Do you know the risks?
Yield farming is the current upstart in the field of decentralized finance (DeFi). Since the interest rate (or rate of return, or APY) of other projects exceeds 100%, people may ignore the risk of investing in DeFi projects.
In fact, this is how I lost $5,000 a few weeks ago…
Unlike investing in traditional financial products, DeFi investors are not protected by any laws and regulations surrounding the traditional securities market. On the contrary, in the field of blockchain, the code is the law, and investors should do your own research (DYOR).
However, how many investors understand the risks of investing in DeFi projects? In other words, what is the source of the “yield”? In other words, are these yields sustainable?
In this article, I will use the models and theories borrowed from commercial finance to explain the different components of the risks associated with DeFi products.
The rate of return itself is a risk indicator
Dai crashed? This is impossible
Interest rate (or rate of return) is closely related to risk. High interest rates are often a sign of high risk.
Consider that there are two DeFi products on the market with similar risk profiles
Product A has a 5% interest rate
The interest rate of product B is 10%
This means that if investors in product A withdraw their liquidity from product A and place it on product B, they will have better returns, because they do not create additional risks.
This change will lead to a decline in the demand for A products and an increase in demand for B products. The result will be changes in the price of capital, in the form of the interest rate at which you invest in these two products.
Eventually, the interest rates of the two products will approach the same, between 5% and 10%.
This means that assets with similar risk characteristics will have similar returns in the long run. This can be explained by arbitrage pricing theory (APT). The yield of an asset is 10 times higher than that of the US 10-year Treasury bond, which means that there is an additional risk.
Type of risk
The excess return required by investors above the risk-free interest rate is used as compensation for the higher uncertainty of risky assets. This is the risk premium. In traditional commercial finance, the main contents of risk premium are:
Country risk
currency risk
Liquidity risk
Financial risk
Business risk
Country-specific risks (this article refers to blockchain risks)
The blockchain is decentralized, but the actual users on the blockchain are citizens and businesses living in different countries.
Although people may say that code is the law on the blockchain, the laws of different countries may not be completely consistent with it.
In this category, we are studying the risks associated with how current laws treat assets and activities in the DeFi field, and how these laws may change in the future.
One of the biggest risks in this area is the tax treatment of cryptocurrency income and capital gains-and this is different in different countries.
In addition, some lawmakers are still drafting relevant laws because there is no clear law on the tax treatment of cryptocurrencies. This may mean that future cryptocurrency gains may be subject to heavier taxes, thereby greatly reducing the overall investment yield.
Another major risk of being a participant in the DeFi field is that it is difficult to seek compensation if something goes wrong with the smart contract. This is especially true if lawmakers are considering legal recognition of digital signatures or smart contracts.
If you are the victim of a hacker attack, it may be difficult for local law enforcement agencies to help you deal with the case.
currency risk
What will go wrong with the risk exposure of 9 cryptocurrencies?
As each project creates its own token on Ethereum. Whether participating in the DeFi field as a lender, borrower or liquidity provider, they may be exposed to one or more cryptocurrencies.
In a simple case, a person converts US dollars into ETH and lends ETH on Compound. The user earns ETH interest and gets COMP as a reward for participation. At the same time, the user has both ETH and COMP risk exposures. The negative price change of any of these two cryptocurrencies will greatly affect his expected return.
A 100% price increase causes only a 5% loss… But has anyone seen the left side of the curve?
In a slightly more complicated situation, users can convert U.S. dollars into ETH and DAI and become the liquidity provider of Uniswap exchange. In addition to gaining risk exposure on ETH and DAI, due to the bond curve mechanism, he will further lose money on the relative price changes of ETH and DAI. Liquidity providers may end up receiving less funds than they invested. This phenomenon is often misleadingly called temporary losses, but this is far from the truth.
When providing liquidity for such currency pairs, investors need to consider the possibility that the currency may never return to the same relative pricing as the stable currency.
Liquidity risk
Liquidity risk refers to the risk caused by the uncertainty of the timeliness and cost of exiting investment. Although one might say that with various automated market maker (AMM) protocols on the blockchain, liquidity is not an issue, but this is not always the case.
The dispersion of liquidity pools among many different agreements may actually lead to a smaller market volume and lower liquidity in a single pool. This may result in a larger slippage in a single transaction, that is, different quotes and execution prices, or if users prefer to route through different protocols, higher transaction fees will be incurred.
In addition, if a run on an agreement occurs, the transaction of selling assets may be preceded by other transactions, causing higher price slippage. At this point, the security mechanism originally established to protect users will restore the transaction in the event of excessive slippage, consume more gas, and set a worse price for users.
Financial risk
Many DeFi projects do not directly involve borrowing, nor do they face the risk of failing to pay debts. However, some participants are encouraged to borrow in order to obtain returns, and therefore directly face financial risks.
In the case of MakerDao, participants can use certain pledged collateral to borrow money to mint DAIToken. In this process, users will face liquidation risks when the borrowing interest rate and the value of the collateral are lower than the mortgage rate requirement. Both of these situations will affect the ability of participants to maintain their debt obligations and may cause their positions to be liquidated at a discount below the current market price.
