Research: 3 major risks in the DeFi market and 8 solutions

In the past year, the Ethereum DeFi ecosystem has seen explosive growth, with the amount of locked funds reaching over US$14 billion, an increase of more than 20 times over last year. At the same time, the risks contained therein are also accelerating.
Well-known venture capital firm Multicoin Capital published its latest blog titled "The DeFi Stack" on its official website on November 24. The authors include the firm's partners Spencer Applebaum and Matt Shapiro, as well as analyst Shayon Sengupta.
In this article, Multicoin Capital analyzes the current basic structure of the DeFi industry and provides readers with a framework to think about how to manage the three major risks in DeFi, including collateral risk, oracle risk, and liquidation risk, as well as 8 solutions to these risks, which is of great reference value in the current DeFi industry where security incidents frequently occur. In view of this, Chain Catcher translated the article and made adjustments and deletions that do not affect the original meaning.
Author: Spencer Applebaum, Matt Shapiro, Shayon Sengupta
Translated by: Wang Dashu, Gong Quanyu

The development of DeFi has benefited from the catalysis of liquidity mining. Now users only need to provide liquidity to AMM (Bancor, Curve, Uniswap), lend assets on lending market protocols (Compound, Aave and Cream), or deposit tokens through yield optimization protocols (Yearn Finance, Harvest Finance, etc.) to obtain attractive returns.

This is partly determined by the composability between protocols. Jesse Walden, founder of Variant Fund, defines composability as: "If a platform's existing resources can be used as building blocks and programmed into higher-level applications, then the platform is composable. Composability is important because it allows developers to do more with less resources, which in turn can lead to faster and more complex innovation. "

In fact, today DeFi users can use ETH as collateral, then create DAI, circulate it through Tornado.Cash, exchange it for USDC on Curve, and bet on election contracts on Polymarket, which is a very amazing scenario. The network effect of the DeFi ecosystem is very strong, but this compound innovation is not without risks.

Specifically for DeFi, risks also increase as innovation compounds. In this article, we will explore the dependencies of the entire DeFi ecosystem and how several key layers support the entire ecosystem. If any of these layers fails, DeFi as a whole will collapse.

The only effective way to understand the risks that investors take through "yield farming" is to understand the dependencies hidden in the DeFi stack and derive the potential risks from them. To do this, you must understand the layers in the DeFi stack.

To better understand these risks and dependencies, we divide the DeFi stack into six different layers:

01 Unpacking the DeFi stack

>>>>Layer 1: Atomic Value Units

Layer 1 in the DeFi stack starts with atomic units of value.

DAI, ETH, lending market tokens (cTokens and aTokens), centrally managed ERC-20 tokens, pegged assets and stablecoins (USDT, USDC, WBTC), and LP shares of AMM pools are mainly used as collateral for derivatives, loans, and leverage in DeFi protocols, and represent the beginning and end of a complete transaction life cycle.

The risks of DAI and Tether are different. The main risk of DAI is that the Maker system collapses and DAI loses its pegged asset. The main risk of Tether is that something bad happens to the bank account that holds the dollars backing USDT. All centralized custody assets like WBTC and USDT are subject to binary risk because their value could plummet if BTC is hacked or the market discovers that Tether's dollars don't actually exist in bank accounts.

Both parties introduce critical risks at the base of the inverted pyramid of the DeFi stack. Whether it’s a bug or a smart contract failure, if any of these atomic units of value falters, any system that leverages them will be affected, no matter how good its code.

Source: Coin Metrics

>>>>Layer 2: Transaction Layer

Being able to mint atomic units of value is not enough. DeFi users, whether human or robot, must be able to conduct on-chain transactions, and this ability is the second layer of the DeFi stack.

As DeFi protocols become more popular, they become part of an increasingly complex DeFi system. DeFi protocols rely on external transactions to run smoothly, including tracking and storing collateral balances, measuring collateral funding ratios, processing oracle prices, executing liquidations, allocating rewards to contributors, issuing margin, etc. These operations consume a lot of gas fees, so sufficient Layer 1 or Layer 2 capabilities are required. Therefore, we identify "transaction processing capabilities" as a core element of the DeFi stack.

