Multicoin Capital: Three Major Risks in the DeFi Market and Eight Solutions

This article was published on November 27, 2020, on the Multicoin Capital website and organized by Chain Catcher. The authors are Multicoin Capital partners Spencer Applebaum / partner Matt Shapiro and analyst Shayon Sengupta.

The development of DeFi has been catalyzed by liquidity mining. Nowadays, users can provide liquidity to AMMs (Bancor, Curve, Uniswap), lend assets on lending market protocols (Compound, Aave, and Cream), or deposit tokens through yield optimization protocols (Yearn Finance, Harvest Finance, etc.) to earn attractive returns.

This is partly determined by the composability between various protocols. Jesse Walden, founder of Variant Fund, defines composability as: "If the existing resources of a platform can be used as components and programmed into higher-order applications, then that platform is composable. Composability is important because it allows developers to do more with less, which in turn can lead to faster and more compound innovation."

In fact, today’s DeFi users can use ETH as collateral, then create DAI, circulate it through Tornado.Cash, exchange it for USDC on Curve, and bet on election contracts on Polymarket, which is an astonishing scenario. The network effects of the DeFi ecosystem are very powerful; however, this compound innovation is not without risks.

Specifically for DeFi, risks can increase with the complexity of innovation. In this article, we will explore the dependencies within the entire DeFi ecosystem and how several key layers support the entire ecosystem. If any one of these layers encounters a problem, DeFi as a whole could collapse.

To understand the risks that investors take on through "yield farming," the only effective way is to understand the dependencies hidden within the DeFi stack and derive potential risks from them. To do this, one must understand the layers within the DeFi stack.

To better understand these risks and dependencies, we divide the DeFi stack into six different layers:

1. Deconstructing the DeFi Stack

>>>> Layer 1: Atomic Value Units

The first layer of the DeFi stack starts with atomic value units.

DAI, ETH, lending market tokens (cTokens and aTokens), centralized custodial ERC-20 tokens, pegged assets, and stablecoins (USDT, USDC, WBTC), as well as LP shares in AMM pools, primarily serve as collateral applications for derivatives, loans, and leverage in DeFi protocols, representing the beginning and end of a complete transaction lifecycle.

The risks of DAI and Tether are different. The main risk of DAI is the collapse of the Maker system, which would cause DAI to lose its pegged asset. The main risk of Tether is adverse events affecting the bank accounts holding the dollars backing USDT. All centralized custodial assets like WBTC and USDT face binary risks because if BTC is hacked or the market discovers that Tether's dollars do not actually exist in the bank accounts, their value could plummet.

Both introduce critical risks at the bottom of this inverted pyramid of the DeFi stack. Whether due to bugs or smart contract failures, if any atomic value unit is destabilized, any system utilizing them will be affected, regardless of how good its code is.

Source: Coin Metrics

>>>> Layer 2: Transaction Layer

Simply being able to mint atomic value units is not enough. Whether human or robot, DeFi users must be able to transact on-chain, which is the second layer of the DeFi stack.

As DeFi protocols have become more popular, they have become part of increasingly complex DeFi systems. DeFi protocols rely on external transactions to operate smoothly, including tracking and storing collateral balances, measuring collateralization ratios, processing oracle prices, executing liquidations, allocating rewards to contributors, and issuing margin calls. These operations consume a significant amount of gas fees, thus requiring sufficient Layer 1 or Layer 2 capacity. Therefore, we identify "transaction processing capability" as a core element of the DeFi stack.

While this seems like an inevitable outcome, it is not. The high gas fees on Ethereum illustrate the cost of transactions; if users and bots cannot transact on-chain, liquidations, margin calls, and other critical operations cannot be processed, leading to systemic bankruptcy risks across the entire DeFi ecosystem.

Transaction capacity has been enhanced in many ways. Projects like Solana are innovating at the Layer 1 level, optimizing throughput, latency, and gas fee costs to achieve better performance than the current state (50,000 TPS, sub-second latency, and near-zero transaction fees). Projects like SKALE, StarkWare, and Optimism are building Layer 2 solutions to scale on Ethereum.

