DeFi apps depend on public blockchains to execute transactions and resolve contracts. Ethereum is currently the most popular base layer for DeFi, with approximately $46 billion in collateral used in its smart contracts. Other blockchains are also hosting DeFi apps and attempting to compete with Ethereum. However, the smooth operation of these apps relies on the proper functioning of the base layer blockchains, which cannot always be guaranteed. As a result, parties engaging in transactions must assume new risks that do not exist in traditional finance, where messaging and settlement systems are governed by centralized entities such as SWIFT or the Federal Reserve. Public blockchains are primarily decentralized, and validators are compensated for processing transactions. The responsibility for evaluating the risks of using these systems falls on the end users, applications, and new types of intermediaries involved in DeFi systems.
Creating, verifying, and sharing blocks of transactions across decentralized ledgers, known as consensus, is only sometimes guaranteed on these blockchains. Although the biggest and most reliable blockchains, like Bitcoin and Ethereum, rarely experience outages, there have been instances where outages occurred. In 2010 and 2013, Bitcoin experienced two major “rollbacks” where many blocks and transactions were not recorded or were reversed. This caused around 15 hours of transactions to be removed during those two events.
It can be argued that Ethereum is more susceptible to outages compared to other blockchains because many of its users do not run their nodes. Instead, they rely on service providers such as Infura to access and interact with the blockchain by broadcasting transactions and indexing it. This means that when these service providers experience downtime, as was seen during an unplanned chain split in 2020, transactions that rely on them as intermediaries come to a halt.
Underlying protocol interventions
Despite being based on decentralized rules, blockchains can still be affected by human politics since it is humans who establish their governing protocols. One famous example of this occurred in 2016 when Ethereum’s leadership chose to selectively remove certain balances from the blockchain following a significant hack and exploit of an extensive DeFi application called “DAO.” The Ethereum leadership believed that intervention was necessary due to a large amount of ether locked in the flawed DAO contract. However, some members of the Ethereum community opposed the arbitrary changes and supported the original Ethereum chain. As a result, a hard fork occurred in the blockchain, leading to two versions of Ethereum (with the original, but less widely adopted, version later being known as “Ethereum Classic”).
This is an example where a contract failure has had a direct impact on the underlying blockchain protocol, highlighting that specific large applications can have a systemic effect on protocol politics. At the time of the hack, The DAO contract represented 15% of the total outstanding ether. Although Ethereum’s leadership did not intervene following subsequent hacks or failures, they could take action at the blockchain level if another popular contract with a similar threshold of ether was breached. In the case of The DAO, Ethereum’s switch to Proof of Stake was used as justification for rolling back the hack, which would have given a potentially malicious actor a significant role in the network’s future under the new regime. However, other bugs or exploits that are less critical have not met the threshold for a rollback, even when those affected have lobbied Ethereum’s leadership.
Proof of Work (PoW) consensus failures
On smaller blockchains, miners may exploit vulnerabilities if they feel they are not sufficiently rewarded. When miners acquire enough hash power, they can coordinate consensus attacks, including reorganization attacks or “51 percent attacks.” In these types of attacks, validators use their privileged access to transaction ordering to extract value from the blockchain. These types of consensus attacks typically occur on Proof of Work (PoW) blockchains because they provide relatively low compensation thresholds to miners, making it economically feasible for them to launch these types of attacks. Often, these attacks occur when general-purpose computing hardware is available, which can be borrowed or rented.
In early 2021, validators on the Verge blockchain conducted a rollback that invalidated several months’ worth of transactions, resulting in a loss of 200 days’ worth of data. These rollbacks can be used to exclude certain transactions, including deposits credited by an exchange, which can mislead merchants or crypto exchanges into believing that a valid deposit has been made, but is ultimately excluded from the ledger. The Ethereum Classic and Bitcoin Gold blockchains have experienced multiple protocol-level attacks that have been used to defraud crypto exchanges successfully. Since DeFi applications rely on base-layer blockchains to settle and clear transactions, the entire application stack is compromised when the underlying blockchain fails.
Miner extractable value (MEV)
However, the rollback of blocks or 51 percent attacks is just one type of validator-based exploitation known as the Miner Extractable Value (MEV). MEV was introduced by researchers Daian et al. (2019) and referred to the value that validators or third parties can extract from transacting users using techniques like frontrunning or selectively reordering transactions. The transparency of Ethereum transactions, their usefulness in on-chain exchanges, and the ability to gain priority by outbidding other users or reordering transactions as a miner makes MEV possible. MEV can be compared to a hedge fund that pays for order flow to trade against the retail flow.
