In-depth | Stablecoin 2.0: Economic foundation and risk model

DeFi is like building a brand new financial system on a blank sheet of paper, which fully satisfies the fantasies of these smart people about the traditional financial system, and it has performed well so far. The design of stablecoins is the same, which is an economic game process of rational agents. Different roles in the stablecoin system balance risks and benefits in the interaction to achieve the stability of token prices.

Stablecoins 2.0: Economic Foundations and Risk-based Models

Stablecoin 2.0: Economic Foundation and Risk Model

https://arxiv.org/pdf/2006.12388.pdf
Stablecoins are the most capitalized cryptocurrencies. However, their risks vary widely due to their design and are generally poorly understood. We seek a theoretical foundation for stablecoins based on the stability of economic structures under risk characterization. First, we match existing economic models with radically different regulatory systems. Next, we describe the unique risks that arise in non-common markets and develop a model framework that combines existing models from economics and computer science. We further discuss how this model framework applies to a variety of cryptoeconomic systems, including cross-chain protocols, collateralized lending, and decentralized exchanges. These unique risks generate unanswered research questions that will form the crux of future research in decentralized finance.

1 Introduction

Stablecoins are currencies whose purchasing power is stabilized through economic structures. There are two types of stablecoins: custodial, which require trust in a third party, and non-custodial, which replace this third-party trust with an economic mechanism. Major custodial examples such as Tether, Binance USD, USDC, and TrueUSD have a combined market cap of over $10 billion. On the non-custodial side, Maker’s stablecoin Dai accounts for over 50% of the $1 billion in value locked in so-called decentralized finance (DeFi) protocols.

Several recent papers and industry reports provide an overview of stablecoins [12, 17, 62, 63, 71, 76]. They generally classify stablecoins based on the type of collateral used, the target of the peg/anchor, and the technical mechanism (e.g., on-chain, off-chain, algorithmic), and informally link stablecoin mechanisms to traditional monetary instruments (e.g., interest rates). The history of currencies and stablecoins and the institutional structure of stablecoins are discussed in [51]. Stablecoins from a regulatory perspective are discussed in [1], including classification, regulatory gaps, and systemic stability risks.

In this paper, our fundamental purpose is different. Market events have shown that even price-stable stablecoins can exhibit significant volatility. On March 12, 2020, during the SARS-COV-2 pandemic, market volatility severely affected the stablecoin Dai[55], causing it to enter a deflationary deleveraging spiral and forcing it to deviate from its peg. Although the above papers have classified existing stablecoins, none of them is a risk-based model analysis. Here, we attempt to fill this gap and provide a solid economic theoretical foundation for stablecoin design, focusing on financial risks.

First, we provide an overview of relevant risk-based models from both economics and computer science perspectives, attempting to avoid duplication of work by extending the models only where necessary. Second, we draw on capital structure theory to formalize some open problems. Throughout, we assume that stablecoin systems are used and operated by economically rational agents, whose behavior ultimately determines the stability and security of these systems. However, we do not address the open problems described in this paper. This work builds on prior work on decentralized stablecoins identified in [48].

We uncover five main dimensions of risk. On the non-custodial side: (1) the impact of deleveraging processes on collateral-like assets and the risks of underlying collateral-like entities (as discussed in [48, 49]), (2) data delivery and governance risks, (3) base-layer risks of mining incentives, and (4) smart contract encoding risks, to which the formal verification literature can be applied. In contrast, in the custodial stablecoin market, the first approach affects issuer incentives in a very different way, and (5) there is the additional core risk dimension of censorship and counterparty risk. Our taxonomy of stablecoin mechanisms breaks down according to these risk dimensions. Figure 1 summarizes our taxonomy of some of the most important dimensions of risk.

Contributions • We provide a functional breakdown of custodial stablecoin designs that corresponds to the taxonomy and models of traditional financial instruments (Section 2).
• We provide a general functional framework for relating the economic mechanisms of all non-custodial stablecoin designs and discuss new risks that arise in this context (Section 3).
• We raise questions of economic stability and security that are applicable to evaluating non-custodial stablecoins (Section 3).
• We provide a model framework for measuring stability and safety, including open research problems based on agent decision making (Section 4).
• We provide a method for evaluating agents’ preferences expressed as utility functions, and provide a minimal working example using Maker’s historical data (Section 4).
•Finally, we outline how our model can be applied to DeFi protocols, including composite stablecoins, cross-chain, and shared assets, as well as lending protocols and decentralized exchanges (Section 5).

2. Custodial Stablecoins

In a custodial stablecoin, a custodian is entrusted with the safekeeping of an off-chain collateral asset, such as a fiat currency, bond, or commodity. The issuer (which may be the same entity) then provides digital tokens to represent the on-chain version of the reserve asset (such as the U.S. dollar). The holder of the digital token has some form of claim on the custodial asset, which maintains the peg. The custodial assets include reserve assets (i.e., the assets that the stablecoin is pegged to the U.S. dollar) and capital assets (i.e., other assets that support the stablecoin supply). Capital assets are equivalent to illiquid assets held by banks and short-term Treasury bills held by money market funds.

Custodial assets introduce token holders to counterparties, scrutinizing the risks associated with off-chain assets and the economic risks of capital assets. These risks are similar to those of traditional assets. Counterparty risk may increase due to the shared account structure with the custodian and the lack of government deposit insurance. If the central entity is unable to meet its obligations (e.g., due to fraud, mismanagement, theft, or government seizure), the value of the stablecoin may become zero. Table 1 summarizes the categories, applicable models, and projects.

2.1 100% off-chain reserve

In a backed stablecoin, the stablecoin maintains a 100% reserve ratio, i.e. each stablecoin is backed by a reserve asset (e.g., $1) held by a custodian. The price target is maintained through two mechanisms. Tokens can be redeemed directly off-chain for the underlying reserve asset. In this case, arbitrage trading incentivizes external participants to close any price deviations that occur. Alternatively, the issuer can designate “authorized participants” (which may be the issuer itself) to solely have the ability to create and redeem stablecoins against the reserve. In this case, the authorized participants capture price deviation arbitrage.

The reserve market resembles the structures of electronic money, narrow banks, and currency boards. Electronic money is a prepaid bearer instrument. Deposits in narrow banks are backed by 100% of the central bank’s reserves. Currency boards use 100% of a foreign currency’s reserves to maintain a fixed exchange rate against a sovereign currency (e.g., the Hong Kong dollar uses USD reserves to maintain a tight USD peg). Of these, reserve-backed stablecoins are closest to currency boards because the market price fluctuations of stablecoins are subject to creation and redemption, similar to the fluctuations of sovereign currencies being subject to creation and redemption by currency boards. Electronic money and narrow bank deposits, on the other hand, are identical to money itself. It is worth noting that, unlike currency boards, stablecoin reserves may be stored in commercial bank deposit accounts, which may be subject to bank run risk. We discuss our approach to modeling reserve-backed stablecoins in Appendix A.2.

