Understanding the risks of decentralized finance
Surely, there are risks. But in a world where banks offer 0% rates, it’s worth overcoming preconceptions and continuing to study. In traditional finance, most of the risk arises from the need to trust other people to manage our money.
While many say that DeFi removes trust, it actually replaces trust in individuals, institutions, and legal systems with trust in computer code. If we can trust the code to work as intended, then we can “remove” the trust.
However, unfortunately, it is very difficult to program code with absolute security (even if it is subject to audit). To give you an idea of the accuracy of the program code, this is the number of errors per line of code:
- Industry average: 15-50 errors per 1000 lines of code.
- NASA: 0.1 errors per 1000 lines of code.
Programming is not easy. People make mistakes all the time. And this is where the greatest risk is associated with Ethereum and the decentralized financial ecosystem.
According to the description of the project on Coinmarketrate.com, one of the most famous examples of a code error in Ethereum was the DAO. The way to solve it was very controversial and led to a fork and split between Ethereum and Ethereum Classic.
Some time later, the hack came to Parity, a very popular multi-signature wallet, in which two incidents occurred that led to losses of millions of dollars.
These were the first serious security flaws in the history of Ethereum. Programming logic errors led to the fact that the code did not work properly.
The Age of Oracles
The second major wave of attacks was caused by manipulations with oracles on the network, often committed with the help of flash credits. These attacks were quite difficult to execute. But they had a similar scheme: they temporarily used the system’s price flow to manipulate the protocol’s internal accounting.
The funds were then deposited at a favorable rate and immediately withdrawn in another currency (or, alternatively, in the same currency after the oracle’s normal values were restored).
In some cases, the attack was based on exploiting a vulnerability in the code. But it wasn’t always like that. So, this sparked discussions: was it really a hack or just a smart way to profit from the protocol?
Here are some examples of areas with the most frequent hacks in DeFi.
- Crop financing.
- The DeFi value.
- Protocol of origin.
The Era of Lego Money
In recent years, a significant number of DeFi protocols have been launched that work in combination with each other. The ability to combine is one of the charms of the open finance movement: we can use existing protocols to create new applications.
The problem is that this tends to widen the attack surface.
The third wave of attacks focused on performance aggregation applications built on the basis of other DeFi protocols. These applications are often more vulnerable than the underlying protocols: a small breach in the protection is enough for an attack.
Many protocols are not yet fully decentralized. Thus, risks arise not only because of vulnerabilities in smart contracts, but also because of centralized aspects of protocols.
Perhaps the biggest risk affecting the entire DeFi ecosystem is some kind of fatal flaw in some kind of stablecoin. For example, if the USDT could not maintain its peg to the dollar, or if governments began to require the USDC to confiscate funds.
The lack of parity of MakerDAO DAI can also cause big problems. But, if this happens, it will probably be caused by some vulnerability of economic incentives or risk management.
A widespread failure in one of the major stablecoins would be a disaster for the entire DeFi ecosystem. This is probably the biggest risk the sector faces at this stage of its existence.
In general, the risks of centralization are usually higher in new protocols. In them, development teams often have keys for unilateral contract renewal. In the worst case, all the liquidity entered into the protocol can be stolen.
Before making a contribution to the DeFi protocol, try to understand what actions the creators can take.
Centralization also creates other minor risks in some large DeFi protocols. There is always the possibility of an attack through management. In this case, the group may be acting in collusion to initiate a malicious protocol update.
We haven’t seen such cases on a large scale yet, but they are quite possible. To avoid this, the more diverse and better distributed the protocol token holders are, the better.
Risks of economic stimulus
Another big category is the risks of abandoning economic incentives. Many DeFi protocols experiment with different mechanism designs to stimulate desired user behavior.
Many of these schemes have not been sufficiently tested yet. And some of them are riskier than others. And again, it’s worth thinking about algorithmic stablecoins.
Before you deposit funds into the protocol, do you know how their reward system works?
No matter how it sounds, but DeFi can generously reward those who are willing to take a risk. It’s not just a risk spectrum, against a very large reward. The market is still very inefficient. And this inefficiency is an opportunity for those who are willing to take more risks.
The big plus of DeFi is that it allows us to earn income from our current stocks of stablecoins, BTC or ETH.
In the lower-risk part of the spectrum, we have basic protocols: Delswap, Compound, Aave, MakerDAO and Balancer.
These protocols belong to the more decentralized part of the spectrum. Thus, the risks that affect them are mainly related to smart contracts, economic incentives and potential management attacks.
These protocols have been around for quite some time and contain billions of dollars. This means that they have already been sufficiently tested and have proven their resilience to most of these risks (although the risk of a corporate attack has yet to be tested).
This is probably the best place to start if someone wants to go from a 0% refund to their bank account, to something in the 4-10% range. This is one of the most reliable ways to improve DeFi performance.
In risk management in DeFi, you can learn a lot and write whole books. The main thing for a person who wants to take a risk is to start with the amounts that he can afford to lose, and gradually learn.
Avoid very extreme risks, get insured when you want to take larger positions, and avoid being too exposed to one type of risk or protocol.
DeFi is a journey that requires a lot of individual responsibility. It’s very risky, but the payback is potentially very high. You should manage your risks very well in order to increase the chances of your benefit.