Decentralized Finance (DeFi) has ushered in a new era of financial innovation, promising greater accessibility and autonomy for users. However, as the DeFi ecosystem grows in complexity and scale, so do the associated risks. In this second part of our series on DeFi Risks, we delve into two critical aspects: Governance and Regulatory Risks. These challenges not only test the integrity of DeFi protocols but also raise pertinent questions about their sustainability and compatibility with regulatory frameworks. We explore the vulnerabilities surrounding administrative key abuse, governance attacks, tainted liquidity, and the regulatory uncertainty surrounding pseudo-equities. By comprehensively understanding these risks, stakeholders can make informed decisions and contribute to the ongoing evolution of the DeFi landscape.
Administrative key abuse
Many DeFi protocols have the capability for their administrative teams or other entities to exercise control, such as shutting down, upgrading, or pausing the contract and potentially accessing user funds. However, some protocols, like Uniswap, do not have this control feature and exist as deployed code on Ethereum for users to interact with freely. In addition, while some protocols delegate decision-making power to token holders, voting weight is often proportional to the number of tokens held, which can lead to decision-making power being concentrated in the hands of a small group of insiders and backers. Furthermore, tokens are generally available on the open market, enabling attackers to purchase or borrow tokens to influence a token holder’s vote. Therefore, in projects where token holder votes can impact the contract, many opt to maintain control by restricting the number of tokens available for trading.
As Louis Fed mentions regarding the admin keys, “If the keyholders do not create or store their keys securely, malicious third parties could get their hands on these keys and compromise the smart contract. Alternatively, the core team members may be malicious or corrupted by significant monetary incentives.” To mitigate the risks associated with admin keys, it is common practice to distribute control over key smart contract decisions to a consortium of delegates through a multi-sig setup. Other controls include enforced timelocks on key-related decisions, such as in the case of Yearn, or granting signatories a limited, pre-specified set of powers, as seen in Synthetix.
The prevalence of admin keys in most of the significant active DeFi projects poses several risks, such as key loss, insider theft of deposits, theft through extortion or hacks by external parties, and regulatory pressure. Some projects, like Synthetix, have a precautionary ‘rapid response’ mechanism where contracts can be unilaterally frozen for a period by insiders in the event of a hack or exploit. However, pausing a contract could adversely affect liquidity, despite doing limited harm. As a result, assets held in contracts mediated by admin keys should be viewed as custodial rather than entirely autonomous interactions between users and a protocol. Increasing the number of signatories to a multi-sig key setup only implies that user deposits are held in the custody of a consortium of insiders rather than by a single entity.
The move towards decentralized governance models by blockchain-based projects brings new risks. Despite this, development teams have needed to be faster to delegate real decision-making power over development decisions and system parameters for keys, resulting in few governance attacks being observed so far. However, if regulators were to see past the veil of decentralization erected to obscure the true nexuses of control in DeFi protocols, they would realize that specific development teams have sought to distribute governance power to holders of “governance tokens.” These tokens give their holders a claim, although frequently a diffuse one, on cash flows or fees generated by these systems and provide voting power over system parameters. Typically, these governance tokens have been limited in scope, with token holders needing help to vote to fire the core development team or redirect funding from the core corporate entity or nonprofit managing the system. With token holders becoming more assertive and gaining the ability to act as activist investors, new governance attacks are emerging. Activists may use DeFi systems to benefit token holders at the expense of system users through established extractive mechanisms.
For instance, one hypothetical attack, as proposed by Gudgeon et al. (2020), involves a governance attacker gaining control of the MakerDAO system and diverting capital from the system. In addition, as governance tokens become more readily available for short-term liquidity through flash loans, activists can more easily exploit governance token votes to manipulate system parameters. Following discussions with the Gudgeon-led research team, MakerDAO acknowledged the potential use of flash loans to influence the outcome of governance votes. As a result, the MakerDAO community voted on changes to the system’s risk parameters.
DeFi aims to introduce innovative methods for conducting financial transactions. Digital assets’ cryptographic nature enables increasingly complex schemes for managing custody and transactional workflows. For example, Bitcoin provides a native multi-sig functionality, allowing transactions to specify advanced conditions necessary for an output to be spent. There is a minimum of 900,000 BTC (worth $56 billion as of writing this) held in known multi-sig setups.
As a result, a new category of custodians has emerged that provides key management as a service, allowing individuals and entities engaged in self-custody to benefit from holding their keys while having a recourse option in case of key loss. A prevalent collaborative custody model involves the client holding a key in a “hot wallet,” a third-party custodian holding another key, and a third key held for recovery, with two keys required for a valid transaction.