2.2 Fractional Reserves

Fractional reserve stablecoins are backed by a mix of reserve assets and other capital assets and have a target price. The reserve holds reserves in the target asset (or other highly liquid stablecoin assets) that represent <100% of the stablecoin supply to facilitate redemptions of the stablecoin. Similar to the 100% reserve design, these reserve assets may be similar to commercial bank deposits with government deposit insurance levels, in which case they may bear the operating risk of commercial banks. Other capital assets account for the remaining stablecoin supply value and earn a higher interest rate for the stablecoin issuer. Capital assets can be liquidated to handle additional stablecoin redemptions, but there is price risk. Within this category, the important dividing point is the type of capital asset held: illiquid assets (similar to commercial banks) or low-risk assets (similar to money market funds). In either case, the stablecoin has a floating price, so the peg is maintained through similar ETF arbitrage transactions (including fund redemptions). Therefore, the applicable risk model will take the form of an ETF model in tandem with a bank run or money market model, which we discuss next. We provide detailed information for each type of stablecoin in Appendix A.3.

2.3 Central Bank Digital Currency

Central bank digital currencies (CBDCs) are consumer-facing legal digital currencies that are designed to provide a risk-free store of value. CBDCs propose a different monetary system than the status quo. Currently, central bank reserve deposits are available to commercial banks but not to consumers or non-bank businesses. Consumers and businesses hold commercial bank accounts. The non-cash money supply is determined by commercial bank lending (see [60]). The government intervenes in this monetary system to create risk-free consumer deposit accounts by providing insurance on commercial bank deposits. Instead, central banks provide consumer-facing deposits.

CBDC represents a change in the structure of monetary deposits within the banking system, rather than a change in the monetary stability model itself. In fact, CBDC is in many ways a more ideal environment for existing monetary models because it is closer in form to fiat money than to commercial bank deposits. Traditional monetary models such as [64] and [38] are suitable for understanding the stability of fiat money. These models generally assume that the central bank/government seeks stability for its own benefit, rather than the private banks discussed above, which are profit-seeking. A fiat currency is assumed to be backed by the economy of a particular country, which provides the natural demand for monetary economic activity, as well as military power and legal institutions. In this case, agents in these models hedge their current positions against the demands of the next period, part of which are in fiat money and part of which are in foreign currency, subject to potential monetary attacks by attacking agents. The ability to maintain the peg in this case will depend on the relationship between the central bank's foreign exchange reserves and the needs of the economy.

3 Non-custodial stablecoins

Non-custodial stablecoins are designed to be independent of the social institutions that custodial designs rely on. They do this by establishing an economic structure between participants, which is implemented through smart contracts. In this case, the underlying blockchain mechanism prevents direct confiscation of assets.

Non-custodial stablecoins are structurally similar to dynamic versions of risk transfer instruments such as collateralized debt obligations (CDOs) and contracts for difference (CFDs). CDOs are backed by a series of collateral assets and divided into several tranches. Any losses are first absorbed by the junior tranche; the senior tranche absorbs losses only if the junior tranche is wiped out.

Functionally, an unmanaged system contains the following components in some form:

• Underlying Value: The economic structure of the underlying value in a stablecoin. This is an abstract concept of collateral, which can be of several types: exogenous when the collateral is primarily external, endogenous when the collateral is created for the purpose of serving as collateral, and implicit when the design lacks explicit collateral.

• Risk Absorbers: Speculative agents that absorb risk and profit in the system (junior tranches of CDOs).

• Stablecoin holders: agents that constitute the demand side of the stablecoin market (senior unit holders of CDOs).

• Issuance Mechanism: A function performed by an agent or algorithm that determines the issuance of stablecoins (how leveraged the CDO is), including the deleveraging process that reduces the supply of stablecoins.

• Governance: A function performed by an agent or algorithm that manages system parameters, such as deleveraging factors and price feeds, and receives a fee for operating the system (managing the equity positions of the CDO).

• Data Feed: The ability to import external asset data (such as USD asset exchange prices) into the blockchain virtual machine so that the system’s smart contracts can read this data.

• Miners: Agents that decide the inclusion and order of actions in the underlying blockchain layer (PoW or PoS).

The specific forms of the components may vary, but the general functions are common across stablecoin designs. Depending on the design, several functions may be performed by a single agent type, while others may be algorithmic. Note that the last three components can be simplified to traditional financial models due to legal protections; in traditional systems, we typically assume that these processes are mechanical rather than strategic actions. As a result, stablecoins are vulnerable to new manipulative attacks around governance, price feeds, and miner extractable value (MEV).

Analogy with the traditional monetary system. We provide an illustration between the Maker stablecoin system and the traditional monetary system to help readers understand their components and functional differences. In Maker, the vault takes risks and performs issuance. The vault stores Ether collateral (primary value), issues Dai backed by this collateral, and invests the proceeds of Dai issuance to obtain leveraged positions. The Fiat currency system includes central banks, commercial banks, and depositors. The central bank regulates commercial banks and holds bank currency reserves. Commercial banks determine the money supply through loans. Depositors hold fiat currency accounts in commercial banks.

Maker vaults are similar to commercial banks in that they both determine the money supply based on issuance incentives. For banks, this is determined by the profitability of lending, which consists of the spread between long-term and short-term interest rates, subject to balance sheet and regulatory constraints and depositor withdrawal expectations. Vaults employ different leverages of betting collateral. Governance parallels that of central banks. Central banks set interest rates with the goal of economic stability and banks’ capital requirements. Models often assume that central banks mechanically target stability. Stablecoin governance takes a different form. Governance sets interest rates and collateral to maximize system profits, which we hope is consistent with stability. Stablecoin holders parallel depositors. Whereas bank depositors have deposit redemption guarantees, stablecoin holders may not have such guarantees. Instead, they must hope that system incentives align to make the stablecoin float stable and liquid.

A final useful comparison is that of a governance attack. By setting system parameters, a stablecoin regulator can essentially steal the value locked in the system, which we discuss in the context of the model in the next section. A parallel attack on the traditional monetary system would be for a central bank to print money indefinitely for the benefit of the government.

3.1 Basic Value

Underlying value is an abstract concept of collateral that underlies value in a stablecoin system. It combines the value of the collateral with explicit market prices and/or coordinated “in-system” non-tokenized value between participants, which we call implicit collateral. This primary value comes from market expectations of some system. For exotic crypto collateral (like ETH), this is the expectation and “confidence” in Ethereum. In implicit collateral, it is the coordinated “confidence” in the stablecoin system itself. In contrast, fiat currencies are confidence in a country’s government, economy, and legal system. In gold-backed currencies, it is confidence in gold. In tokenized assets, it may be confidence in the custodian, and expectations of the cash flows of the underlying assets.