While this seems like an inevitable outcome, it is not. Ethereum’s high gas fees illustrate the cost of transactions. Assuming that users and bots cannot trade on-chain, liquidations, margin calls, etc. cannot be processed, creating systemic bankruptcy risks in the entire DeFi ecosystem.

Transaction capacity has been improved in many ways. Projects like Solana are innovating at the Layer 1 level, optimizing throughput, latency, and gas costs to achieve better performance than the status quo (50,000 TPS, sub-second latency, and near-$0 transaction fees). Projects like SKALE, StarkWare, and Optimism are building Layer 2 solutions to scale on Ethereum.

>>>>Layer 3: Price Oracle

On top of the transaction layer, oracle quotes are the foundation of the next infrastructure. The input of secure and verifiable market data is critical to the operation of DeFi protocols. The isolated design of smart contracts based on off-chain data means that centralized oracles may introduce a single point of failure for the entire system.

Oracles enable triggers for higher-level functional modules, such as liquidation. Coinbase, MakerDAO Neutralizer, Chainlink, Band, Tellor, UMA, API3, Compound Open Oracle, and Nes are the nine most popular oracles.

If Chainlink’s price quotes fail or are misreported, loans on Aave or synthetic assets on Synthetix could be inadvertently liquidated, DEX midpoints on Bancor could go off track, and a range of DeFi systems could go from solvent to insolvent in a matter of seconds.

Layers 1, 2, and 3 constitute the core infrastructure of DeFi. On top of this, DeFi entrepreneurs are building a more complex and interoperable financial infrastructure.

>>>>Layer 4: DeFi underlying products

When most people think of yield farming or pure-use DeFi applications, they think of DeFi underlying products. DeFi underlying products include:

1) Loan protocols: Compound, Aave, Cream, bZx, Yield, Notional, Mainframe

2) AMM trading platforms: Curve, Uniswap, Balancer, Bancor, mStable, BlackHoleSwap, DODO, Serum Swap

3) Order book trading platforms: 0x, IDEX, Loopring, DeversiFi, Serum

4) Derivatives trading platforms: MCDEX, Perpetual Protocol, DerivaDEX, Potion, Opyn, Synthetix, dYdX, Pods, Primitive, BarnBridge

5) Asset management platforms: Set, Melon, dHEDGE

These underlying products are considered a network, not a stack, because the products are not necessarily stacked on top of each other in a specific order. Each product can be used independently or in conjunction with other products, whether it is at this layer of the DeFi stack or at a lower layer. To give a few examples:

1) cTokens (Layer 1) are used as collateral in Curve (Layer 4).

2) Users can borrow from Aave and then deposit the asset into Uniswap. Or users can deposit assets into Uniswap and then use Uniswap LP shares as collateral for Aave.

Here are some examples of how DeFi products can leverage Layers 1-3 development:

1) DAI supports all open interests on Augur and is the collateral token for many stablecoin pools on Curve.

2) Aave relies on Chainlink’s oracles to accurately issue and liquidate crypto-backed loans.

3) Lending protocols and non-custodial derivatives protocols (Compound, Aave, etc.) require Keepers to be able to send transactions to liquidate positions. When the Ethereum network is congested, positions with low collateralization rates will be liquidated quickly, as evidenced by the MakerDAO crash on March 12.

>>>>Layer 5: Aggregators

Aggregators are active on top of the underlying DeFi products. This layer consists of supply-side and demand-side aggregators, including:

1) Supply-side aggregators: Yearn Finance, RAY, Idle Finance, APY.Finance, Harvest Finance, Rari Capital

2) Demand-side aggregators: 1inch, DEX.ag, Matcha, Paraswap

3) Aggregator of Aggregators: yAxis

4) New Aggregators: Swivel Finance, Benchmark

Layer 5 protocol aggregators do not custody collateral assets, these products typically provide smart contract construction that enables users to interact with other Ethereum DeFi protocols. Aggregators have surged in popularity because they are good at one thing: making money.

However, investors must consider the risks of this layer of the protocol stack. If any of the underlying product protocols fails, users may lose some or all of their funds. This is because many aggregators such as YFI utilize multiple underlying protocols, so users bear the risks of all the underlying protocols used in turn by the project's treasury.

On the positive side, demand-side DEX aggregators are the safest from this risk as they do not hold funds but simply execute atomic trades within blocks.

