Multicoin Capital’s latest research: 3 major risks in the DeFi market and 8 solutions (www.blockcast.cc)

Authors | Spencer Applebaum, Matt Shapiro, Shayon Sengupta

Translation | Wang Dashu, Gong Quanyu

In the past year, the Ethereum DeFi ecosystem has exploded. The amount of locked-up funds has exceeded 14 billion U.S. dollars, which is more than 20 times more than last year. At the same time, the hidden risks are exploding at an accelerated rate.

The well-known venture capital firm Multicoin Capital released the latest blog titled “The DeFi Stack” on its official website on November 24. The authors include the agency’s partner Spencer Applebaum and partner Matt Shapiro and analyst Shayon Sengupta.

In this article, Multicoin Capital analyzes the current basic structure of the DeFi industry and provides readers with a framework to think about how to manage the three major risks in DeFi, including collateral risk, oracle risk, liquidation risk , and how to deal with these risks. Eight solutions are of great reference value in the DeFi industry where security accidents frequently occur. In view of this, the chain catcher translated the article and made adjustments and deletions that did not affect the original intention.

The following is the full text:

The development of DeFi has benefited from the catalysis of liquidity mining . Now users only need to provide liquidity to AMM (Bancor, Curve, Uniswap), lend assets on loan market agreements (Compound, Aave, and Cream), or optimize the yield Agreements (Yearn Finance, Harvest Finance, etc.) deposit tokens, you can get attractive benefits.

To a certain extent, this is determined by the combinability between the protocols. Jesse Walden, the founder of Variant Fund, defines composability as: If the existing resources of a platform can be used as components and programmed into higher-level applications, then the platform is composable. Composability is important because it allows developers to do more with fewer resources, which in turn can lead to faster and more complex innovation.

In fact, now DeFi users can use ETH as collateral, then create DAI, circulate through Tornado.Cash, exchange USDC on Curve, and bet on election contracts on Polymarket. This is a very amazing scenario. The network effect of the DeFi ecosystem is very powerful, but this compound innovation is not without risks.

Specific to DeFi, the risk will increase. In this article, we will explore the dependence of the entire DeFi ecology, and how several key support levels of the entire ecosystem. If there is a problem at any one of these levels, DeFi as a whole will collapse.

To understand the risks that investors take through income farming, the only effective way is to understand the dependencies hidden in the DeFi stack and derive potential risks from them. To do this, you must understand the layers in the DeFi stack.

In order to better understand these risks and dependencies, we divide the DeFi stack into six different levels:

01

Disassemble the DeFi stack

>>>> Level 1: Atomic Value Unit

The first layer in the DeFi stack starts with atomic value units.

DAI, ETH, lending market tokens (cTokens and aTokens), centralized custodial ERC-20 tokens, linked assets and stablecoins (USDT, USDC, WBTC), and the LP share of the AMM pool, which are mainly used as derivatives and loans Mortgage and leverage are used in the DeFi protocol and represent the beginning and end of a complete transaction life cycle.

The risks of DAI and Tether are different. The main risk of DAI is that the Maker system crashes and DAI loses its linked assets. The main risk of Tether is the adverse situation in the bank account where the U.S. dollar backing USDT is stored. All centralized custodial assets like WBTC and USDT face binary risk, because if BTC is hacked or the market finds that Tether’s dollars do not actually exist in bank accounts, their value may plummet.

Both parties will introduce key risks at the bottom of the inverted pyramid of the DeFi stack. Whether it is a bug or a smart contract failure, if any atomic value unit is shaken, any system that uses them will be affected, no matter how good its code is.

>>>> Layer 2: Transaction layer

It is not enough to be able to cast atomic value units. Whether it is a human or a robot, DeFi users must be able to conduct transactions on the chain, which is the second layer of DeFi.

With the popularity of DeFi protocols, they become part of increasingly complex DeFi systems. The DeFi protocol relies on external transactions to run smoothly, including tracking and storing collateral balances, measuring mortgage fund ratios, processing oracle prices, performing liquidation, allocating rewards for contributors, issuing deposits, etc. These services consume a lot of gas fees, and therefore require sufficient Layer 1 or Layer 2 capabilities. Therefore, we have identified transaction processing capabilities as the core element of DeFi.