>>>> Layer 3: Price Oracles

Building on the transaction layer, oracle pricing is the foundation of the next infrastructure. The input of secure and verifiable market data is crucial for the operation of DeFi protocols. The isolated design of smart contracts based on off-chain data means that centralized oracles can introduce a single point of failure for the entire system.

Oracles enable higher-order functional modules to trigger events, such as liquidations. The nine most popular oracles currently are Coinbase, MakerDAO's liquidator, Chainlink, Band, Tellor, UMA, API3, Compound Open Oracle, and Nes.

If Chainlink's price quotes fail or misreport, loans on Aave or synthetic assets on Synthetix could be unintentionally liquidated, and the mid-price on Bancor could go off track, causing a series of DeFi systems to shift from solvent to insolvent within seconds.

Layers 1, 2, and 3 form the core infrastructure of DeFi. On top of this, DeFi entrepreneurs are building more complex and interoperable financial infrastructures.

>>>> Layer 4: DeFi Underlying Products

When most people think of "yield farming" or purely utilitarian DeFi applications, they think of DeFi underlying products. DeFi underlying products include:

1) Lending protocols: Compound, Aave, Cream, bZx, Yield, Notional, Mainframe

2) AMM trading platforms: Curve, Uniswap, Balancer, Bancor, mStable, BlackHoleSwap, DODO, Serum Swap

3) Order book trading platforms: 0x, IDEX, Loopring, DeversiFi, Serum

4) Derivatives trading platforms: MCDEX, Perpetual Protocol, DerivaDEX, Potion, Opyn, Synthetix, dYdX, Pods, Primitive, BarnBridge

5) Asset management platforms: Set, Melon, dHEDGE

These underlying products are considered a network rather than a stack because these products do not necessarily stack on top of each other in a specific order. Each product can be used independently or in conjunction with others, whether it is at this layer of the DeFi stack or at a lower layer. Here are a few examples:

1) cToken (Layer 1) is used as collateral in Curve (Layer 4).

2) Users can borrow from Aave and then deposit that asset into Uniswap. Alternatively, users can deposit assets into Uniswap and then use Uniswap LP shares as collateral for Aave.

Here are some examples of how DeFi underlying products utilize Layers 1-3:

1) DAI supports all open positions on Augur and is the collateral token for many stablecoin pools on Curve.

2) Aave relies on Chainlink's oracles to accurately issue and liquidate crypto-backed loans.

3) Lending protocols and non-custodial derivatives protocols (Compound, Aave, etc.) require Keepers to send transactions to liquidate positions. When the Ethereum network is congested, under-collateralized positions can be quickly liquidated, as evidenced by the MakerDAO incident during the 312 crash.

>>>> Layer 5: Aggregators

Aggregators operate above the DeFi underlying products. This layer consists of supply-side and demand-side aggregators, including:

1) Supply-side aggregators: Yearn Finance, RAY, Idle Finance, APY.Finance, Harvest Finance, Rari Capital

2) Demand-side aggregators: 1inch, DEX.ag, Matcha, Paraswap

3) Aggregators of aggregators: yAxis

4) New type aggregators: Swivel Finance, Benchmark

Layer 5 protocol aggregators do not custody collateral assets; these products typically provide smart contract building that allows users to interact with other Ethereum DeFi protocols. Aggregators have surged in popularity because they excel at one thing: making money.

However, investors must consider the risks of this layer of the protocol stack. If any underlying product protocol fails, users may lose part or all of their funds, as many aggregators like YFI leverage multiple underlying protocols, so users bear the risks of all underlying protocols that the project's treasury rotates through.

On the positive side, demand-side DEX aggregators are the safest, as they do not hold funds but merely execute atomic trades within blocks.

>>>> Layer 6: Wallets and Frontends

Wallets and frontends sit atop all of DeFi, with some examples being:

1) Relayers: Tokenlon, Dharma, PoolTogether, Guesser

2) Wallets: MetaMask, Math, imToken, Bitpie, Exodus, Trust Wallet

3) DeFi native frontends: DeFi Saver, Zerion, Zapper, Argent, Instadapp

The role of wallets, relayers, and frontends is to enhance the user experience of DeFi. They do not compete on financial or technical constructs but rather on design, customer support, usability, localization, and other aspects. Their main business is to acquire users.