Participating in collaborative blockchain transactions may expose custodians to regulatory liability from agencies such as the Office of Foreign Asset Control (OFAC). For example, BitGo, a provider of key management services in multi-sig transactions, was sanctioned by OFAC for offering such services to clients in OFAC-sanctioned regions such as Crimea, Cuba, Iran, Sudan, and Syria. Similarly, BitPay, a Bitcoin payment processor, also faced similar charges and settled with OFAC.
DeFi, in its present state, is generally incompatible with such regulations. Because most decentralized contracts do not require user identification beyond a valid blockchain address, centralized compliance is given minimal importance. Products like Uniswap that enable on-chain swaps are merely blockchain contracts that allow users to pool funds and make trades collaboratively with no central intermediary. These “peer-to-pool” systems are structured so that contracts cannot effectively exclude any entity seeking to participate in the pooling, which is open and free to participate in by design.
Uniswap primarily relies on “liquidity providers” who contribute assets to a pool and receive fees in exchange. These providers are not designated entities; anyone can become a liquidity provider by contributing assets to the pool. As of writing, Uniswap v2 had 84,000 active liquidity providers, with 5,400 active providers in the most famous pair, UNI-wETH. Suppose any tainted liquidity, such as that originating from an OFAC-sanctioned party or an illicit source, enters a Uniswap pool. In that case, regular users effectively enter into a financial relationship with these prohibited parties. Unfortunately, the current smart contract deployed by Uniswap does not have any means to whitelist users or give them prior permission. The nature of decentralized finance on public blockchains, like Ethereum, is to facilitate permissionless exchange. However, this open access generally conflicts with anti-money laundering/combating the financing of terrorism (AML/CFT) regulations as they are currently implemented in the U.S.
Pseudo-equities – regulatory uncertainty
Lending, investment trading, and derivative exposure transactions are regulated in traditional financial markets through intermediaries who are registered, licensed, and examined. These intermediaries broker, custody, clear, or otherwise facilitate such transactions. In DeFi, intermediaries are mostly excluded in favor of a transparent code, which presents regulators and policymakers with complex decisions regarding how to regulate transactions (often bilateral) for which there may be no clearly identified party. The regulatory uncertainty surrounding the underlying commercial transactions carried out through DeFi protocols is beyond the scope of this paper. However, this subsection focuses on the regulatory risks inherent in so-called “pseudo-equities.”
Despite the significant regulatory risks of issuing pseudo-equity tokens without complying with securities law, many U.S.-based firms or nonprofits administer DeFi protocols. These entities often finance themselves by issuing tokens representing a claim on some cash flows generated by the system. These tokens are a meaningful financing vehicle for developing DeFi protocols. As of writing, the aggregate market capitalization of tokens in the “decentralized finance” space is $85 billion, with Uniswap, Synthetix, and Compound being the most significant pseudo-equity tokens. Many of these tokens provide token holders with rudimentary governance rights and either implicit or direct claims on cash flows generated through DeFi protocols. None of these tokens are registered as securities and instead circulate on decentralized financial infrastructures like Uniswap (and sometimes on centralized crypto exchanges). If securities regulators considered these tokens unregistered securities and pursued not only their issuers and promoters but also the venues on which they trade, the financing and governance model of these DeFi projects would be significantly impacted.
Additionally, many DeFi protocols subsidize their liquidity by issuing new units of pseudo-equity to end-users. If these tokens were delisted and their liquidity and value decreased, the utility of these subsidized protocols would decrease. These token incentives built into DeFi protocols are similar to Uber compensating drivers for each mile driven with incremental units of Uber equity.
For example, the compensation for supplying USDC to the money-market protocol Compound is 6.71% annualized, supplemented by a 2.15% annualized payout in COMP terms to USDC suppliers. The combination of the two is described as the “net rate” for USDC by Compound. If these incentives were to expire or be withdrawn, interest rates would look much less attractive, reducing the incentive for liquidity providers to put their capital at risk.
The emergence of Decentralized Finance has redefined traditional financial paradigms, providing unparalleled opportunities for global participation. Yet, as we’ve examined in this exploration of Governance and Regulatory Risks, the path to a decentralized financial future is laden with challenges. Administrative key abuse, governance vulnerabilities, tainted liquidity, and regulatory ambiguities underscore the delicate balance between innovation and security. As DeFi protocols strive to navigate these treacherous waters, collaborative efforts between developers, users, and regulators will be essential. By addressing these risks head-on, the DeFi community can lay a solid foundation for a resilient and inclusive financial ecosystem, ensuring that the promise of DeFi is upheld while mitigating potential pitfalls.