Exogenous collateral. Exogenous collateral refers to assets that are outside the stablecoin system, and only a small portion of them may be used in the collateral of the stablecoin. For example, ETH in Maker. Stablecoins are issued against this collateral, and collateral factors determine the minimum degree of over-crossing allowed in the system. From a modeling perspective, the price of exogenous collateral can be modeled exogenously.

Endogenous collateral. Endogenous collateral is an asset whose purpose is to serve as collateral for a stablecoin. This means it has few competing uses outside of the stablecoin system. Examples include SNX in Synthetix (where issuance is proxy-based) and “shares” in seigniorage shares (where issuance is algorithmic)[77]. In seigniorage shares, a “stake”-like position insures the system against price risk, absorbing losses when stablecoin demand is low and supply needs to be contracted, and receiving newly minted stablecoin when demand is high and supply needs to be expanded. The price of endogenous collateral cannot be modeled exogenously due to the endogenous feedback effect between the use of the stablecoin and the value of the collateral. Its value comes from the self-fulfilling coordination of “confidence” between participants.

For example, in a crisis of confidence, if demand expectations from stablecoin holders are low, then the value of the inherent collateral should be low, which will further shake confidence in the system and demand. On the other hand, high expectations can be self-fulfilling: with high added value, stablecoins are in some sense safer. If demand from stablecoin holders is high, then a high price for the inherent collateral is justified.

The distinction between exogenous and endogenous is best conceptualized as a spectrum. For example, the selected collateral has an external use but is strongly correlated with the stablecoin (such as the Steem dollar), and some stablecoins are backed by a basket of collateral that includes both exogenous and endogenous collateral (such as Celo). From a modeling perspective, this spectrum can be represented as the strength of these feedback effects.

Implicit collateral. Some stablecoin designs do not have explicit collateral, but instead propose market mechanisms that dynamically adjust supply to stabilize price. Speculators can be incentivized to absorb losses when supply needs to decrease, and expect to be rewarded when stablecoin supply needs to increase. We compare the positions of such speculators to the case of endogenous collateral with important functional differences. Both derive value from usage and speculative expectations among participants. Endogenous collateral represents an explicit tokenization of this, including an obligation to absorb losses during supply decreases, which means it has a directly observable market price. Implicit collateral is not explicitly tokenized, and risk takers have no direct obligation to absorb losses. For modeling, implicit collateral can be explained as endogenous collateral behind the scenes, and explains differences in the financial structure of risk takers. This coordinated behind-the-scenes “market price” can only be observed indirectly in the level of market demand and speculative demand for stablecoins. However, they will play a role similar to endogenous collateral in evaluating speculative and stablecoin positions. The stability of endogenous and implicitly backed stability depends on how participants perceive and coordinate this value over time.

One type includes base [2] and digit [50]. In these designs, “shares” are granted if the stablecoin supply increases, but do not necessarily face direct losses on supply contracts (of course, they do face indirect losses from market prices). Supply contraction relies on selling “bond” positions, removing stablecoins from circulation in exchange for a return when the supply increases in the future. In base, this is algorithmic, while in NuBits this is coordinated through stake voting (there are a number of other stabilization mechanisms, including stake demurrage, for voters to choose from). If we tokenize the obligation to buy “bonds” during contraction and combine it with “stock” positions, the result is similar to seigniorage shares. Since it is not tokenized in this way, the equivalent of “collateral” is only implicit and has no observable market price. In contrast, seigniorage “shares” should be compensated for additional debt at a different value. And the stability of downside prices will depend on the incentives of risk takers at the time, not in advance (see [45] for comments).

The second type, which we refer to as mining absorption (e.g., [33]), aims to stabilize the blockchain’s underlying asset by manipulating protocol incentives. These designs propose to dynamically adjust supply by regulating the level and burn of mining rewards, mining difficulty, transaction fees, or interest fees. This means that miners are engaging in an implicit risk absorption mechanism that aims to absorb price risk but has no obligation to continue mining/risk absorption. In many ways, this is similar to the Basis/Nubits design. Miners are rewarded with newly minted stablecoins when the supply needs to be increased, and face a significant reduction in rewards and burned transaction fees if they choose to continue mining when the supply needs to be reduced.

3.2 Risk Absorption and Issuance

Stablecoin mechanisms work when they incentivize speculators to absorb price risk. These risk absorbing positions come in two main forms. In equity risk absorption, there is a secondary asset and any holder of that asset implicitly benefits from the stablecoin. For example, the market cap of Steem is implicitly backed by Steem dollars; Steem dollar holders can redeem Steem dollars for newly minted Steem dollars, and all Steem holders bear this inflation cost. In agent risk absorption, a single agent manages a vault containing the primary value that absorbs stablecoin market risk. In agent risk absorption, the agent decides how much to participate with their assets, while in equity risk absorption, every holder of the secondary asset participates proportionally. In many cases, the role of the risk absorber is also combined with the issuance of stable bonds.

The issuance process determines the stablecoin supply. The details can vary a lot, but there are two general types. In proxy issuance, the size of the stablecoin supply, or more specifically the leverage of the system (the size of the stablecoin supply relative to the value of the collateral), is determined by the proxy in the process of optimizing the position. The decision maker is usually the risk taker in the system. For example, in Maker, vaults determine their stability in managing the vault's leverage. In NuBits, owners of "equity" class shares collectively vote on issuance decisions to balance demand.

In algorithmic issuance, the process of adjusting leverage (relative to supply) is programmed into the stablecoin protocol code. For example, in the Duo network, leverage is determined by a “leverage reset” algorithm that balances the supply of stablecoins relative to the value of the collateral. In seigniorage shares, newly issued shares are algorithmically granted to “equity” holders to balance demand.

The deleveraging process is also part of the issuance, and can be invoked to reduce the supply of stablecoins if the deleveraging factor is violated, or if stablecoin holders are allowed to redeem stablecoin collateral. For example, in Maker, if the vault's stablecoin issuance is too large relative to the collateral value, then the collateral will be liquidated to reduce leverage. In Duo Network, a "leverage reset" may force liquidation of some positions if the collateral factor is violated. In seigniorage equity, "equity" holders take losses to reduce the stablecoin supply under demand shocks. If the price falls below the target price, stablecoin holders can redeem newly minted Steem.

As discussed in [48] and [49], non-custodial stablecoins based on leveraged loan markets face deleveraging risks, which can lead to feedback spirals in the underlying value. Most existing non-custodial assets meet this leveraged loan characteristic. These deleveraging risks come in two forms. The first is the feedback effect on the stablecoin market: as stablecoin liquidity dries up, the value of the collateral may be consumed more rapidly in the liquidation process. As predicted in [48] and demonstrated in Maker during the “Black Thursday” in March 2020, the cost of deleveraging in a crisis can be significantly higher than $1 per stablecoin. The second is the direct feedback effect of the underlying collateral. For endogenous collateral, liquidation has liquidity and fire-sale effects on the collateral asset market in addition to the feedback effect of reduced expectations.