We categorize these projects by function; for example, relayers provide frontends for specific protocols (e.g., Guesser is the frontend for Augur, Tokenlon is a decentralized exchange based on 0x). Frontends like Instadapp and Zapper simplify the process of writing smart contract calls across different DeFi underlying products.

2. DeFi Risk Management

The risks in today’s DeFi market are increasing. Paradigm partner Arjun Balaji succinctly described this phenomenon in a tweet: "The risks in DeFi are multiplying, including contract bugs, poorly parameterized protocols, on-chain congestion, oracle errors, admin bot/LP failures, and the composability and leverage of contracts further amplify the risks."

Curve's sUSD pool is one of the most popular "yield farming" opportunities recently, where users deposit one or more stablecoins into the pool and stake their LP tokens on Synthetix's Mintr platform to earn SNX rewards.

Each stablecoin in the Curve pool has specific risk characteristics (the peg of DAI is maintained by Maker's governance, oracles, and liquidators, while the value of USDT relies on collective trust in Tether's reserves). The construction of stablecoin pools mitigates the impact of any single stablecoin's value collapse on its holders while supporting the pegged value of each stablecoin.

However, the collapse of any single stablecoin would still adversely affect the other stablecoins in the pool, which would negatively impact all protocols relying on this pool (e.g., the instability of Synthetix's debt pool). This is the double-edged sword of Ethereum's composability, where ease of integration fosters breakthrough innovation, but risks multiply in the lock-up.

Let’s take a look at some significant potential risks in the DeFi market. Currently, there is $11.4 billion in value locked in leading DeFi protocols (Uniswap, Compound, Aave, Balancer, Curve, and MakerDAO, etc.). Of this $11.4 billion, DAI accounts for 9% of the locked value ($1 billion), USDC accounts for 24% ($2.8 billion), renBTC accounts for 3% ($308 million), and WBTC accounts for 17% ($2 billion). If any stablecoin's price deviates from its pegged value, it could trigger a wave of liquidations, bankruptcies, and price fluctuations.

Source: Dune Analytics

Among the five largest synthetic asset platforms ranked by locked asset value, Chainlink provides critical functionality for three of them. Among these, Synthetix's debt pool has $126 million, which is based on the price of SNX and all generated synthetic assets (fully collateralized by Chainlink).

Synthetix suffered an oracle attack on June 25, 2020, where the price feed for sKRW (synthetic Korean won) returned incorrect values, creating an opportunity for arbitrage bots to extract approximately $37 million in sETH from the system (though the attacker ultimately returned the funds after negotiations).

Oracle price information can also be directly manipulated by users for personal gain. On February 18 of this year, an attacker used a flash loan to inflate the price of sUSD on Uniswap to about $2, using this inflated valuation to provide sUSD collateral to bZx to borrow approximately 2,400 ETH and effectively exit the bZx position without losing collateral—all accomplished in a single transaction. Since then, there has been an increase in oracle attacks, including recent attacks on Harvest, Value DeFi, and others.

Between Synthetix, Aave, and Nexus Mutual alone, Chainlink has guaranteed approximately $2.2 billion in value, which, as discussed, is potentially vulnerable to price manipulation attacks.

The final major risk factor is on-chain congestion on Ethereum. As we recently saw with the launch of UNI, Ethereum is still not prepared for global-scale trading activity. Several decentralized exchange projects have had to delay their mainnet launches due to increased gas fee costs. Users face not only high costs to open positions but also prohibitive costs to execute critical transactions like depositing collateral and liquidating positions.

3. DeFi Risk Mitigation Strategies

Layers 1-3 of the DeFi stack impact nearly all DeFi projects, making them the most important when considering risk mitigation.

>>>> Collateral Tokens

Most protocols in the DeFi ecosystem use the same assets as collateral. These tokens include DAI and centralized custodial assets (USDC, USDT, WBTC, etc.). They also include interest-bearing lending market tokens like aTokens and cTokens. DeFi developers can mitigate collateral risks in several ways.

