What risks should we pay attention to when participating in DeFi projects?
Editor's Note: This article comes fromCrypto Valley Live (ID: cryptovalley)Editor's Note: This article comes from
Crypto Valley Live (ID: cryptovalley)
Crypto Valley Live (ID: cryptovalley)
, Author: Raymond Yeh, translation: Li Hanbo, reprinted by Odaily with authorization.
In fact, this is how I lost $5,000 a few weeks ago..."rate of return"Unlike investing in traditional financial products, DeFi investors are not protected by any laws and rules surrounding the traditional securities market. Instead, in the blockchain space, where code is law, investors should do your own research (DYOR).
rate of return
In this post, I will explain the different components of breaking down the risk associated with DeFi products, using models and theories borrowed from commercial finance.
Yield itself is an indicator of risk
Dai collapsed? it's out of the question
text
Interest rates (or yields) are closely related to risk. High interest rates are often a sign of high risk.
text
Consider two DeFi products with similar risk profiles in the market
Product A has a 5% interest rate
Product B has an interest rate of 10%
Eventually, the interest rates on both products will converge to the same, between 5% and 10%.
risk type
This means that assets with similar risk characteristics will have similar returns over the long run. This can be explained by Arbitrage Pricing Theory (APT). The yield of an asset is 10 times higher than that of the US 10-year Treasury bond, which means an extra risk.
first level title
The excess return that investors demand above the risk-free rate as compensation for the higher uncertainty of risky assets is known as the risk premium. In traditional commercial finance, the main contents of the risk premium are:
liquidity risk
national risk
liquidity risk
Financial risk
business risk
secondary title
Country-specific risks (this article refers to blockchain risks)
The blockchain is decentralized, yet the actual users on the blockchain are citizens and businesses residing in different countries.
While one might say that the code is the law on the blockchain, the laws of different countries may not fully align with it.
In this category, we are looking at risks related to how current laws treat assets and activities in the DeFi space, and how these laws may change in the future.
Additionally, some lawmakers are still drafting relevant laws as there is no clear law on the tax treatment of cryptocurrencies. This could mean that gains from cryptocurrencies could be taxed more heavily in the future, significantly reducing overall investment yields.
If you are the victim of a hacking attack, it may be difficult for local law enforcement to help you with your case.
currency risk
Exposure to 9 Cryptocurrencies, So What Can Go Wrong?
As each project creates its own Token on Ethereum. Whether participating in the DeFi space as a lender, borrower or liquidity provider, they are likely to be exposed to one or more cryptocurrencies.
In a simple case where a person converts USD to ETH to lend ETH on Compound, the user earns interest on ETH and gets COMP as a reward for participating. At the same time, the user gains exposure to both ETH and COMP, and a negative price change in either of these 2 cryptocurrencies will greatly affect his expected return.
A 100% price increase only results in a 5% loss...but, has anyone looked at the left side of the curve?
Investors, when providing liquidity for such pairs, need to consider the possibility that the coins may never return to the same relative pricing as stablecoins.
liquidity risk
liquidity risk
Liquidity risk refers to the risk brought by the uncertainty of the timeliness and cost of exiting investment. While one might argue that with the various Automated Market Maker (AMM) protocols on the blockchain, liquidity is a non-issue, that may not always be the case.
The fragmentation of liquidity pools across many different protocols may actually result in a smaller market size and lower liquidity for individual pools. This can lead to large slippage on a single trade where the quote and execution price differ, or higher transaction fees if the user prefers to route through a different protocol.
Additionally, if a run occurs on a protocol, transactions to sell assets may be fronted by other transactions, causing higher price slippage. At this time, the security mechanism originally established to protect users will restore the transaction when the slippage is too high, consume more gas fees, and set a worse price for users.
Financial risk
text
#YOLO
In the case of MakerDao, participants can borrow against certain pledged collateral to mint DAITokens. During this process, users will face the risk of liquidation when the loan interest rate and the value of collateral are lower than the mortgage rate requirements. Both of these conditions will affect the ability of participants to maintain their debt obligations and may result in the liquidation of their positions at a discount to current market prices."image description"In the case of Compound,
DeFi investors learned that they could theoretically pass-through borrow against provided collateral to maximize COMPToken rewards. These investors are leveraged in nature and are more likely to be liquidated at a loss if the value of their collateral declines even slightly.