Similar feedback occurs in implicit collateral, affecting risk-takers’ positions and demand for stablecoins. For both types of implicit collateral, there is a cap on what can be absorbed. For seigniorage shares, this is demurrage on shareholders. For absorbed miners, this could be 0 block rewards, except perhaps in systems where shares can be slashed as demurrage. The result is a feedback in the incentive to participate and the value of the risk-absorbing position. For example, for miners to be willing to continue mining in the absence of mining rewards, the expectation of future profits needs to be greater than the costs. The decision to continue participating will depend on whether the investment can be repurposed, and the potential returns from competitors. After this cap, the remaining flexibility is only to burn fees when using stablecoins, which has a feedback effect on the attractiveness of holding stablecoins.

This leads to two general and fundamental questions:

Question 1 (Incentivized Guarantees). Is there a mutual benefit of continued participation among the parties? If not, then the mechanism cannot work because no one will participate. This question also includes the motivations around attacks; in particular, if the incentives lead to profitable attacks, then rational agents will be less willing to participate. With that answered, we can understand the follow-up questions:

Question 2 (Economic Stability): Do incentives really lead to stable outcomes?

Note that specific feedback effects can be mitigated. However, the result is usually to transfer risk from one agent to another. In either case, risk affects participation incentives. For example, in collateral liquidations, some stablecoin holders can be liquidated at the par value of the collateral asset rather than at the floating market price. This eliminates the feedback effect on the stablecoin market price and reduces deleveraging risk for risk takers. However, in contrast, stablecoins may become less attractive to stablecoin holders because they now bear more liquidation risk.

The type of stablecoin mechanism also significantly affects incentives. When the design is agent-based, agents have greater decision flexibility and are more likely to find a profitable level of participation. In contrast, when the design is more algorithmic and/or has equity risk absorption, agents are more constrained and are less likely to participate in the system. Several past stablecoin events serve as case studies of deleveraging effects. Appendix Table 4 illustrates this.

Stablecoins can also incorporate other insurance mechanisms to mitigate risk (e.g., [66, 69, 81]). The simplest approach is to establish a fully collateralized put option market, where each stablecoin holder can buy an option to convert that stablecoin into another stablecoin/asset. Of course, the value of this insurance is only as important as the collateral behind it. Other insurance mechanisms add a layer to the protocol that aims to provide a global buffer against shortfalls, for example, in the event that the “dynamic” part of the CDO structure does not cover all losses. In some cases, these can be interpreted as the “mezzanine” part of a CDO-like structure, although this is not entirely accurate because this “part” is often unsecured. In particular, many current stablecoin companies generate cash flows from fees that are securitized into governance tokens (e.g., MKR in Maker). To cover the shortfall, the value of future cash flows can be auctioned off by selling new governance tokens. However, the value of future cash flows would evaporate in the event of a death spiral. Alternatively, a portion of past fees can be converted into a buffer to cover the shortfall. In fact, there is a spectrum between these options, where the securitized cash flows can be sold at any time to maintain an adequate buffer.

Underestimation of buffers in stablecoin design. [49] shows that leveraged lending-based stablecoins can remain stable in regions where the underlying collateral price process is submartingale (i.e., next-period expected returns are positive) and can collapse in such regions. While there are some concerns about the plausibility of the submartingale assumption, it may be more plausible in a relaxed form where downsides are short-lived (or long-term expected returns are positive). Beyond short-lived downside events, derivative design does little to help the system survive. In this relaxed form, it is important that the system has sufficient buffers to survive short-lived events; we suggest that much of the concern about the appropriateness of the submartingale assumption can be translated into a concern about the appropriate size of the buffer. In this way, we expect that an optimized buffer design can extend the stability of the stable region, which is largely understudied in current designs. Another form of buffer is proposed in [49]: vault insurance, which can buffer the effects of deleveraging spirals.

We also suggest that well-designed buffers can expand design possibilities beyond the leveraged loan-based stablecoin market. For example, stablecoin designs based on different foundations of monetary reserves and monetary peg models, where the peg is maintained through internal buffer effects. An example of these ideas is discussed further in the context of composite stablecoins in Section 5.2 and [44, 47].

3.3 Governance, Mining, and Manipulation

We will now introduce the design components that introduce the potential for manipulation in the system. In custodial systems, such manipulation is typically avoided by relying on social institutions. In contrast, permissionless systems typically do not provide strong identities, which leads to anonymous attacks that are unstoppable by various institutions. The precise form of these components affects the size and scope of attack vectors but does not substantially change their form; therefore, we will focus on the functional forms that are important for economic models. We provide a list of historical manipulation events as case studies in Table 6 in the Appendix.

Data Feeds. Noncustodial stablecoin markets require asset price data that is pegged to a target asset (e.g., ETH/USD price). Since fiat-to-cryptocurrency conversions can only be performed on off-chain exchanges, this data is not accessible on-chain. Stablecoins therefore rely on a mechanism to import this data into the blockchain virtual machine so that the stablecoin smart contract (also known as an “oracle”) can read it. Therefore, unlike native behaviors such as transaction validity within a blockchain or transaction validity between blockchains, the correctness of the imported data cannot be objectively verified on-chain [83]. There are various approaches, both centralized and decentralized, to constructing such a data feed. We provide a brief overview of this in the Appendix. However, from a functional perspective, we can abstract away from the technical details and focus on the economic structure that this data adds.

Data feeds introduce a new incentive problem: if there is an extractable value X for importing data into the system, then an attacker will spend at most X to manipulate that data. Centralized oracle data feeds can be manipulated by counterparties, which creates potentially perverse incentives for counterparties as well as a single point of failure. Decentralized approaches typically break down in the face of game-theoretic attacks. Therefore, data feeds add an inherent potential for manipulation to our general model. Important factors include who can manipulate the feed, how much of the feed can be manipulated, and the costs involved in such manipulation. Given this, a reasonable goal is to achieve data feed incentive compatibility so that reporting is honest in a combined data feed stablecoin system.

Governance. Stablecoin governance is tasked with managing system parameters such as interest rates, collateral factors, data feed management, time delays, system upgrades, and emergency system resolution. In return, they typically receive some fee income from the system. Managers can take the form of governance token holders who vote on parameters, founding companies, roles of other agents in the system, or may be algorithmic.

If it is performed by agents, then those agents have the ability to manipulate the system through these parameters. For the system to be secure, governance must be prevented from performing fatal attacks on the system. Potentially profitable attacks will feed back into the participation decisions of other agents in the system. For example, if governance is tokenized, then the token valuation/expected value (which may be significantly reduced after an attack) and any other costs must be high enough to outweigh the benefits of the attack. We discuss several attacks in the next section, including manipulating data sources and parameters to extract incidental value.

Governance is also closely related to system stability. In this anonymous environment, it is typical for the assumption in the central bank’s model to expect governance to maximize expected profits rather than target stability for its own benefit. To what extent various governance structures align incentives with stability goals is an open question.