1) Limit the types of collateral (e.g., dYdX only allows USDC to be exchanged for perpetual swap positions, while Maker allows multiple types). The trade-off is that allowing more types of volatile collateral can create systemic risks for all collateral in the same pool.

2) Only accept transparent and audited stablecoins as collateral (like USDC and PAX).

3) Use explicit risk parameters for each type of collateral (such as liquidity and market cap requirements) and gradually introduce collateral types over time.

4) Limit collateral concentration and incentivize liquidity providers to increase underrepresented collateral (e.g., Curve incentivizes LPs to add DAI in its specific pool due to low liquidity of DAI in the pool).

5) Teams building Layer 3 underlying products can purchase collateral insurance for their users. This would essentially bring insurance to the lower layers of the stack; for example, dYdX could purchase credit default swap products with USDC to cover its traders' exposure to position risk. Stablecoin issuers, insurance companies, or decentralized insurance providers (Opyn, Nexus) could potentially become underwriters for these swap products.

>>>> Oracles

Oracles are a primary failure and attack vector for nearly all DeFi protocols. As mentioned, 30% of the top ten protocols on DeFi Pulse rely on Chainlink, and another 20% utilize LINK tokens in some way. If Chainlink were to fail in some capacity, a significant portion of DeFi's ecosystem could collapse.

To reduce oracle risks, project teams can source prices and other off-chain data from several oracle providers (Chainlink, MakerDAO medianizer, Band, Coinbase) and then use the median.

If one oracle's quote deviates from others by X%, it can be disregarded (for centralized oracles, FTX disregarded prices that deviated from the median by over 30 basis points), which could potentially prevent a single oracle from being attacked. Additionally, protocols can use TWAPs or VWAPs to mitigate flash loan attacks.

Furthermore, teams can choose to limit the price fluctuations of oracles within a certain timeframe. This can increase security in cases where oracle prices are leaked and manipulated. However, if prices do fluctuate significantly while oracle quotes do not change, it could lead to severe market distortions, threatening the system's solvency.

>>> >Transaction Capability

On March 12, the MakerDAO system was liquidated due to on-chain congestion, where some on-chain assets failed to repay in time and were under-collateralized. Keepers are network participants in Maker who can bid to liquidate positions for zero fees, but due to rising gas costs, they were unable to transact because the software configuration used by Keepers did not automatically adjust gas fees based on network congestion.

As decentralized derivatives protocols (like dYdX, Perpetual Protocol, DerivaDEX, MCDEX) rise on Ethereum, transaction capability will become increasingly important. Imagine if Binance could not liquidate losing traders; the insurance fund would need to cover massive losses, leading to a large-scale deleveraging of the entire exchange.

Source: LoanScan

We have identified several solutions to reduce this risk of being unable to transact, such as migrating to Layer 2 or other scalable solutions (scaling, sidechains, other Layer 1s, etc.).

1) The most optimistic scaling solutions are backward-compatible EVMs, which inherit the security of Layer 1 while achieving higher throughput, low latency, and lower gas fees, but they take a long time to implement.

2) Sidechains like Skale and Matic can quickly become backward-compatible with EVMs, featuring high throughput, low latency, and low gas fees, and providing fast deposit/withdrawal capabilities, making them highly configurable for developers, but they do not inherit the security of Ethereum's Layer 1.

3) Running Layer 1 projects like Solana, Near, Algorand, Dfinity, and Nervos are alternative public chains to Ethereum, often featuring higher scalability and lower costs, but they require more mature foundations and components to achieve high collateralization like Ethereum.

>>> >Create complex liquidation bot programs to keep funds in check

1) KeeperDAO is a public liquidity pool that allows token holders to contribute and earn rewards through on-chain liquidations. KeeperDAO operates across the entire DeFi ecosystem and runs highly complex and optimized software.

2) Teams building underlying products can create their own mini KeeperDAOs; for example, Mainframe is gathering liquidator collateral for its fixed-rate zero-interest bond lending system, so the protocol does not have to rely on individuals to execute liquidations.