Investors need to be cautious when their investments involve debt to prevent over-leveraging.
business risk
The reason why I put business risk last is because there are too many things to talk about! In this section, I will only talk about some characteristics of DeFi projects. Broadly speaking, when we look at traditional enterprises, we will look at Aspects such as the company's leadership and product vision, and their ability to execute on that vision. In the DeFi field, we can also evaluate DeFi projects in a similar way, starting from the governance model.
first level title
anonymous developer
text
In my opinion, the risks posed by projects run by anonymous development teams are the greatest.
Intentions unknown -- is the developer looking to make some quick bucks?
Unknown execution capabilities - will the code have bugs? Will there be marketing? Will there be community support and regulation?
While it could be argued that the code is law on the blockchain, this may not be a risky enough reason to trust an unknown developer. I have seen cases where legitimate smart contract code from audited projects can be abused by their contract deployers to steal funds from participants.
There is a lot of due diligence that needs to be done when dealing with projects run by anonymous developers.
first level title
centralized team
Most of the projects in the DeFi space seem to be started by a team, which is identifiable to some extent (stolen materials and fake teams do not count).
For projects that fall into this category, we also face other types of problems. One of them is a misalignment of incentives between a company's investors or founding team and the public. After all, we need to assume that businesses are ultimately set up for profit.
Another issue is that projects where team members can be identified could also be subject to scrutiny by governments or teams committing fraud. In the case of Tether (USDT), we see several claims.
Used for Bitcoin (BTC) price manipulation.
seizure reserve
These are all factors that could crash Tether, or lose its peg to the dollar. Similar risks of running afoul of governance or of brushing against the law apply to other projects run by centralized teams."first level title"Decentralized Autonomous Organization (DAO)
DAOs have been hailed as a panacea for failing organizations. However, setting up and running an effective DAO is not as simple as creating a voting page, there are many issues with
decentralized governance
related to the project.
Uncertainty of Rewards - In the absence of certainty about rewards, individuals may not be motivated to work on the project.
Bureaucracy - If consensus cannot be reached, the organization can get stuck and not be able to move forward. Look at different parliaments in the real world, similar to this situation."Voter apathy - Voters feel overwhelmed by different projects and proposals and may not or cannot vote on all of them, especially if voting on-chain costs Gas. Centralization of Power - Certain projects are driven by a small number of accounts with significant voting power. The capitalist world faces similar problems."Centralized execution rights - several projects are not on the chain"manage"manage
Smart Contract Risk
first level title
Finally, we come to the topic of misbehaving smart contracts. There are many smart contract designs that allow deployers to steal funds from participants. In the following blog post, I will show how it is impossible for non-developers to realize how funds were stolen. Therefore, in this section we will simply focus on how seemingly successful smart contracts can still fail.
If you have written a program, you will understand that the code you write must not only allow the user to interact with your program within the scope of your consideration, but also make sure that the user does not interact with your program when the user does not interact with your program according to your expectations. How difficult it is to get it wrong! This is why DeFi smart contracts may not perform exactly as we expect them to.
The reasons why DeFi smart contracts cannot be fully executed according to our requirements are as follows.
Untested Code - The pressure to go live can lead to writing code that isn't fully tested before going live. This risk is magnified if the developers on the project are not trained on smart contract vulnerabilities and design patterns.
Unexpected conditions -- some code may produce unexpected conditions when used with other components (see STA), initialized with different parameters, or used in a specific way that the developer did not consider (see ENS).
Counterparty Risk - Many DeFi projects depend on other DeFi projects to function properly. The project may be at risk of crashing because one of the dependent projects is at risk. For example, if any one of the stablecoins in the stablecoin pool loses its anchor for any reason, those participating in the Curve transaction pool may find that their Tokens have been devalued.
Audit Failures - While smart contract audits can help find some bugs with an extra pair of eyes, they are not a panacea for bug-free code. Even after multiple audits, participants cannot be sure that a smart contract is bug-free, Bzx hack is an example.
Unlike traditional applications, faulty smart contracts are difficult to fix unless disaster recovery is built in from the start. This is because smart contract code cannot be changed once deployed.
manage risk
text