On the other hand, if governance is algorithmic, stablecoins may be vulnerable to game attacks from other participants. These attacks can take a related form, assuming that the governance algorithm is given, and construct similar end results: for example, bribing selected data sources to extract system value. The potential benefits of these attacks will be fed back into the participation incentives of agents in the system.

Miners. Implement non-custodial stablecoins in the underlying blockchain layer. This can be the "top level" of a blockchain in the form of a smart contract or can go directly into the core operation. In either case, the underlying blockchain is maintained by a group of miners. In this article, we classify miners (usually used for PoW context) and validator (usually used for PoS) under the term "miner." In maintaining a blockchain, the miners decide on the inclusion and sorting of transactions in the ledger—whether in the next mining block or in the previous block, because miners always have the option to re-mine earlier blocks to change the transaction structure. Therefore, they have complete control over the history of the ledger.

The blockchain system is designed to allow miners to ensure the persistence and activity of the ledger [32]. In this case, persistence means that the valid transactions contained in the ledger are ultimately considered the final transaction, i.e., all honest agents will report the transactions at the same location in the ledger. The liveness attribute requires that transactions sent from the honest agents be eventually inserted into the ledger. In return, miners will receive compensation, including the expense of incorporating transactions into the block, and the block rewards for extending the ledger with the new block. Since current and future returns are usually paid in the underlying assets, miners have the motivation to avoid attacks that harm these returns.

However, miners can also get paid from other sources other than blockchain protocols. For example, miners can seize arbitrage opportunities in asset exchanges on ledgers, or place bets and manipulate results during mining, or accept bribes for others [59]. This is summarized as Miner Extractable Value (MEV) [26]. A rational miner will take into account MEV to determine profit maximization actions, which may not always be honest mining-backed blockchains. If the MEV is valuable enough, miners are often motivated to capture it through attacks.

In a stable market environment, MEVs bring some risks. First, special attacks using stablecoin deleveraging events and clearing are possible [48]. This creates MEV opportunities that may inspire attacks on stablecoins that destabilize. Understanding security and incentive consistency in this case, as well as game-theoretic interactions between many stablecoin agents and miners is still a problem to be solved. Second, miner attacks bring consensus risks to the blockchain layer (e.g., impact persistence). This form of attack may have an impact on the underlying assets of the blockchain, which may be an affiliated asset in the stablecoin. Even if the stablecoin itself is not the focus of the attack, this can have an impact on the stability of the stablecoin. Third, in the case of stablecoins embedded in the basic protocol, stablecoins can directly manipulate the miner reward incentive rather than indirectly manipulate the incentives through MEVs. This raises a related open question of whether such blockchains can operate (e.g., whether activeness can be achieved).

Other risks. We briefly mention two other risks. One is often referred to as “smart contract risk.” Because stablecoin systems execute algorithms without the supervision of a specific institution, they face the risks of flaws in specifications and implementations, such as transaction sorting dependencies, spillovers, and reentry risks. By introducing some “default” probabilities (in this case software defects) and some random recovery rates, these risks can be expressed in a way similar to the credit risk model. Formal verification methods are often used to mitigate these risks. Another risk is the risk of contagiousness from other protocols. In a practical environment, these systems do not appear in isolation. For example, the chain liquidation of ETH and BTC between multiple leveraged platforms occurs on “Black Thursday” in March 2020. We suggest that such cascading liquidation can be simulated using a sale model of a shared asset holding network (e.g. [14]).

4 Models and measures

Uncustodial stablecoins are based on new risks in noncustodial stablecoins, and existing financial models cannot be “out of the box”. Here, we will introduce some basic models that can fully capture these risks. First, we are inspired by the capital structure model, extending a basic model to capture other aspects, and giving four formal examples of such problems. Second, we consider the fork model, moving from the single-forward nature of the capital structure model we proposed to multiple rounds of games. Third, we briefly review some models that focus on whether noncustodial incentive structures can lead to stable price dynamics. Finally, we include an estimation of utility functions, especially for the Maker protocol.

4.1 Capital Structure Model

We take inspiration from the capital structure model ([29], [67]) to understand incentives and attacks in the stablecoin market. The initial form of these models describes the incentive mechanisms in IPO issuance between stockholders, bondholders and managers. In the stablecoin adaptation, the model describes incentive mechanisms between holding governance tokens (equities), stablecoin holders (bond holders), and vault/risk absorbers (managers). We link the vault to managers because the vault determines the supply of stablecoins.

We consider three types of assets: COL (collateral asset, such as ETH), GOV (governance token token) and STBL (stablecoin). In Question 1-2, we consider the coffers given to COL, the governor given to GOV, and the stablecoin holder who purchased STBL. In Question 3, we consider a different formula where the agent selects the portfolio of assets, including the strategic holdings of governance

•?=Dollar value of vault collateral (COL position)

•?=Random rate of return for columns

•?=Total amount of stablecoin issuance (debt face value)

•?=Return rate of new opportunities; Vault issuance of stablecoins (debt)

•?=Section factors

•?=The interest rate of issuing short-term bonds paid by the vault

• Opportunities from outside the vault

•?(·)=Utilization function of stablecoin holder

•?=The market price of STBL stablecoin at the time of issuance

•??=Governance market value at model time?, terminal valuation parameters?.

The model is divided into three stages: (0) governance determines interest rates (i.e. contract with the vault), (1) Treasury determines stablecoin issuance against collateral positions, and (2) the system attacks in profitability. In one simplest formula, vaults and governance are assumed to maximize expectations (risk neutral), and stablecoin holders have risk aversion utility under which the depth of demand is not limited, and we then relax the utility.

These three model stages produce a series of governance token prices [0, 1, 2]. In the simplest form, these represent discounted cash flow generated by governance with each information provided. Note that which of the optimization problems occurs depends on the precise problem setting we modeled. ?0 is the goal of managers' optimization in stage 0. ?1 gives the governance token valuation after the coin and stablecoin holders strategically participate in governance ownership (as in question 3). ?2 gives the governance valuation at the end of the model. In the absence of an attack, ?2=??+?, where ? is the terminal evaluation parameter. If an attack occurs, we assume that the participant abandons the system and get ?2=0. Terminal valuation represents the growth potential of the stable market: for example, if the future ? becomes larger, then the government cash flow will also become larger.

4.1.1 Question 1: The capital structure is not attacked. Question 1 introduces a simple setup without attack. This is similar to the classic capital structure problem (which can also be similar to [29]), a specific form of contract is signed between equity and managers: now the vault obtains all profits from leverage and pays interest to the governance body. The governance selection problem is to maximize the expected expense income based on the stable issuance of the vault. The vault selection problem is to maximize the expected return of the leverage under the following constraints: (1) collateral constraints, (2) participation constraints, (3) stablecoin market price holds an expected utility of a stable return as the holder.

