Decentralized Finance (DeFi) does come with its own set of challenges. Despite the promise of interoperability, DeFi has resulted in a concentration of nearly all projects on the Ethereum blockchain, introducing a new type of concentration risk. In the pursuit of removing human involvement and automating processes, new risks have arisen or existing ones have been amplified, such as the difficulty of maintaining code security.
The growth of DeFi will also hinge on its ability to integrate with and coexist with traditional finance, and it will be influenced by how laws and regulations at the national and state levels develop. Perhaps the biggest obstacle is that while the DeFi ecosystem continues to expand, the public infrastructure layer that underlies it (such as Bitcoin or Ethereum) is experiencing growing pains, which are reflected in high fees.
Risk factors in DeFi
The DeFi system is founded on the principle of radical transparency, which allows anyone to view everyone else’s transactions. However, larger entities have found ways to maintain anonymity through the use of popular analytics tools, such as pseudonymity and privacy-enhancing features. This high level of transparency presents a significant potential for eliminating traditional financial intermediaries and automating financial services. However, it also creates ample opportunities for exploitation. DeFi is built on shared, public databases that provide public read access and unrestricted write access, as long as the entity adding an entry in the blockchain pays a sufficient fee. Any user with knowledge of these systems, an internet connection, and enough tokens to pay for fees can deploy a smart contract that any other user can subsequently engage with in a permissionless manner. Smart contracts are software protocols that exist “on-chain” and are publicly available for anyone to engage with, audit, or scrutinize. This open access to smart contracts vastly expands the scope for financial innovation, as developers are not limited by financial institutions requiring permission to access their APIs. However, this also introduces new forms of risk, as there are no required professional or licensing qualifications that restrict who can deploy, manage, or engage with smart contracts.
DeFi practitioners generally aim to eliminate human discretion from financial contracts by encoding the rules of behavior into highly automated, publicly available systems. However, in practice, human involvement still exists. DeFi systems must be deployed, governed, and updated, and may encounter occasional bugs or exploitative interactions with other protocols. Additionally, since they operate on public blockchains, they are vulnerable to similar issues and may require human intervention. Therefore, core DeFi protocols tend to retain some level of human involvement from controlling entities to mitigate risks as they arise. However, this also poses a potential threat to these systems if the administrators themselves are compromised, malicious, or somehow co-opted.
Certain risk factors and exploits in DeFi are comparable to those found in existing financial products, such as market risk and the manipulation of an underlying price to interfere with a derivative, which is one of the most common forms of attack against DeFi protocols. Additionally, some other exploits like frontrunning transactions through fee upping and quant models are also analogous to traditional financial risks. However, other risks are entirely new and unique to DeFi, such as protocol-level reorganizations that invalidate prior transactions, validators reordering transactions to extract value from on-chain marketplaces, and “flash loans” that allow attackers to obtain unlimited free leverage.
DeFi risk factors is categorized here into five groups:
- Interconnections with traditional finance (Paradox of DeFi),
- Governance and regulatory risks,
- Operational risks from blockchains,
- Smart contract-based vulnerabilities,
- Scalability challenges.
However, we here discuss only the interconnections with traditional finance, the others are in the next parts.
Interconnections with traditional finance
- Banks holding reserves backing stablecoins:
DeFi aims to establish a separate and autonomous financial system that is based on code rather than legal enforcement. However, certain key components of the DeFi system still rely on traditional financial market infrastructure in practice. The most important connection between the two systems can be found in stablecoins. Stablecoins are tokens denominated in US dollars that circulate on public blockchains and are theoretically backed by dollars held at financial institutions. Stablecoins are valuable for transactions in DeFi since they bring fiat-denominated collateral into the open transactional context of public blockchains. However, the majority of stablecoins derive their value from underlying dollar instruments, which introduces a reliance on the issuer of the underlying instruments and the financial institution where the dollars are held. In 2021, around $65 billion worth of stablecoins are in circulation on public blockchains, but only approximately $3.1 billion of these are non-redeemable stablecoins that are issued against crypto-native collateral. The rest is entirely dependent on an ongoing bank relationship and the commitment to upholding the redeemability of the underlying instruments.
