What demarcates the line between Las Vegas and Wall Street isn’t necessarily the flare for risk-taking, of which both relish; it’s understanding the extent of assumed risk and adequately managing probabilistic outcomes.
Risk management surrounds us, from the mundane decisions to sophisticated financial investments. We use models to determine the risk/reward for virtually every decision that we make in life, subconsciously or consciously, regardless of the material committed or the rewards or punishment that result.
Smoking may result in the risk of cancer or heart disease, fomenting a higher level of financial risk and loss of working years, and higher insurance premiums. A speculator on a stock may buy a call or put option on the stock to limit their exposure. A man at a casino may adjust their position sizing in response to the cards they are dealt.
In the digital asset markets, unique classes of risk are introduced. Trusted intermediaries, providing services such as escrow or execution, are minimized. In return for this efficiency, investors shoulder the principal and related risk that participants face in DeFi, which range from traditional counterparty risk to the daunting threat of smart contract vulnerabilities and beyond.
Permissionless, transparent financial ledgers of Ethereum are a crucible for both economic and technological innovation. The result is an open arena of cooperative games between incentive-aligned protagonists and malicious antagonists. Ethereum is a Dark Forest.
Risk management in crypto is both an unprecedented challenge and opportunity.
What was once fervent retail speculation pouring money into altcoins has become more substantive in 2020. The introduction of DeFi platforms ranging from borrowing/lending protocols to DEXs, synthetic assets, and insurance mutuals have stoked exploration into more advanced risk management. It’s more than possible that we’re entering a new wave of financial innovation following the securitization market of the aughts, the bond markets of the eighties, and the wholesale digitization of Wall Street.
Amidst this “Summer of DeFi”, the question surfacing for the market has become:
How do you properly manage risk in a composable DeFi stack?
Assessing Risk in DeFi
Risk in DeFi is distinct for several reasons. The non-custodial nature of its lending platforms, the price volatility of tokens, on-chain vulnerabilities including unique threats of mempool transaction reordering, and the nuances of user behaviour can be broadly reduced into two primary types of risk:
- Technical Risk
- Economic Risk
It’s significant to note that technical risk has never been entirely divorced from price risk in the digital asset marketplace. A primary example being the YAM fiasco, where a bug in the rebasing contract stopped the governance process from functioning correctly, creating a frantic timeline for users to withdraw their funds safely. The YAM token price concurrently crashed within hours.
The technical risk facing DeFi is unique and encompasses a wide range of vulnerabilities. These include smart contract bugs, layer one attacks (e.g., 51 percent attacks), and the rise of MEV-related problems such as mempool front-running by generalized arbitrage bots. These risks are exclusive to permissionless blockchains, where anonymous users can scour and probe weak points in production code and exploit bugs at will.
Technical risk encompasses the surfeit of vulnerabilities facing user deposits on DeFi platforms like Compound, Aave, Maker, and others that collectively hold billions in total value locked (TVL).
Some of the most prominent recent examples include the Opyn ETH put option exploit and the clever financial engineering of bZx using flash loans. One of the more egregious technical exploits was the recent deluge of ETH into the Eminence (EMN) smart contract by DeFi users blind to risk, which subsequently led to $15 million drained from the contract by an attacker. Interestingly, one of the silver linings of the EMN exploit, which saw the hacker return half of the funds (creating the #halfrekt viral trend on CT) was that community engagement in managing risk and insurance increased palpably.
The prevailing defence against technical exploits at the smart contract layer is thorough audits from respected firms in the industry, private disclosures of vulnerabilities, and bug bounties.
However, audits, bug bounties, and responsible disclosures are not a panacea to technical exploits in a permissionless system. Code is continually evolving to scale and meet user demands, opening new and unknown attack vectors as the network matures.
Insurance platforms, such as Nexus Mutual, have stepped into the void to provide pooled claim coverage for smart contract-related vulnerabilities. The first claim to officially be paid out by Nexus Mutual was the aforementioned bZx flash loan attack, dishing out roughly $31,000 to claimants of the bZx Fulcrum bug.
Others, such as Tidal Finance, have even introduced programmable insurance pools using a Balancer-like market for different layer one chains other than just Ethereum. However, the coverage is discretionary and technical exploits can run deeper than the smart contract layer — reaching both the mempool and on-chain level.
In particular, mempool-related vulnerabilities are gaining momentum following the publishing of Flash Boys 2.0, which highlighted MEV and PGAs of arbitrage bots. The paper was soon followed by Dan Robinson’s story about how Ethereum is a Dark Forest, which was later expounded on by notable security developer Samczsun’s efforts to escape the Dark Forest.
The theatre of mempool threats is new, depicting how Ethereum’s open ecosystem will continually create unknown technical risks that need to be addressed down the road.
The variety of technical vulnerabilities at different layers in DeFi highlights the need for more sophisticated risk management. Current insurance options and smart contract solutions (e.g., audits) only address technical risks piecemeal, rather than bundling more comprehensive coverage together.