>>>>Layer 6: Wallet and Frontend

Wallets and frontends sit on top of all DeFi, here are some examples:

1) Relays: Tokenlon, Dharma, PoolTogether, Guesser

2) Wallets: MetaMask, Math, imToken, Bitpie, Exodus, Trust Wallet

3) DeFi local front-end: DeFi Saver, Zerion, Zapper, Argent, Instadapp

The role of wallets, relayers, and frontends is to improve the user experience of DeFi. They do not compete on financial or technical structure, but on design, customer support, ease of use, localization, etc. Their main business is to acquire users.

We break these projects down by functionality, for example, relayers provide a frontend for a specific protocol (e.g. Guesser is a frontend for Augur, Tokenlon is a decentralized exchange built on 0x). Frontends like Instadapp and Zapper simplify the process of writing smart contract calls across different DeFi underlying products.

02DeFi Risk Management

Today, the risks in the DeFi market are increasing. Arjun Balaji, a partner at Paradigm, gave a brilliant description of this phenomenon in a tweet: "The risks of DeFi are growing exponentially, including contract errors, poor protocol parameterization, on-chain congestion, oracle errors, administrator robot/LP failures, and the composability and leverage of contracts further amplify the risks."

Curve’s sUSD pool is one of the most popular “yield farming” opportunities in recent times, where users deposit one or more stablecoins into the pool and stake their LP tokens on Synthetix’s Mintr platform to receive SNX rewards.

Each stablecoin in the Curve pool has specific risk characteristics (DAI's peg is made up of Maker's governance, oracles, and liquidators, while USDT's value depends on collective trust in Tether's reserves). The construction of the stablecoin pool reduces the impact of a collapse in the value of any one stablecoin on the holders of that coin, while also supporting the peg value of each stablecoin.

However, the collapse of any one stablecoin will still have an adverse impact on the other stablecoins in the pool, which will have an adverse impact on all protocols that rely on this pool (such as the instability of the Synthetix debt pool). This is the double-edged sword of Ethereum's composability, its ease of integration promotes breakthrough innovation, but the risks are multiplied in the lock-in.

Let's take a look at some of the huge potential risks in the DeFi market. There is currently $11.4 billion in value locked in the top DeFi protocols (Uniswap, Compound, Aave, Balancer, Curve, MakerDAO, etc.). Of this $11.4 billion, DAI accounts for 9% of the locked value ($1 billion), USDC accounts for 24% ($2.8 billion), renBTC accounts for 3% ($308 million), and WBTC accounts for 17% ($2 billion). If any stablecoin price deviates from their pegged value, there is likely to be a wave of liquidations, bankruptcies, and price fluctuations.

Source: Dune Analytics

Chainlink provides key functionality for three of the top five synthetic asset platforms ranked by locked asset value. Of these, Synthetix has $126 million in its debt pool, which is based on the price of SNX and all synthetic assets generated (fully collateralized by Chainlink).

Synthetix suffered an oracle attack on June 25, 2020, in which the sKRW (synthetic Korean won) price feed returned an incorrect value, creating an opportunity for arbitrage bots to extract approximately 37 million sETH from the system at a low price (although the attacker eventually returned the funds after negotiation).

Oracle price information can also be manipulated directly by users for personal gain. On February 18, an attacker used a flash loan to drive up the price of sUSD on Uniswap to about $2, providing sUSD collateral to bZx at this inflated valuation in order to borrow about 2,400 ETH and effectively exit the bZx position with no loss of collateral - all in a single transaction. Since then, oracle attacks have increased, including recent attacks on projects such as Harvest and Value DeFi.

Between Synthetix, Aave, and Nexus Mutual alone, Chainlink secures approximately $2.2 billion in value, which, as discussed, is potentially vulnerable to price manipulation attacks.

The last major risk factor is Ethereum on-chain congestion. As we have seen recently with the launch of UNI, Ethereum is still not ready for global-scale trading activities. Several decentralized exchange projects have had to delay their mainnet launches due to increased gas costs. Not only are users faced with high costs to open positions, but the costs of executing key transactions such as recharging collateral and liquidating positions can also be prohibitively high.

03Risk mitigation ideas for DeFi

Layers 1-3 of the DeFi stack affect almost all DeFi projects, so they are the most important when considering risk mitigation.