- High interconnectedness between banks and crypto firms:
Apart from stablecoin banking, only a few banks offer essential services to cryptocurrency companies. Historically, just a small number of US banks, such as Silvergate Bank, Signature Bank, and Metropolitan Community Bank, have actively sought out clients in the DeFi sector. These banks are crucial points of centralization for the crypto industry. A disruption or insolvency in any of these banks would have negative effects on significant portions of the cryptocurrency industry. Silvergate Bank, located in San Diego and chartered by the state of California, is perhaps the bank with the most significant concentration of the crypto industry. Since 2013, the bank has focused on providing banking services to companies operating in the cryptocurrency sector. Its primary product is the Silvergate Exchange Network (SEN), which facilitates real-time USD transfers between its clients, mainly centralized crypto exchanges and institutional investors. The process of obtaining banking services has been so difficult for crypto exchanges and firms that Silvergate has become a crucial link between traditional banking and the digital currency industry. As of the fourth quarter of 2020, Silvergate had $5.5 billion in total assets on its balance sheet and $5.03 billion in cryptocurrency deposits. Its SEN transfer network handled $59.2 billion in intra-bank transfer volume in the same quarter, offering an alternative settlement option for crypto firms looking to settle the USD fiat portion of crypto-fiat trades.
- Retail exposure:
DeFi has started to move beyond a group of high-tech early adopters and is now reaching mainstream consumer fintech applications. Several retail crypto exchanges now act as interfaces for DeFi protocols, reducing the barriers to accessing DeFi and exposing retail users to their advantages and risks. Publicly traded firms now rely on smart contract functionality and may hold user funds. Consumer fintech applications make crypto readily available to retail investors who may not fully comprehend what they are trading. Coinbase, a well-known retail-facing brokerage with 56 million verified users as of their Q1 in 2021 quarterly filing, has started to adopt DeFi and positions itself as an interface to these blockchain protocols.
- Corporate exposure:
Certain corporations are directly acquiring exposure to native cryptocurrencies on their balance sheets, either as an alternative treasury asset, as seen with Microstrategy, Square, or Tesla, or in anticipation of using the tokens to engage directly with the protocol. This indicates that public corporations will be more engaged with these shared infrastructures in the future. For instance, the Chinese smartphone company Meitu Inc. acquired 15,000 ETH, worth $22 million at the time of purchase. As DeFi continues to provide additional transaction modes, companies such as Meitu may be interested in using these DeFi networks directly. These corporate entities must evaluate their risk exposure to a protocol’s smart contracts and underlying cryptocurrency and blockchain, as discussed below. Furthermore, they must consider how they may pass on these risks to their customers and business partners.
Case study of MakerDAO
Despite claims of being completely decentralized, some stablecoins have still introduced vulnerabilities. One example is the MakerDAO system, which allows users to generate dollar-backed tokens (called “Dai”) automatically by pledging a basket of other assets that exceed the value of the tokens. The purpose of this system is to shield the tokens from the traditional financial system and reduce the likelihood of any potential weaknesses. There are some risks as follows:
- Market risk in stablecoins underlying reserves
In November 2019, MakerDAO launched an upgraded form of Dai, called “multi-collateral Dai,” that was supported by “non-native” collateral to handle ether’s market volatility (ETH). Initially, all Dai was issued in an overcollateralized manner against ether. Collateralizing against ether made the MakerDAO system less reliant on traditional finance and more resistant to third-party liabilities, making it more durable and resilient. Since ether has no liability and its value is entirely market-driven, it may be more suitable to back assets such as Dai as long as downside volatility is controlled.
In November 2019, MakerDAO introduced a new version of Dai called “multi-collateral Dai” to manage market volatility of ether. Previously, all Dai were backed solely by the cryptocurrency ether, which was considered more robust and resilient since it is not a liability of any third party. However, the new version of Dai allowed users to diversify the collateral backing Dai with other cryptocurrencies, such as USDC, USDT, WBTC, and BAT, which introduced new risks. These new collateral types are not liability-free like ether, as they can be frozen by the entities administering the stablecoin systems. For instance, if the USDC governing consortium were to freeze the USDC held in MakerDAO’s reserve, the dollar peg of Dai could be compromised. The presence of liability-laden collateral in purely crypto-economic systems like Maker/Dai injects potential for interference through regulatory oversight, commercial bank policy, or direct action from the stablecoin issuer itself.
- Risk in sources of market illiquidity
The standard fiat-backed stablecoins play a significant role in providing liquidity for major DeFi protocols. The top five protocols, namely MakerDAO, Curve, Uniswap, Aave, and Compound, hold $3.818 billion in USDC and $1.06 billion in Tether (USDT) deposits, which account for 42% of outstanding USDC and 5.2% of outstanding USDT on Ethereum. USDC and USDT are crucial sources of liquidity for these protocols, with USDC representing 19.5% of collateral on the lending protocol Compound and the USDC-ETH pair being the second-most liquid pair on the decentralized exchange Uniswap. However, these stablecoins are exposed to the failure of the banks holding collateral reserves backing them, which has historically been questionable, as evidenced by the settlement agreement between Tether and the New York Attorney General’s office. The insolvency of a bank, regulatory action, or issuer failure could impair the collateral and liquidity supporting these DeFi systems, causing the stablecoins in question to trade at a discount to par, as has happened during confidence crises.