Although this seems to be an inevitable result, it is not. The high gas fee of Ethereum illustrates the cost of transactions. Assuming that users and robots cannot trade on the chain, clearing, margin call operations, etc. cannot be processed, which creates a systemic bankruptcy risk in the entire DeFi ecosystem.

Trading capabilities have been improved in many ways. Projects like Solana are innovating at the Layer 1 level, optimizing the cost of throughput, latency, and gas fees to achieve better performance than the current state (50,000 TPS, sub-second latency, and close to $0 transaction fees). Projects such as SKALE, StarkWare, and Optimism are building layer 2 solutions to expand on Ethereum.

>>> > Level 3: Price prediction

On the basis of the transaction layer, the oracle quotation is the basis of the next infrastructure. The input of secure and verifiable market data is essential to the operation of the DeFi protocol. The isolated design of smart contracts based on off-chain data means that a centralized oracle may introduce a single point of failure for the entire system.

The oracle can trigger high-level functional modules, such as liquidation. Coinbase, MakerDAO neutralizer, Chainlink, Band, Tellor, UMA, API3, Compound Open Oracle and Nes are currently the nine most popular oracles.

If Chainlink’s price quotation becomes invalid or misreported, loans on Aave or synthetic assets on Synthetix may be inadvertently liquidated, the DEX median price on Bancor may go off track, and a series of DeFi systems may be paid within a few seconds. The ability to become insolvent.

Layers 1, 2, and 3 constitute the core infrastructure of DeFi. On top of this, DeFi entrepreneurs are building a more complex and interoperable financial infrastructure.

>>>> Level 4: DeFi bottom layer products

When most people think of income farming or pure-use DeFi applications, they think of DeFi underlying products. DeFi includes:

1) Loan agreement: Compound, Aave, Cream, bZx, Yield, Notional, Mainframe

2) AMM trading platform: Curve, Uniswap, Balancer, Bancor, mStable, BlackHoleSwap, DODO, Serum Swap

3) Order book trading platform: 0x, IDEX, Loopring, DeversiFi, Serum

4) Derivatives trading platform: MCDEX, Perpetual Protocol, DerivaDEX, Potion, Opyn, Synthetix, dYdX, Pods, Primitive, BarnBridge

5) Asset management platform: Set, Melon, dHEDGE

These low-level products are considered to be a network, not a stack, because these products are not necessarily superimposed on each other in a specific order. Each product can be used independently or together with other products, whether it is in this layer or a lower layer of the DeFi stack. To give a few examples:

cToken (layer 1) is used as collateral in Curve (layer 4).

Users can borrow from Aave and then deposit the asset into Uniswap. Or users can deposit assets in Uniswap, and then use Uniswap LP shares as collateral for Aave.

Here are some examples of how DeFi bottom layer products can be developed using 1-3 layers:

DAI supports all open rights and interests on Augur and is the mortgage token for many stablecoin pools on Curve.

Aave relies on Chainlink’s oracles to accurately issue and liquidate crypto-backed loans.

3) Lending agreements and non-custodial derivatives agreements (Compound, Aave, etc.) require Keepers to be able to send transactions to clear positions. When the Ethereum network is blocked, positions with low mortgage rates will be quickly liquidated, as MakerDAO proved in the 312 crash.

>>>> Level 5: Aggregator

The aggregator is active on top of DeFi’s underlying products. This layer consists of supply-side and demand-side aggregators, including:

1) Supply-side aggregator: Yearn Finance, RAY, Idle Finance, APY.Finance, Harvest Finance, Rari Capital

2) Demand-side aggregator: 1inch, DEX.ag, Matcha, Paraswap

3) Aggregator of the aggregator: yAxis

4) New aggregators: Swivel Finance, Benchmark

The layer 5 protocol aggregator does not custody mortgage assets. These products usually provide smart contract construction to enable users to interact with other Ethereum DeFi protocols. Aggregators have soared in popularity because they are good at one thing: making money.

However, investors must consider the risks of this layer of the protocol stack. If any one of the underlying product agreements fails, the user may lose part or all of the funds. This is because many aggregators such as YFI utilize multiple underlying protocols, so the user is responsible for all the underlying protocols that the project’s vault uses in turn. risk.

On the positive side, the demand-side DEX aggregator is the safest, and there is no such risk because they do not hold funds, but only perform atomic transactions in the block.