3) On this basis, teams should ensure they use bots that can liquidate quickly to avoid the crisis faced by MakerDAO during the 312 incident.

>>> >Mining pools can prioritize specific transactions for inclusion in blocks

1. We have been considering the possibility of mining pools issuing their own tokens (for simplicity, we will refer to this as MPT here). The way MPT works could be as follows: when an address with at least 10,000 MPT broadcasts a transaction, the mining software of pool X notices this transaction and marks it as a priority transaction (PT). In the next block mined by pool X, PT will be listed as the first transaction.

2. The DeFi team itself can hold a large amount of MPT to ensure that their critical operational calls (such as oracle price updates, liquidations, margin calls) are prioritized and included in blocks.

3. Spark Pool recently announced that they are testing a network called Taichi. According to Gasnow, Taichi "pushes transactions received directly into the mining pool's mempool," bypassing the traditional mempool. This concept helped Ethereum researcher samczsun save $9.6 million for Lien Finance users a few weeks ago.

>>> >Miner Extractable Value (MEV)

The term miner extractable value was first introduced by Phil Daian in his groundbreaking research paper "Flash Boys 2.0." The basic idea is that miners have the ability to review transactions in the order of blocks, allowing them to choose to replace arbitrage or liquidation transactions with their own transactions (but with zero or lower transaction fees).

While this practice is generally considered "evil" and negatively impacts on-chain stability, it could ultimately become an effective tool for DeFi risk management. In this case, the profit margins for liquidators and custodians would drop to zero. However, if miners systematically engage in MEV for liquidations and arbitrage, they would prevent the entire system from bankruptcy and price discrepancies, as liquidations and arbitrage transactions will always occur.

>>> >Offsetting derivative positions and cross-margining

If liquidity providers can cross-margin across derivative platforms or collateral types and obtain net long and short positions on competitive protocols, they can provide more liquidity for every $1 of collateral.

For example: if an Ethereum address holds a 1x long BTC-USD perpetual contract on dYdX and a 1x short BTC-USD position on MCDEX, these positions could theoretically be netted, allowing the trader to require only a small portion of collateral, which is necessary, and this would have the added benefit of greatly reducing liquidation amounts. However, given the lack of maturity in both the technical and governance aspects of these systems, this is unlikely to happen in the short term.

>>> >Gas tokens, such as CHI and GST-2

Gas tokens are an undeveloped "scalable" avenue. Currently, the total market cap of the two main gas tokens, CHI and GST-2, is below $200. What are gas tokens? Gas tokens can store gas for later free transactions or serve as prepaid gas for future use.

When gas prices are low, savvy traders mint them as tokens, and when gas prices rise, traders redeem gas tokens to save on transaction fees. We expect DeFi teams to start accumulating gas tokens and use them in their protocols when they need to utilize built-in liquidation automation during market volatility.

4. Conclusion

The interconnections between various DeFi protocols are becoming increasingly tight, leading to more complex systemic risks. There are now many different DeFi protocols, yet most share the following commonalities.

First, they contain collateral pools that can be traded or lent; second, oracles feed prices to contracts to avoid systemic bankruptcies in lending/borrowing and derivatives protocols; third, if insolvency occurs, third-party Keepers can initiate liquidations to earn profits.

Thus, in this article, we aim to provide a simple framework for thinking about how to manage the three major risks in DeFi: collateral risk, oracle risk, and liquidation risk.

Currently, $13 billion in funds are locked in the DeFi market, with many of these funds relying on some underlying products. While some of this value is protected by smart contract insurance providers like Nexus Mutual and Opyn, there is currently almost no protection against economic and congestion failures.

As the DeFi market matures and more complex underlying products are launched, project teams will need to think more rigorously about how to guard against systemic risk factors.

Institutional participants like Genesis and BlockFi, as well as new banks like Betterment and Wealthfront, will ultimately seek to use permissionless DeFi rails.

When they do, the first question DeFi teams need to face is how to choose to protect themselves from black swan events (such as a single oracle failure or blockchain congestion), as having the answers to these questions in advance could be the difference between winning and losing business in the DeFi industry.

Original link: https://multicoin.capital/2020/11/24/the-defi-stack/