Note that for the sake of simplicity, there are several limitations for formulaic models. In a more complete model, vaults may consider collateral liquidation costs (such as [49]) and the last-hand insurance role of the governance volume to cover any collateral shortages (this can be done by adding the terms of –[?(1+120575;)−?(1+?)]+ in the governance target and modifying the stablecoin pricing limit). Some stablecoins also include interest rates paid to or paid by their holders. Finally, note that settings and management with vault order selection are realistic as well as concurrent selection.

4.1.2 Question 2: There is a capital structure for governance attacks. We consider the form of governance attack vectors described in [86] and [37]. In such an attack, a proxy with a part of the GOV governance token is able to steal some of the collateral in the system. As stated in [86], this may occur in the Maker system, at which time ?=0.1 and ?=1 (or perhaps ?>1 considering the simultaneous attacks on other systems using stablecoins) because governance is granted the power to change the contract arbitrarily.
If the benefits exceed the cost, this attack is profitable:

Where ? contains the cost of an external attack, and ?(??+?) is the opportunity cost of an attack (the value of the score of the governance token). Note that in traditional financial environments, we usually have ? >> ?: ? represents the high cost due to legal/reputation recourse. This reduces the problem to question 1, because the attack is always unprofitable.
In the question 2 setting, the manager is divided into two groups: attack group and non-attack group. If we believe that a single regulator has a separate attack cost, the attack group will consist of the smallest score. If ?<0.5, the non-attack group will determine the interest rate, and the attack group will determine whether ?∈{0, 1} will attack. If ?>0.5, the attack group will determine the situation of ?<0.5. Question 2 modeled the situation of ?<0.5: the governance selection problem represents the non-attack group decision on ?, and the attack group decision is represented by the 1? constraint. Note that a simple re-formulation of the governance target will simulate the situation of ?>0.5.
Vault decisions extend to include collateral amounts locked in the stablecoin system, but must meet the amount available to the vault; the locked amount may be confiscated by the governance attack. This is compared to question 1, because there is no attack vector (the previous one is the new α), all vault COLs are locked. For simplicity, the setup assumes that the vault has no collateral to be recovered after the calculation of the vault under a successful attack; this can be relaxed by adding a clause to the vault target. As an extension of question 2, bribery decisions from the vault to the governance layer can also be included to change the attack motivation.

In question 2, incentive consistency against attacks (security) will depend heavily on ? and ? because the order of ?? is unrealistic (100% interest rate). In long-term growth equilibrium, for some discount factors ??, ?, will be related to geometric and ??1−?. This allows us to understand that long-term incentive securities rely on an environment where long-term incentives are dependent on a large term equivalent to centralized recourse. In particular, combined with the conditions and collateral constraints of non-attack decisions, we need ???<120573; with incentive security against attacks, which is very limited to the actual value of these quantities. In the vault without sufficient incentive conditions (or in the vault without sufficient incentive conditions, participation in the vault is impossible).

We can interpret this as the concept of “the cost of no governance state”. In this case, we may need to measure the ratio between “optimal decentralized equilibrium” and the optimal “centralized” solution (e.g., when ? >> 0 is reduced to question 1). A natural task for protocol designers is to optimize this cost.

4.1.3 Question 3: Portfolio options with collusion attacks. Now we consider the form of conspiracy attack vectors described in [46]. For example, a group that controls GOV governance most of the tokens (e.g. 51%, although perhaps lower) can manipulate the price supply and settle the system, allowing stablecoin holders or vaults to have a larger share of collateral. If the group also holds a profitable position (e.g. stablecoins), the attack may be profitable unless the governance token holds enough market value. This 51% style attack cannot be mitigated in nature.

We model these attacks in a more complex environment; Appendix Question 3 gives a complete formal setup. In this case, vaults and stablecoin holders are given value and choose portfolios of available assets, some of which need to be involved in the stablecoin system and are attacked. They may strategically raise the price of governance tokens to ensure the security of the system, or acquire governance and/or bribery, in an attempt to trigger a profitable attack. The third agent is an external government holder who can choose to collude with other agents. These agents make the following strategic decisions:

• The vault determines the extent of participation of the portfolio x, stablecoins and ?, as well as bribery factors from external managers.

• Stablecoin holders decide to allocate the portfolio y between STBL, GOV and COL and assign the bribery coefficient to the external director.

• External managers hold part of the government, decide on interest rates, and decide whether to collude with vaults (??), stablecoin holders (??), or whether there is no attack (??).

The bribe provided is a small part of the attack's profit. If the ?govern the conspiracy part (e.g., the threshold for manipulating the price supply), the attack is profitable—we can usually take ?≥0.5, but if complicity with the miner is added, the attack may be lower. The components of the portfolio x, y are measured in the value of the dollar, and the sum of which is the total donation value.

Assume that the COL market is fully liquid at a given price, so portfolio decisions have no price impact on COL. We will focus on governance and endogenous price modeling of stablecoin STBL. The price of governance is determined by function ?(x?, y?,?); we assume that this = E[??+?], no vault or stablecoin holder participates in the governance market. In this model, ?2=?1, condition that there is no attack. If an attack occurs, the government price will be zero. Stablecoin STBL price is determined by function ?(?, y?) to balance supply and demand. Since stablecoin holders have a value given on this issue, we no longer assume that the STBL market demand has infinite depth at a given utility value, like the previous formula. The behavior of this model may depend heavily on the choice of function ?,?. There are multiple options that can be explored to consider different market structures.

Compared to question 2, the vault now determines the number of COLs to be held (x?), equivalent to the previous one, and the amount in that amount locked in the stablecoin as collateral (?) as collateral. Similarly, x?, y? represents the GOV amount in the vault and the stablecoin holder portfolio, respectively. We now have three attack decision variables (??,?,??), one of which will take a value of 1. This logic is encoded in the 2nd-4th constraint of the external governance selection problem

4.1.4 Question 4: Miner Absorption Mechanism. The miner Absorption System is a variant of the question raised because it explicitly models the mine work as the core participants. The stablecoins absorbed by the miner include two agents: the miner, the governor and the miner, and the stablecoin holder. In addition, the system includes the algorithmic publishing role (i.e., part of the base blockchain consensus protocol). The main value of the miner Absorption Mechanism is implicit collateral. In this problem setting, we assume that the miner is a risk-neutral, economically rational agent. In addition, we assume that the base blockchain includes the STBL of a single stablecoin (i.e., there is no GOV and COL tokens present), and that it contains the correct and latest price oracle data.

We define question 4 as: If a miner generates a new block in the expected return, then considering the mining cost, as well as long-term confidence in the system (expressed as ?1), then the rate of return calculated at the market price of STBL? In ?, we include all the variable and fixed costs of generating the block. The miner's decision is expressed by ?, so ?=1 code generates a block, while ?=0 is the opposite.

: : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : This is similar to stablecoin holders using STBL to pay bills, but plan to use the system for a long time.