>>>> Layer 6: Wallet and Front End

The wallet and front end are on top of all DeFi, here are some examples:

1) Repeaters: Tokenlon, Dharma, PoolTogether, Guesser

2) Wallets: MetaMask, Math, imToken, Bitpie, Exodus, Trust Wallet

3) DeFi local front end: DeFi Saver, Zerion, Zapper, Argent, Instadapp

The role of wallets, repeaters, and front-ends is to enhance the user experience of DeFi. They do not compete in financial or technical structures, but in design, customer support, ease of use, and localization. Their main business is to acquire users.

We subdivide these projects by function, for example, a repeater provides a front-end for a specific protocol (for example, Guesser is the front-end of Augur, and Tokenlon is a 0x-based decentralized exchange). Front-ends like Instadapp and Zapper simplify the process of writing smart contract calls across different DeFi underlying products.

02

DeFi risk management

Today, the DeFi market is increasingly risky. Paradigm partner Arjun Balaji described this phenomenon incisively in a tweet: “ The risks of DeFi are increasing exponentially, including contract errors, poor protocol parameterization, chain congestion, oracle errors, administrator robots/ LP fails, and the combinability and leverage ratio of the contract further amplify the risk. “

Curve’s sUSD pool is one of the most popular revenue-growing opportunities recently. Users deposit one or more stablecoins in the pool and pledge their LP tokens to Synthetix’s Mintr platform to obtain SNX rewards.

Each stablecoin in the Curve pool has specific risk characteristics (the peg of DAI is composed of Maker’s governance, oracle and liquidator, and the value of USDT depends on the collective trust in the Tether reserve). The construction of the stablecoin pool reduces the impact of any stablecoin value collapse on the coin holders, and also supports the pegged value of each stablecoin.

However, the collapse of any stablecoin will still have an adverse effect on other stablecoins in the pool, which will have an adverse effect on all protocols that rely on this pool (such as the instability of the Synthetix debt pool). This is the double-edged sword of Ethereum’s composability. Its easy integration promotes breakthrough innovation, but the risk has multiplied in lock-in.

Let’s take a look at some huge potential risks in the DeFi market. At present, the value of 11.4 billion US dollars is locked in the head DeFi agreement (Uniswap, Compound, Aave, Balancer, Curve, MakerDAO, etc.). Of the 11.4 billion US dollars, DAI accounted for 9% (US$1 billion) of the locked-in value, USDC accounted for 24% (US$2.8 billion), renBTC accounted for 3% (US$308 million), and WBTC accounted for 17% (US$2 billion). If any stablecoin prices deviate from their pegged value, a series of liquidations, bankruptcies and price fluctuations are likely to occur.

Among the five synthetic asset platforms sorted by the value of locked assets, Chainlink provides key functions for three of them. Among them, Synthetix’s debt pool has 126 million US dollars, which is based on the price of SNX and all the resulting synthetic assets (fully guaranteed by Chainlink).

Synthetix suffered an oracle attack on June 25, 2020, in which the sKRW (synthetic Korean won) feed price returned an incorrect value, creating an opportunity for arbitrage robots and withdrawing about 37 million sETH from the system at a low price (Although in the end the attacker returned the funds after negotiation).

The price information of the oracle can also be directly manipulated by the user for personal gain. On February 18 this year, an attacker used flash loans to raise the price of Uniswap’s sUSD to about $2, and provided bZx with sUSD collateral at this inflated valuation to borrow about 2,400 ETH and effectively withdraw. bZx position, but no loss of collateral-all of this is done in one transaction. Since then, oracle attacks have increased, including recent attacks on projects such as Harvest and Value DeFi.

Between Synthetix, Aave and Nexus Mutual alone, Chainlink has guaranteed a value of approximately $2.2 billion, which, as discussed, may be attacked by price manipulation.

The last major risk factor is congestion on the Ethereum chain. As we have recently seen the launch of UNI, Ethereum is still not ready for global scale trading activities. Several decentralized exchange projects had to postpone the launch of the main network due to the increase in gas costs. Not only is the cost of opening a position high for users, but the cost of executing key transactions such as recharging collateral and liquidating positions can also be prohibitively high.

03

DeFi risk mitigation ideas

Layers 1-3 of the DeFi stack affect almost all DeFi projects, so they are the most important when considering risk mitigation.