>>>>Staking Tokens

Most protocols in the DeFi ecosystem use the same assets as collateral. These tokens include DAI and centrally managed assets (USDC, USDT, WBTC, etc.). They also include interest-bearing lending market tokens such as aTokens and cTokens. DeFi developers can protect against collateral risk in several ways.

1) Limiting collateral types (e.g., dYdX only allows USDC to redeem perpetual swap positions, while Maker allows multiple types). The tradeoff is that allowing more types of volatile collateral creates systemic risk for all collateral in the same pool.

2) Only accept transparent and audited stablecoins as collateral (such as USDC and PAX).

3) Introduce collateral types in phases over time, using clear risk parameters for each form of collateral (such as liquidity and market value requirements).

4) Limit collateral concentration and incentivize liquidity providers to add underrepresented collateral (e.g., Curve incentivizes LPs to add DAI to their specific pools now because DAI has low liquidity in the pool).

5) Teams building Layer 3 products can purchase collateral insurance for their users. This will essentially bring insurance to the lower levels of the stack, e.g. dYdX can purchase credit default swaps for its traders with USDC equal to their position exposure. Stablecoin issuers, insurance companies, or decentralized insurance providers (Opyn, Nexus) could potentially become underwriters of swaps.

>>>>Oracle

Oracles are the primary failure and attack vector for nearly all DeFi protocols. As mentioned above, 30% of the top 10 protocols on DeFi Pulse rely on Chainlink, and another 20% utilize the LINK token in some way. If Chainlink fails in some way, a large part of the DeFi ecosystem will collapse.

To reduce oracle risk, project teams can obtain prices and other off-chain data from several oracle providers (Chainlink, MakerDAO medianizer, Band, Coinbase) and then use the median.

If one of the oracles deviates by X% from the rest of the project, it can be ignored (for centralized oracles, FTX ignores prices that are more than 30 basis points away from the median price), which will likely prevent a single oracle from being attacked. Additionally, protocols can use TWAPs or VWAPs to mitigate flash loan attacks.

Additionally, the team can choose to limit the amount by which the oracle price can change within a certain period of time. This can increase security in the event that the oracle price is leaked and manipulated. However, if the price does change significantly and the oracle quote does not change, this can cause serious market distortions that seriously threaten the solvency of the system.

>>> > Trading Capabilities

On March 12, the MakerDAO system went bankrupt and was liquidated due to on-chain congestion, failure to repay some on-chain assets in time, and insufficient collateral. Keepers are network participants in Maker that can bid for liquidation at zero yuan. Due to the increase in gas fee costs, they are unable to trade because the default configuration of the software used by Keepers cannot automatically adjust the gas fee according to network congestion.

With the rise of decentralized derivatives protocols on Ethereum (such as dYdX, Perpetual Protocol, DerivaDEX, MCDEX), trading capabilities will become increasingly important. Imagine if Binance cannot liquidate losing traders, the insurance fund will need to pay huge losses and go bankrupt, directly leading to large-scale automatic deleveraging of the entire exchange.

Source: LoanScan

We have identified some solutions to reduce this risk of being unable to trade, such as migrating to Layer 2 or other scalable solutions (capacity expansion, side chains, other Layer 1, etc.).

1) The more optimistic expansion plan is the backward-compatible EVM, which inherits the security of Layer 1 and can have higher throughput, low latency and lower gas fees, but it takes a long time to implement.

2) Sidechains such as Skale and Matic can quickly be backward compatible with the EVM, have the characteristics of high throughput, low latency, low gas fees, and provide fast deposit/withdrawal functions. They are highly configurable for developers, but they do not inherit the security of Ethereum Layer 1.

3) Layer 1 projects currently in operation, such as Solana, Near, Algorand, Dfinity, and Nervos, are alternative public chains to Ethereum. They generally have higher scalability and lower costs, but if they want to have high collateral like Ethereum, they need more mature foundations and components.

>>> > Create complex collective liquidation robot programs to keep track of funds at all times

1) KeeperDAO is a public liquidity pool that allows token holders to contribute and be rewarded through on-chain liquidation. KeeperDAO works across the entire DeFi ecosystem and runs highly sophisticated and optimized software.