As transaction complexity increases, more opportunities for frontrunning and risk-free arbitrage arise. As a result, the majority of MEV occurs on Ethereum, primarily concerning transactions on automated market maker (AMM) exchanges where users can easily swap assets by interacting with liquidity pools. While AMMs offer guaranteed liquidity, their potential cost may be less efficient execution. According to Flashbots.net, validators or arbitrage bots have harvested a minimum of $369 million worth of MEV since January 2020. This results in a net drag on users, who end up funding the MEV through slippage on their trades. Essentially, MEV is similar to a rake at a casino.
MEV is generally considered to be inherent to blockchains like Ethereum, where transactions on decentralized exchanges (DEXs), including those that use Automated Market Makers (AMMs) such as Uniswap, are transparent. However, if frontrunning activities materially affect users’ transactional experience, it could raise doubts about the logic of transparent DeFi. While some experts believe that MEV provides an alternative subsidy to miners or validators, which allows blockchains to operate at a lower level of issuance or fees, researchers Qin, Zhou, and Gervais have pointed out how aggressively MEV could threaten consensus. According to their research, “the biggest danger lies in the willingness of miners to extract and compete over MEV, which would increase the stale block rate and consequently aggravate the risks of double-spending and selfish mining.” Stale blocks and double spending can reduce the predictability of the base layer, introduce uncertainty into settlement finality, and weaken the assurances of crypto-economic protocols.
Non-PoW (Proof of Work) blockchains are not necessarily immune to protocol interventions at the validator level. Proof of Stake (PoS) is a popular alternative to PoW, where the ability to create blocks and exert political power over the network depends on the number of tokens held. In some network setups, the number of validator slots is fixed, creating strong incentives for validators to consolidate power and cartel. In Proof of Stake blockchains like EOS, where there are only 21 slots for validators, validators are often rewarded with fees or new tokens, leading to the consolidation of power through vote-buying. Such measures enable validators to consolidate power, giving them eventual control over which transactions make it into the final ledger. If the number of validators is fixed and competition for block space is eliminated, the censorship-resistant properties of the protocol could be at risk.
DeFi operates under the assumption that the underlying financial infrastructure is neutral and unstoppable. Therefore, the concentration of power in validators presents a significant threat. An example of a validator collision occurred on the STEEM network, where STEEM coins belonging to blockchain entrepreneur Justin Sun were frozen after validators suspected that he intended to take over the network. The validators, operating in a private Slack group, orchestrated a plan, executed a software upgrade on the blockchain, and froze the Tron Foundation CEO’s funds through a simple majority vote that passed 19 to 1.
In response to the validator collusion on the STEEM network, Sun enlisted custodial exchanges, which held large portions of the STEEM supply on behalf of users, to use their user deposits to vote in his favor and overturn the validators’ actions. This illustrates how large cryptocurrency custodians and deposit-taking institutions can play crucial roles as kingmakers in Proof of Stake systems. As Ethereum, the largest DeFi platform, plans to transition to Proof of Stake, custodians holding significant amounts of ether will have considerable control over the network and may be able to influence network outcomes. So far, crypto exchanges have not typically abstained from protocol interventions. Instead, they act as principals rather than agents when using client funds for on-chain votes.
DeFi applications built on blockchain protocols are susceptible to catastrophic protocol vulnerabilities. One such risk is inflation bugs, which result in the inflation of the coin supply beyond the expected or pre-agreed schedule. When coins minted in excess of the defined schedule start to circulate, recipients of these new coins have a strong disincentive to roll back the chain and undo the unexpected inflation. Inflation bugs have been common and have affected many of the largest blockchain protocols, and in some cases, they have not been entirely resolved. Several blockchains that have experienced significant inflation bugs that were exploited include Bitcoin, Bitcoin Private, and Stellar, as well as many other lesser-known cases.
Some networks, such as Zcash and Monero, have faced potential inflation bugs, but there is no known evidence that they were exploited. This threat is particularly worrisome when privacy-focused chains are concerned, as inflation is more difficult to detect on opaque blockchains. Another vulnerability in Bitcoin was fixed in 2018 and could have resulted in unexpected inflation, but it was not exploited. Since DeFi protocols are highly automated, operate continuously, and have minimal or no human oversight, inflation bugs on the underlying native protocols can destabilize DeFi applications significantly. Inflation bugs are among the most severe threats to blockchains, and remediation often requires halting or rolling back the blockchain, which would impair the assurances of any smart contracts that depend on the underlying blockchain. Recently, Kava, a DeFi-focused blockchain, was halted to address a bug that was significantly overpaying planned distributions (known as “yield farming”).
In summary, operational risks in DeFi stemming from blockchain operations are a critical concern. They encompass consensus failures, protocol interventions, PoW vulnerabilities, MEV exploitation, validator cartels, and inflation bugs. DeFi participants must be vigilant in understanding and mitigating these risks to ensure the security and resilience of the decentralized financial ecosystem.