The miner reward is adjusted by issuance algorithm. The release algorithm is abstract. However, the goal of the issuance algorithm is to minimize price movements. We note that in PoW systems, since the release algorithm can pay zero rewards in the worst case but cannot "take away" existing value, the rewards are limited to ?≤0 in PoW systems. In PoS systems, this can be achieved by significantly reducing PoS miners, in a semester sharing system, if the miner holds an additional risk asset, such as COL[77]. The issuance algorithm takes the price function as input, but must assume ?=1. The miner absorption problem takes the previous component and adds new components as shown below:

•?=Cost of mining blocks •?=Receive stable costs •?=The utility of StableCoon holders to external STBL opportunities •?=Rewards for payments to the next block

Considering question 4, it depends on the stablecoin holder's expectations of the STBL price and the subsequent rebalancing of the portfolio y. If the stablecoin holder expects the price to be stable, he will increase the STBL he holds (consider the acquisition cost expressed in ?) or maintain the shares he currently holds. On the other hand, price instability will lead to the redistribution of portfolio weights in the direction of exogenous stability13. We discuss changes in portfolio allocation because these changes will have a more serious impact on ?.

Case 1: STBL y0S 0. This in turn increases the total supply. Assuming that ???>?, miners should choose to mine a block of ?=1. It is worth noting that the issuance algorithm can increase ? by simply increasing the mining reward to meet any demand. However, there is still a problem here: ? is paid directly to the miner. If the miner does not reassign STBL to the stablecoin holder, even issuance ? will cause a price increase. On the contrary, if the setting of ? is too high and the miner sells the open-pit mine directly, the price of the open-pit mine may drop. Therefore, it is very important to find a stable-price issuance algorithm when portfolio allocation and miner decisions are not possible.

: : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : :

Furthermore, if miners can easily switch between different chains, they are likely to abandon the current stablecoin chain in favor of a high-return chain. If the conversion cost is high, for example, if a miner does not produce blocks in a given time, they will cut significantly like a PoS system. However, hard to leave also means hard to join: a miner needs to ensure his return will be positively expected. By increasing pre-emptive demand, such as professional hardware or buying a certain currency, the expected return will be minimized through the purchase cost and the opportunity cost of maintaining hardware/coin shares.

4.1.5 Further changes.

Endogenous collateral. We need to consider the endogenous COL price now: if the main purpose of COL is within the stablecoin system, the behavior of the stablecoin agent will have a direct price impact on the COL. One approach is to define the COL price return as a function of the decision variable and use this price formula to update the vault and stablecoin holder’s goal. In this way, a driver random variable (such as the ? in the exogenous formula) describes the outside world’s trust in the system, which will be the input to the price function in addition to the proxy decision. As with the function in question 1-2, the precise expression of this price function plays an important role in the problem, but we can explore some different market structures. In addition, if GOV=COL, the governance and vault roles can be merged into the same location. Governance can also be external parties without explicitly marked, such as addresses controlled by the founding company.

Algorithm Issuance. When stablecoin issuance is automatically completed by the algorithmic protocol, the vault is no longer a player. Instead, the issuance process becomes a constraint on the remaining participants, as shown in question 4. The issuance process will directly affect the value of the governance token, in which case it may be worth considering the participation decision to have governance (e.g., in the portfolio selection question). If all COLs implicitly support stablecoins, the insurance role will be included in the decision of the general COL holder to hold COL and therefore in the COL pricing. If GOV=COL, then all this comes down to the pricing of GOV. If a specific portfolio of COL (and/or other assets) supports STBL, not all COLs, then the money market model may be useful. [70] Models like this can be used to consider the portfolio and last resort insurance role of governance (sponsor support) in a stable environment with additional attack vectors.

MEV: Miners can extract additional value. Some single-cycle MEV attacks can be modeled within the capital structure framework by placing the mine work as a proxy of the second governance type, which determines the inclusion and ordering of transactions. For example, miners can make potential profits from pre-made short-term injunction issuance decisions, or limit the behavior of other agents through bribery. For a richer MEV attack, we will describe the adaptability of the blockchain fork model in the next section.

4.2 Fork model

The capital structure model considers a single time step: according to the expectations of the agents, they will choose to perform certain actions in the next round. In this section, we extend the model to explore how multi-round proxy decisions affect the stability and security of the stablecoin system. Specifically, we need to consider the feedback mechanisms between different agents in multiple rounds of interaction. In this case, the agent adjusts its future operations based on beliefs about the operations of other agents and the output of the integrated algorithm (e.g., issuance or/and governance). In addition, we believe that the licenseless ledger used in non-custom designs (e.g., Maker) lacks finality. Miners are able to reorder transactions and rewrite history within a certain depth of the ledger [32]. This also allows the agent to adjust past behavior. The resulting forked model is very complex, especially when considering the combination of complex unmanaged systems (e.g., Maker) with underlying blockchains (e.g., Ethereum).

Below, we consider a simpler formula with a specific coupling between the underlying blockchain and other independent models of the application layer. The output of one layer will be used as an external input to the other layer and vice versa. For example, the size of the MEV determined in the participation of the application layer is fed back to the excitation of the forked attack of the base layer, and the forked attack of the base layer in turn to the probability of attack in the incentive mechanism of the application layer. In this way, a complex forked model can be simplified to simpler problems that can be solved iteratively to find the balance point. This section is informal so that we can describe the desired extension, but not the formal problem.

: : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : In addition, we can also consider the risk preferences of miners [21], selfish mining [31], and the effects of block returns compared to transaction fees [20,80].

: : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : :

4.3 Price dynamic model

We provide a simple review model that explores a higher level of question whether a non-custodial stable incentive structure can lead to a stable price dynamic. One challenge here is to model the feedback effects of agent decisions, as described in the previous section. For example, in the most closely related traditional financial models, the assumed stable assets are borrowed for collateral, whereas in the non-custodial stable asset setting, the borrowed "stable" assets have an endogenous price and/or participation level. The decisions of other agents will affect that endogenous price and the level of participation of the stable holder.

[49] and [48] construct a random model of endogenous stablecoin prices in exogenous collateral systems, considering deleveraging and liquidation behavior under non-completely elastic stable demand. In this case, they modeled the incentives for the issuance, considering that the issuance involves leveraged betting on collateral assets. They illustrate potential deleveraging feedback effects in the stabilizing market that lead to a rise in stable oil prices and describe areas of stable and unstable stability in the stable market. Therefore, in a crisis, the vault may have to pay deleveraging fees above the face value. Dai's behavior on Black Thursday confirmed this, which was actually predicted in [48] a year ago.

There are several open follow-up questions. For example, assessing the impact of deleveraging events on the incentives for participation of stablecoin holders (especially for different designs and alternatives available to stablecoin holders), exploring the instability effects of many vaults, such as the fork model mentioned earlier, and extending to the endogenous collateral model.