2) Individual teams building underlying products can create their own mini versions of KeeperDAO, for example Mainframe is pooling liquidator collateral for its fixed-rate zero-coupon bond lending system so the protocol doesn’t have to rely on individuals to perform liquidations.

3) On this basis, the team should ensure that they use robots that can quickly liquidate, so as to avoid the crisis that MakerDao encountered on March 12.

>>> > Mining pools can prioritize specific transactions for inclusion in blocks

1. We have been thinking about the possibility of mining pools issuing their own tokens (for simplicity, we call them MPT here). The working principle of MPT can be as follows: when an address with at least 10,000 MPT broadcasts a transaction, the mining software of mining pool X notices this transaction and marks it as a priority transaction (PT). In the next block mined by mining pool X, PT will be listed as the first transaction.

2. DeFi teams themselves can own a large amount of MPT to ensure that their key operation calls (such as oracle price updates, liquidations, margin releases) are prioritized and included in blocks.

3. Spark Pool recently announced that they are testing a network called Taichi. According to Gasnow, Taichi "pushes received transactions directly into the pool's mempool," bypassing the traditional mempool. This concept helped Ethereum researcher samczsun save $9.6 million for Lien Finance users a few weeks ago.

>>> > Miner MEV

The term miner extractable value was first coined by Phil Daian in his seminal research paper, Flash Boy 2.0. The basic idea is that because miners have the ability to review transactions in block order, they can choose to replace arbitrage or liquidation transactions with their own transactions (but with zero or lower transaction fees).

Although this practice is generally considered "evil" and has a negative impact on the stability of the chain, it may actually end up being an effective tool for DeFi risk management. In this case, the profit margins of liquidators and custodians will be zero. But if miners systematically perform MEV on liquidations and arbitrage, they will prevent bankruptcy and price differences across the entire system, because liquidations and arbitrage transactions will always occur.

>>> > Derivatives Position Offset and Cross Margin

If liquidity providers can cross derivatives platforms or cross margin collateral and gain net long and short positions on competing protocols, they can provide more liquidity for every $1 of collateral.

As an example: if an Ethereum address holds 1x long BTC-USD perpetual contract on dYdX and 1x short BTC-USD on MCDEX, these positions could theoretically be netted so that the trader only needs a fraction of the collateral that would be necessary, which would have the added benefit of greatly reducing liquidations. However, given the lack of maturity of these systems both technically and in governance, this is unlikely to happen in the short term.

>>> > Gas tokens such as CHI and GST-2

Gas tokens are an untapped avenue for "scaling". Currently, the total market capitalization of the two major gas tokens, CHI and GST-2, is below $200. What are gas tokens? Gas tokens can store gas for use in later free transactions or as a prepayment for future use of gas.

When gas prices are low, savvy traders will mint them into tokens, then when gas prices rise, traders will redeem gas tokens, saving on transaction fees. We expect DeFi teams to start accumulating gas tokens and use them in their protocols when they need to use built-in liquidation automation during periods of market volatility.

04 Conclusion

Nowadays, the interconnectedness between various DeFi protocols is becoming more and more close, and with it comes more and more complex systemic risks. There are many different DeFi protocols now, but most of them have the following common features.

First, it contains a collateral pool that can be traded or borrowed. Second, in order to avoid systemic bankruptcy of borrowing/lending and derivatives agreements, the oracle feeds prices to the contract. Third, if insolvency occurs, the third-party Keeper can initiate liquidation and make a profit.

Therefore, in this article, we aim to provide a simple framework for thinking about how to manage the three major risks in DeFi, namely, collateral risk, oracle risk, and liquidation risk.

There is currently $13 billion locked in the DeFi market, much of which relies on some underlying products. While some of this value is protected by smart contract insurance providers such as Nexus Mutual and Opyn, there is little protection against economic and congestion failures today.

As the DeFi market matures and more complex underlying products are launched, project teams will need to think more rigorously about how to guard against systemic risk factors.

Institutional players like Genesis and BlockFi, as well as neo-banks like Betterment and Wealthfront, will eventually want to use the permissionless DeFi rails.

When they do, the first question DeFi teams need to face is how they choose to protect themselves from black swan events such as a single oracle failure or blockchain congestion. After all, knowing the answers to these questions in advance may be the difference between winning and losing business in the DeFi industry.