#YOLO
In the case of Compound, “smart” DeFi investors have learned that in theory they can borrow the provided collateral in a transitive manner to maximize the reward of COMPToken. These investors are inherently leveraged. If the value of the collateral drops slightly, they are more likely to be liquidated at a loss.
When investors’ investment involves debt, they need to be treated with caution to prevent excessive leverage.
Business risk
The reason why I put business risk at the end is because there are too many things to talk about! In this section, I will only talk about some of the characteristics of DeFi projects.
Broadly speaking, when we look at traditional companies, we will look at some aspects, such as the company’s leadership and product vision, and their ability to implement that vision. In the DeFi field, we can also evaluate DeFi projects in a similar way, starting from the governance model.
Anonymous developer
In my opinion, the risks posed by projects run by anonymous development teams are the greatest.
Unknown intentions-is the developer trying to make some quick money?
Unknown product vision-what is the next goal of the developer?
Unknown execution ability-will the code have bugs? Will there be marketing? Will there be community support and regulation?
Although it can be said that code is the law on the blockchain, this may not be enough to be a risky reason to trust an unknown developer. I have seen some cases where legitimate smart contract code from audited projects can be abused by contract deployers to steal funds from participants.
When dealing with projects run by anonymous developers, a lot of due diligence is required.
Centralized team
Most of the projects in the DeFi space seem to be initiated by a team, which can be identified to a certain extent (theft of data and fake teams are not counted).
For projects in this category, we also face other types of problems. One of them is the misalignment of the incentive mechanism between the company’s investors or founding team and the public. After all, we need to assume that the enterprise is ultimately set up for profit.
Another problem is that projects for which team members can be identified may also be censored by governments, or the team may commit fraud. In the case of Tether (USDT), we have seen several claims.
Stablecoin is not fully secured
Used for price manipulation of Bitcoin (BTC).
Seizure reserve
These are all factors that may cause Tether to collapse or lose its peg to the US dollar. Similar risks associated with management or passing the law apply to other projects run by centralized teams.
Decentralized Autonomous Organization (DAO)
DAO is hailed as a panacea for failing organizations. However, building and running an effective DAO is not as simple as creating a voting page. There are many problems related to the “decentralized governance” project.
Uncertainty of rewards-In the absence of certain rewards, individuals may not be motivated to work on the project.
Bureaucracy-If consensus cannot be reached, the organization may be stuck and unable to move forward. Look at different parliaments in the real world, similar to this situation.
Voters’ indifference-Voters feel at a loss for different projects and proposals, and may not or cannot vote on all projects and proposals, especially if it is an on-chain vote, it costs Gas. Centralization of power-some projects are promoted by a small number of accounts with large voting rights. The capitalist world faces similar problems.
Self-interested and short-sighted behavior-Voters are motivated to vote for what is beneficial to them in the short term, rather than what is best for the collective in the long term.
Centralized execution power-several projects do not have an on-chain “settlement” process, and the governance module directly manages the smart contract of the project. Instead, the execution of the smart contract is done by the team alone. Participants did not “manage” the DAO, but simply investigated what they liked better.
Smart contract risk
Finally, let’s talk about the topic of misbehaving smart contracts. There are many smart contract designs that allow deployers to steal funds from participants. In the following blog post, I will show how it is impossible for non-developers to realize how funds are stolen. Therefore, in this section, we will simply focus on how the design of a seemingly successful smart contract will still fail.
If you have written a program, you will understand that the code you write must not only allow the user to interact with your program within your consideration, but also when the user does not interact with your program in accordance with your expectations. How difficult it is to execute incorrectly! This is why DeFi smart contracts may not be executed exactly as we expect.
There are several reasons why DeFi smart contracts cannot be executed in full accordance with our requirements.
Untested code–Under the pressure of product launch, the code written before the launch may not be fully tested. If the developers in the project have not received training on smart contract vulnerabilities and design patterns, this risk will be amplified.
Unexpected situations–When used with other components (see STA), initialized with different parameters, or used in a specific way that the developer has not considered (see ENS), some codes may produce unexpected situations.
Counterparty risk-Many DeFi projects rely on the normal operation of other DeFi projects. The project may be at risk of collapse because one of the dependent projects is at risk. For example, if any stablecoin in the stablecoin pool loses its anchor point for any reason, people participating in the Curve trading pool may find that their Token has been devalued.
Audit failures–Although smart contract audits can help find some bugs with an extra pair of eyes, they are not a panacea for bug-free code. Even after multiple audits, participants cannot be sure that the smart contract is bug-free. Bzx hackers are an example.
Unlike traditional applications, faulty smart contracts are difficult to repair unless disaster recovery is built in from the beginning. This is because the smart contract code cannot be changed once deployed.
Manage risk
The purpose of this article is not to discourage investment in DeFi projects, but to help investors more accurately estimate the risks of different DeFi projects-understanding the different sources of risk will be a good start.
With the ability to better estimate risks, it is even possible to establish a risk-controllable asset portfolio to maximize the return of traditional financial products and DeFi products.