Some other literatures also apply to the stability of stablecoins. [37] and [43] Model cryptocurrency mortgage lending platforms. These do not include feedback effects on the stable asset market, but include feedback effects on the liquidity of collateral assets. A simpler stablecoin problem that does not involve feedback effects is modeled in [15]. In literature [18], options pricing theory is applied to a suggested stablecoin, using the partial differential equation method (PDE) to value parts of the proposed stablecoin, also without feedback effects. Some stable companies have also performed stability analysis (e.g. [22], [72]), although these analyses are generally limited in scope and contain a large number of assumptions.

4.4 Agents, risk preferences and attitudes

Agents’ risk preferences, in turn, act on their behavior, are the central goal of stablecoin design. In Appendix A.5, we first describe a framework that can be used to simulate preferences and then outline two methods that can be used to estimate agent risk attitudes. A clear understanding of agent risk attitudes will help improve protocol design and parameter selection.

5 From stablecoins to decentralized finance DEFI

In this section, we discuss the possible implications of our capital structure model. In addition, we outline how the modeling framework proposed in this paper applies to other crypto-economic systems, including composite assets, cross-chain protocols, synthetic assets, mortgage agreements, and decentralized exchange Dex.

5.1 Sustainability incentives

: : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : :

Conjecture 1. In a fully decentralized stablecoin market (?=0), there are (i) multiple stakeholders (e.g., risk absorbers vs. stablecoin holders) and (ii) high flexibility in governance design, and under the actual parameter values, there is no equilibrium of long-term participation.

An analogy helps illustrate the impossibility of some designs: if incentive securities require the bank's stock market value to be a multiple of the total deposit, then there is no depositor participation. The bank's long-term P/E ratio needs to be between 100 or 1000 times, a speculation further demonstrates the importance of studying mutual incentive mechanisms when choosing the right stability scheme. Note that the oracle incentive compatibility problem is also very similar to the stablecoin governance incentive problem. Solving these problems in a completely decentralized and decentralized way is still an open problem.

目前由于稳定币实现的解决方案本质上集中了治理。这个解决方案依赖于一种形式的机构责任，并转化为高?值（例如，在问题2中）。这不一定是个问题；许多传统金融体系都是这样运作的。这就是为什么银行不需要是存款总额的倍数。然而，我们应该公开承认，这种信任线是存在的，而且可能是至关重要的。

5.2 复合稳定币

到目前为止，我们关注的是主要的稳定机制。另一类复合稳定币包括一篮子初级稳定币，以进一步吸收风险。最简单的是ETF稳定币，它使用ETF套利机制创建/赎回针对篮子的复合稳定币。

DEX稳定币的目标是分散风险，同时在各组成部分之间提供交换服务，因此篮子权重随汇率需求而变化。DEX稳定币承担向这些交易所提供流动性的风险。对于基于固定功能做市商（CFMM）的交易所，这种风险在[3,4]中有描述。其他DEX 稳定币设计建议有限的1对1 稳定币交换。现有的DEX稳定币承担着篮子的价值可能会转移到价值最低的组成部分的价值的风险（例如，如果一个潜在的稳定币失败）。

CDO复合稳定币将稳定币的风险分为分期付款例如，这个篮子可能有“稳定币”和“rances”。在结算时，优先份额持有人获得优先选择赎回哪个稳定债券，而最低级份额持有人选择最后一个。因此，初级份额持有人承担了首个稳定币失败的风险，并通过支付利息获得补偿。这种结构引入了一个类似的参与问题：在利息支付的均衡水平下，需要足够多的代理人愿意采取不同的立场。

正如[44]和[47]中所介绍的，一只基金RDF stablecoin持有一篮子资产，通过套利、费用和其他抵押品用途，随着时间的推移，这些资产会累积到安全缓冲区。抵押品篮子的目标是1美元，而应计缓冲旨在消除随着时间推移出现的任何资产故障/偏差。

其他复合稳定币也可能。所有复合稳定币的稳定性依赖于不高度相关的主要稳定币失效。表3总结了复合稳定币、适用模型和项目的类别。

5.3 跨链和合成资产

本文的基础还可以更广泛地应用于综合资产和跨链资产。在附录A.6中，我们解释了目前情况下这些资产类型之间的相关差异，并阐述了我们的基础如何适用。

5.4 贷款协议和DEX

贷款协议。抵押贷款协议的结构与非托管稳定币类似。我们的模型很容易适应于描述这样的协议。贷款协议比非托管稳定币更简单，因为借出的资产是外生的，而不是协议内生的。这使得系统时延的保护措施更加有效。在非定制稳定币设置中，除非保险库可以重新购买稳定币，否则它无法去杠杆并退出。因此，在发生治理攻击时，协议中内置的系统时间延迟可能无效，因为稳定币持有者之间的（盈利的）联盟可以简单地等待延迟，从而阻止许多保险库退出。相反，在抵押贷款环境中，借入资产的外生性的一个重要安全含义是，它可以允许协议参与者在完全实现治理攻击之前离开协议。典型的借入资产要么有更大的市场，要么是一个保管的稳定市场，在这种情况下，保险库总是可以通过发行人按面值创建新的稳定资产，以降低杠杆。因此，系统时间延迟可以通过允许参与者在许多即将发生的治理攻击实现之前退出来保护参与者。

DEXs。有些dex直接或间接地具有治理层。当与存放资产位于同一本地区块链上时，类似于抵押贷款协议，DEX也可能允许参与者在完全实现治理攻击之前退出。然而，当dex操作自己的区块链并控制其治理（例如，符文），参与者退出攻击的能力可能会受到根本限制。在后一种情况下，激励安全性是一个重要的问题，治理和其他参与者的相互参与可以像我们的资本结构模型那样进行建模。

对于dex，费用与交易量成正比，而治理攻击的潜在支出与流动性提供者存款成比例。因此，协议设计者感兴趣的一个关键比率是体量相对于存款。对于DEX，年化交易量可高达∼100×存款（例如Uniswap）。相比之下，对于抵押品的稳定公司，借款资产应计费用，此类费用可低至存款的1/4。这个∼400×因子使得针对治理攻击的激励安全的可行区域在dex中可能比稳定币更大。这使得我们在模型的背景下得出以下猜想：

猜想2。考虑到完全去中心化的系统（?=0）具有（i）多个利益相关方的类别和（ii）在治理设计上的高度灵活性，在现实参数值下，DEXs比稳定币具有更广泛的可行长期参与均衡。

一种解释是，从根本上讲，在经济上保护dex免受治理攻击可能比稳定币更容易。这一推测还提出了一些方法，可以更好地协调广泛的稳定市场治理权力：通过对交易/经济活动（DEX volume）征税，而不是对管理下的资产征税。当然，这样的税收会降低用户对这些稳定方案的兴趣，同时也会增加灵活治理的成本。

6 结束语

我们介绍了一个联系所有稳定币市场经济机制的基本框架，并针对传统金融模型不多的非托管稳定币市场建立了三类模型。这些模型评估了经济稳定性和基于激励的安全措施，考虑到机制运行所需的代理人的相互参与激励。这些模型考虑了攻击向量，包括治理、数据馈送、矿工和去杠杆化市场反馈效应。