Technical risks are not strictly confined to a single layer. They are sometimes fused into multi-pronged efforts of concealed behaviour that appear ingenious upon discovery. Failsafes such as MakerDAO’s MKR governance parameters auctioning off the token on the open market to stabilize CDPs exist, but questions remain about how rapidly such actions can respond to volatile market moves that can happen in minutes or hours.
Black Thursday and Multi-Layer Risk
One of the more compelling examples of technical risk that blends smart contract vulnerabilities and the mempool is “Black Thursday,” March 12th, when the price of ETH plummeted alongside BTC and other macro assets — a “correlations go to one environment,” which is another risk in itself to defend against.
With ETH as the underlying collateral of MakerDAO, liquidations began rapidly cascading as collateralization ratios dropped below required liquidation thresholds. Oracle pricing went haywire, and some liquidation bots scooped ETH worth roughly $8 million in zero bid auctions — behaviour that forensic mempool evidence by BlockNative indicates was deliberately composed by hammer bots during excessive market volatility.
Maker eventually stabilized, as the platform’s native MKR governance token was sold to stabilize the system’s debt. However, brief windows of opportunity are ripe for exploiting in times of market turmoil, as demonstrated by BlockNative’s analysis, which reveals liquidated collateral being sold drastically below market value in a span of only a few minutes.
March 12th exhibits the multi-faceted complexity of risk facing DeFi. More comprehensive risk management options need to arise to meet such sophisticated vectors for insolvency or mass loss on the part of depositors. In the case of Maker, the events of March 12th even required legal proceedings.
Such threats don’t even consider layer one attack vectors, such as 51 percent attacks. On-chain threats also include hard forks, which are a mixture of social and economic disagreements over technical parameters of a protocol that can significantly dilute value in one chain. The resulting token splits (e.g., the Bitcoin & Bitcoin Cash hard fork) raise interesting questions about how to mitigate token holder risk, especially as Ethereum ramps up its parallel ETH 2.0 chain in the coming weeks.
Questions surrounding layer one vulnerabilities will only grow as more value migrates on-chain and Ethereum transitions to ETH 2.0.
Complexity of Economic Incentives
Unfortunately, technical risk is not the only variety of hazards that DeFi users need to account for either. With a composable, interdependent system of open protocols exchanging value, aligning economic incentives poses additional complexity for assessing risk properly.
How do you account for the price volatility of governance tokens or the relative collateral liquidity of assets in lending protocols based on user behavior? Economic risks are difficult to reason about in a market where governance tokens from one protocol are used for collateral in yield farming of another protocol and subsequently staked on a DEX for trading fees acquired in LP tokens.
Fortunately, Gauntlet Network and DeFi Pulse recently partnered to deliver excellent metrics for evaluating the risk profile of several major DeFi platforms. Notably, they account for collateral risk, user behaviour, and smart contract/protocol parameter risk, a necessary step towards more comprehensive risk analysis.
In DeFi, users have the unique freedom to choose from a buffet of liquidity pools, yield farming opportunities, borrowing/lending protocols, and other platforms — customizing their collateralization ratio in some cases. Significant more responsibility for risk assessment is shouldered by the individuals participating in the ecosystem since the intermediation of risk by third parties is reduced enormously.
Since user behaviour dictates risk much more drastically than in traditional finance, economic incentive design takes centre stage for minimizing user risk.
Sophisticated agent-based risk models subsequently become necessary as users need to off-load and automate some of the more complicated risk assessment of the market.
The downstream effects of economic risk analysis are not always disconcerting either. Economic risk assessment broaches some meaningful questions about the impact of user-selected collateral risk on capital efficiency and governance, with the latter focusing on parameterizing risk via on-chain voting.
It’s evident that reasoning about the complex mixture of technical and economic risks facing DeFi is a daunting challenge. The type of risks faced by an automated series of smart contracts intermediating the flow of billions in permissionless value is unprecedented. However, the challenge of risk management in DeFi and the broader crypto market is also an emergent opportunity.
Never before has a design space for complex derivatives, insurance, and other financial instruments existed. The open nature of protocols that leads to exploits like YAM and bZx is overshadowed by the potential deluge of financial innovation just over the horizon.
In part 1 of this 2-part series, we outlined the unique dilemma of risk in DeFi and classified the types of risk into two broad buckets, technical and economical, by using some prominent examples. We further postulated that the two are intertwined, introducing the need for a new type of risk management.
In the next part, we will explore some of the interesting byproducts of risk in DeFi, their effects on the current market, and how they present an unprecedented occasion for the rise of insurance, risk management platforms, and other asset tooling on Ethereum. Finally, we will introduce how UNION meets the surging demand for risk management and asset protection in DeFi — building the type of scalable open asset protection infrastructure necessary for DeFi to realize its true potential.
Stay tuned for more info and follow us at:
Telegram ANN: https://t.me/UNNFinanceANN
Disclaimer: UNION is not an insurance company and UNION does not sell policies of insurance.