>>>> Mortgage tokens

Most agreements in the DeFi ecosystem use the same assets as collateral. These tokens include DAI and centrally managed assets (USDC, USDT, WBTC, etc.). They also include interest-bearing lending market tokens, such as aTokens and cTokens. DeFi developers can prevent collateral risks in the following ways.

1) Restrict collateral types (for example, dYdX only allows USDC to be exchanged for perpetual swap positions, while Maker allows multiple types). The result of the trade-off is that allowing more types of volatility collateral creates systemic risk for all collateral in the same pool.

2) Only transparent and audited stablecoins are accepted as collateral (such as USDC and PAX).

3) Use clear risk parameters (such as liquidity and market value requirements) for each form of collateral, and introduce collateral types in stages over time.

4) Limit the concentration of collateral and incentivize liquidity providers to increase underrepresented collateral (for example, Curve incentivizes LPs to increase DAI in their specific pools because DAI has low liquidity in the pools).

5) The team that builds the 3-layer bottom product can purchase collateral insurance for its users. This will essentially bring insurance to the lower level of the stack. For example, dYdX can use USDC to purchase credit default swap products for its traders equal to their position risk exposure. Stable currency issuers, insurance companies or decentralized insurance providers (Opyn, Nexus) may become underwriters of swap products.

>>>> oracle

The oracle is the main fault and attack vector of almost all DeFi protocols. As mentioned above, 30% of the top ten protocols on DeFi Pulse rely on Chainlink, and the other 20% utilize LINK tokens in some way. If Chainlink makes a mistake to some extent, then a large part of DeFi’s ecology will collapse.

In order to reduce the risk of oracles, the project team can obtain prices and other off-chain data from several oracle providers (Chainlink, MakerDAO medianizer, Band, Coinbase), and then use the median.

If the price of one oracle deviates by X% from other projects, it can be ignored (for centralized predictions, FTX ignores prices with a median price of more than 30 basis points), which may prevent an oracle from being attacked Happening. In addition, the protocol can use TWAPs or VWAPs to mitigate lightning loan attacks.

In addition, the team can choose to limit the range of changes in the oracle price within a certain period of time. This can increase security in the event that the price of the oracle is leaked and manipulated. However, if the price does fluctuate greatly and the oracle quotes do not change, this may cause serious market distortions, thereby seriously threatening the solvency of the system.

>>> Trading Ability

On March 12, the MakerDAO system was bankrupt and liquidated due to congestion on the chain, some of the assets on the chain failed to repay in time and insufficient mortgage. Keepers is a network participant in Maker who can bid for zero dollars for liquidation. Due to the increase in gas cost, transactions cannot be performed. The reason is that the default configuration of the software used by Keepers cannot automatically adjust gas fees according to network congestion.

With the rise of decentralized derivatives protocols on Ethereum (such as dYdX, Perpetual Protocol, DerivaDEX, MCDEX), trading capabilities will become more and more important. Just imagine, if Binance is unable to liquidate loss-making traders, the insurance fund will have to pay huge losses and go bankrupt, which will directly lead to the large-scale automatic deleveraging of the entire exchange.

We have identified some solutions to reduce the risk of this inability to trade, such as migrating to Layer 2 or other scalable solutions (capacity expansion, side chain, other Layer 1, etc.).

1) The more optimistic expansion scheme is the backward compatible EVM, which inherits the security of Layer 1 and can have higher throughput, low latency and lower gas fees, but it takes a long time to implement .

2) Side chains such as Skale and Matic can quickly be backward compatible with EVM, have the characteristics of high throughput, low latency, low gas fee, and provide fast deposit/withdraw functions, which are highly configured for developers However, they do not inherit the security of Ethereum Layer 1.

3) The running Layer 1 projects such as Solana, Near, Algorand, Dfinity, Nervos, etc. are alternative public chains of Ethereum. They usually have higher scalability and lower cost, but they want to be like Ethereum. High-value collateral also requires more mature foundations and components.

>>> Create a complex collective liquidation robot program to keep funds in hand

1) KeeperDAO is a public liquidity pool that allows token holders to contribute and obtain rewards through on-chain liquidation. KeeperDAO works in the entire DeFi ecosystem and runs highly complex and optimized software.

