.
Open-source — Defi protocols are available to the public to be audited and assessed, while many activities run by TradFi are left behind closed doors.
Composability — Due to the plug-and-play programmable architecture, dapps can seamlessly integrate permissionlessly at a very low cost. TradFi relies on business relations and agreements.

Risks in DeFi

Defi contains different layers of risks that could be differentiated based on which part of the Defi structure carries the risk. First layer contains the risks related to the core infrastructure. Second layer carries the platform related risks. Third layer is exposed to the risks relevant to the whole ecosystem. Finally, we have application risks to consider.

Blockchain Risk

DeFi protocols are powered by blockchain technology. Therefore, Defi inherits some risks stemming from the underlying blockchain infrastructure. Public blockchains are subject to attacks where miners or validators gain a critical level of control of the hash power on the network. Once attackers obtain the power they can then manipulate transactions. Additionally, blockchains validate, execute and store transactions making Defi applications reliant on the blockchain’s capability to handle elevated network activity. High network activity could lead to congestion, increased network fees, failed transactions, and liquidation issues.

Oracle Risk

Blockchains are limited to the information that is produced “on-chain”. This limits smart contract capabilities since “on-chain” data mainly include “on-chain” transactions. Oracles bring more diverse and richer data onto the blockchain. However, reliance on oracles to provide us with data comes with additional risks. Centralized solutions introduce a single point of failure risks. If an oracle goes offline smart contracts will no longer have access to the data required to execute its functions. Additionally, oracles must be sufficiently decentralized to prevent malicious actors from manipulating data. Faulty data could lead to lost funds and inaccurate outcomes leading to a Defi protocol failure.

Smart Contract Risk

Smart contracts are the tools used to automate financial operations in the context of Defi. These smart contracts are open-source, therefore attackers can simulate their attacks in a private environment before launching an attack on the live network. Many cybersecurity attacks have already been launched resulting in stolen funds. Smart contracts are subject to errors, bugs, and other unexpected outcomes. Smart contract risk could be thought of as counter-party risk, where instead of having to trust a company, we have to trust the technology and the code.

Credit Risk

Credit risk in TradFi is perceived as a default risk due to insolvency. The same applies to Defi. Although many protocols have prebuilt mechanisms to deal with this risk (over-collateralization, liquidation systems), it does not completely remove the credit risk. Crypto assets are extremely volatile, thus a significant crash event could make a protocol insolvent.

Liquidity Risk

Crypto assets are widely considered very liquid due to its accessibility. Crypto assets are available for trading 24/7. Anyone could join the market due to the absence of regulation. However, Defi relies heavily on liquidity pools. Platforms attempt to attract liquidity through yield incentives. Yield is achieved by increasing the circulating supply and rewarding liquidity providers. The concern is whether the protocol will remain liquid in the absence of this accommodative monetary policy. Typically users are free to withdraw their liquidity and relocate their funds elsewhere. Hence, this incentivized liquidity is not guaranteed liquidity. Low liquidity levels could result in failure to perform functions or can cause a major level of slippage. Additionally, the lack of identity management solutions makes it hard to evaluate the credit worthiness of some market participants. Over-collateralization is the solution that is currently being used. However, high collateral requirements limit the participation in turn making liquidity pools smaller.

Composability

One of the main advantages of Defi is interoperability. It allows systems to communicate with each other and reduces friction within the space. However, this creates a systemic risk. Interconnected systems rely on each other and any malfunctioning can potentially cause ripple effects throughout the whole network.

Governance

Decentralized finance, as the name suggests, aims to be fully decentralized. It is done through the proper implementation of the governance mechanism. Governance defines the rules that facilitate the decision-making process in resolving conflicts and implementing changes at the protocol level. The lack of well designed governance leaves the control of the protocol to a small number of people. This imbalance of power brings uncertainty since the centralized parties could easily implement instant and unexpected changes without due process.

Market Risk

Market risk refers to the risk resulting from price volatility. Crypto markets are widely known for being significantly more volatile compared to traditional asset classes. Currently, crypto markets exhibit a meaningful correlation with technology stocks. Hence, crypto market movements are heavily affected by the prevailing sentiment towards the technology space. Additionally, Defi is still heavily dependent on Bitcoin. Bitcoin price movements generally dictate the price behavior of lower market cap coins in terms of direction. Defi space is relatively young in the early development stage. As a result, these tokens tend to have a lower market cap. A lower market cap makes these tokens susceptible to price swings resulting from whale activity.

Custody Risk

Defi users tend to maintain the custody of their funds. This gives users control of their funds, however, leaves them exposed to the custody risk. Users must take care of their private keys and assume the risks of handling the operational side of things. Some of the biggest risks coming from self-custody include confidentiality and availability risk. Due to the pseudo-anonymous nature of transactions, unauthorized users can execute transactions. Assets could also be no longer available if private keys are lost and the backups are no longer accessible.

Scam Risk

This risk stems from activities conducted and enabled by developers who take advantage of investors. Examples include seemingly legitimate financial services attracting capital into their protocol and eventually draining the funds and disappearing. In the crypto space, this is referred to as a “rug-pul”. Additionally, investors must be cautious about what protocols they are interacting with. Interacting with compromised smart contracts could result in stolen funds.

Regulatory Risk

Defi’s lack of intermediaries, pseudo-anonymity of users, and global reach make it difficult to regulate financial crimes, fraud and market manipulation. Decentralized nature of transactions make it difficult to block transactions, seize assets or impose sanctions. Additionally, non-custodial wallets allow individuals to have direct control of their assets. Due to the relatively small size of the market, whales have a disproportionate amount of influence on prices. It opens up opportunities for market manipulation in terms of price and volume. Moreover, the global reach of this market creates more regulatory arbitrage opportunities. These issues will certainly draw more attention from the government, and the policy mistake could pose a huge threat for the development and growth of the DeFi space.

Event Risk

Event risk is not specific to Defi. This risk is commonly known as a “left-tail risk”. This exogenous risk comes from unanticipated events happening outside of the financial system. These could be related to natural disasters, health crises, wars, and so on. These events lead to asymmetrical capital flows resulting in an extreme imbalance of supply and demand. We have seen some examples of this happening in the past where stablecoin de-pegging sent some shock waves throughout the whole system resulting in investors removing liquidity from protocols and rushing to safety. These flights to safety oftentimes can cause liquidity issues and protocol failures.