2) Each team that builds the underlying product can create its own mini version of KeeperDAO. For example, Mainframe is pooling liquidator collateral for its fixed-rate zero-coupon bond lending system, so the agreement does not have to rely on individuals to perform liquidation.

3) On this basis, the team should ensure that they use a robot that can be liquidated quickly, so as to avoid the crisis that MakerDao encountered in 312.

>>> Mining pools can prioritize specific transactions into blocks

1. We have been thinking about the possibility of the mining pool issuing its own tokens (for the sake of simplicity, we call it MPT here). The working principle of MPT can be as follows. When an address with at least 10,000 MPT broadcasts a transaction, the mining software of mining pool X notices the transaction and marks it as a priority transaction (PT). In the next block mined by mining pool X, PT will be listed as the first transaction.

2. The DeFi team itself can have a large number of MPTs to ensure that their key operation calls (such as oracle price update, liquidation, guaranteed payment) are prioritized and included in the block.

3. Xinghuo Mining Pool recently announced that they are testing a network called Taichi. According to Gasnow, Taichi pushes directly received transactions to the mempool of the mining pool, bypassing the traditional mempool. This concept helped Ethereum researcher Samczsun saved Lien Finance users $9.6 million a few weeks ago.

>>> Mining Machine Mining Value (MEV)

The term miner extractable value was first proposed by Phil Daian in his seminal research paper “Lightning Boy 2.0”. The basic idea is that since miners have the ability to review transactions in block order in blocks, they can choose to replace arbitrage or liquidation transactions with their own transactions (but transaction fees are zero or lower).

Although this approach is generally considered evil and has a negative impact on the stability of the chain, in fact it may eventually become an effective tool for DeFi risk management. In this case, the profit margin of the liquidator and the custodian will return to zero. But if miners systematically MEV liquidation and arbitrage, they will prevent the bankruptcy and price difference of the entire system, because liquidation and arbitrage transactions always occur.

>>> Derivatives position offset and cross margin

If liquidity providers can cross derivatives platforms or cross margin collateral, and obtain net long and short positions on competitive agreements, they can provide more liquidity for every dollar of collateral.

For example: if an Ethereum address has a 1x long BTC-USD perpetual contract on dYdX and a 1x short BTC-USD agreement on MCDEX, these positions can theoretically be netted, so that traders only need a small portion Collateral, and these collateral is necessary, which will have an additional benefit, that is, greatly reducing the amount of liquidation. However, given that these systems lack maturity in terms of technology and governance, it is unlikely to happen in the short term.

>>> Gas tokens, such as CHI and GST-2

The Gas token is an untapped approach to scale. At present, the total market value of the two main gas tokens, CHI and GST-2, are both below $200. What is gas token? Gas tokens can store gas for use in future free transactions or as a prepayment for future use of gas.

When the gas fee price is low, a savvy trader will mint it into tokens, and then when the gas fee price increases for Ali, the trader will exchange gas tokens, thereby saving transaction fees. We expect that the DeFi team will begin to accumulate gas tokens and use them in their protocols when they need to use the built-in liquidation automated procedures during periods of severe market volatility.

04

to sum up

Nowadays, the interconnection between various DeFi protocols is getting closer, and with it comes more and more complex systemic risks. There are many different DeFi protocols, but most of them have the following points in common.

First, it contains a collateral pool that can be traded or borrowed; second, in order to avoid systemic bankruptcy of borrowing/lending and derivative agreements, the oracle feeds the contract; third, if insolvency occurs, a third-party Keeper You can initiate a liquidation and make a profit from it.

Therefore, in this article, we aim to provide a simple framework to think about how to manage the three major risks in DeFi, namely, collateral risk, oracle risk, and liquidation risk.

At present, 13 billion US dollars of funds are locked in the DeFi market, many of which rely on some underlying products. Although some of this value is protected by smart contract insurance providers such as Nexus Mutual and Opyn, there is little protection against economic and congestion failures today.

As the DeFi market matures and more complex underlying products are launched, project teams will need to think more carefully about how to prevent systemic risk factors.

Institutional participants such as Genesis and BlockFi and new types of banks such as Betterment and Wealthfront will eventually want to use the DeFi track with no control.

When they do, the first question the DeFi team needs to face is how they choose to protect themselves from black swan events (such as a single oracle failure or blockchain congestion), after all, they have the answers to these questions in advance It may be the difference between winning and losing business in the DeFi industry.