Smart Contract Risk
Hacking (also referred to as “exploits”) is the most common, as well as the best-known DeFi risk. Because Defi protocols are typically open source, and code is in principle immutable, it is permanently vulnerable to attack.
The risks can come from errors or flaws in:
- Business Logic- Tokenomics / incentive structures- Code
Smart contract security assessments should cover all smart contracts deployed as part of a DeFi protocol.
There should be no difference between the code assessed and the deployed code. All high and critical risks raised in the audit report should be addressed.
The technical knowledge and reputation, of the smart contract security assessor, is an important factor.
Governance mechanisms programmed into a DeFi protocol can introduce a degree of imprecision and uncertainty.
In most cases the structure of DeFi protocols also provides certain users or programmers with asymmetrical control over the system, introducing a risk of rug pulls where malicious users take advantage of their ability to control a protocol to remove liquidity and profit, at the expense of users who cannot exercise the same degree of control.
Oracles are required by most DeFi protocols in order to function correctly, but they also pose challenges and risks. For instance, on-chain oracles are vulnerable to front-running, and millions of dollars have been lost due to arbitrageurs.
Compliance and legal risk
The inherent risk of DeFi is compounded by a general absence of clear regulatory frameworks. Not only does the decentralized nature of DeFi make it difficult to regulate any single entity, it also makes it difficult to identify responsible parties or enforce regulatory actions.
The absence of mandatory or standard disclosure requirements in DeFi applications further exacerbates these existing risks. Increased regulatory clarity, tailored to address the structure of DeFi, may eventually address some of these risks.
Important legal considerations include the degree of decentralization of a protocol and the ability to identify responsible parties. Those parties may have a controlling interest in the votable shares of DeFi protocol governance tokens.
Technology risk / Chain risk
The technological complexity and the relatively immature understanding of DeFi increase its vulnerabilities. This also presents practical processing challenges due to the complex nature of these transactions and the blockchain’s physical capacity limit.
Additionally, reliance on smart contracts exposes DeFi applications to software malfunctions and programming flaws, which have the ability to create compounding risks on a stacked network supporting a significant amount of assets across many users.
WEB2 cybersecurity risk
DeFi projects have various WEB2 elements, including java script injection, DNS spoofing and others. This risk will primarily impact less technologically sophisticated users as sophisticated users are more likely to integrate directly with the smart contract, bypassing front-end interfaces (e.g., protocol GUI on a website).
Those front ends should be subjected to in-depth cybersecurity assessments. DeFi websites, mobile apps, web extensions should also be subjected to penetration tests and code reviews and have best practices vulnerability disclosure programs, such as third party bug bounty programs.
Risks may arise from token supply distribution, lock-ups, decentralization of holders, and incentive structures. Tokenomic design generally has a long-term impact on token value.
There remains little guidance on the taxation of digital assets and even less guidance on the implications of transactions using DeFi protocols. This requires users to analyze each leg of the transaction to determine which may be a recognition (taxable) event for tax purposes and to potentially self-report off-chain transactions.
Additionally, with its varied architecture and lack of any legal agreements, DeFi users are relegated to having to analyze the rules set forth in the code and/or the outcomes of criminal litigation in determining tax treatment. There also remains uncertainty around the character and sourcing of the yield, as well as the timing at which the yield is recognized into revenue.
The timing/classification of revenue recognition for tax purposes may also dictate the amount of revenue to recognize given the volatile nature of the valuations of digital assets. Added complexity is introduced when the enterprise operates in multiple jurisdictions and even more so when the mixture of those jurisdictions spans those where relevant crypto-currencies are deemed legal-tender.
Generally, DeFi lenders lack the ability to perform traditional underwriting of borrowers. In particular, the pseudo-anonymity afforded by public blockchains makes it challenging to assess counterparty credit risk, conduct due diligence, determine creditworthiness, and calibrate risk-appropriate interest rates of borrowers as well as pursue recourse beyond the collateral provided.
Programmatic credit creation and volatility of underlying digital assets also leads to a higher risk of under-collateralization while simultaneously inhibiting margin call processes to account for any drop in collateral.
While these risks can be mitigated through over-collateralization requirements, this approach fails to adequately account for the root cause of the issue (e.g., lack of credit underwriting regarding, or recourse against, the borrower) and is often difficult to effectively scale across a portfolio.
Outside of stablecoins that manage to maintain their pegs, digital assets’ values are generally volatile. DeFi’s inherent structure increases the possibility of various market abuses, whether by creators of DeFi protocols, operators of exchanges, or other manipulators.
The speculative nature of most digital assets impact DeFi protocols, which by design respond to changes in digital asset values. For instance, sudden drops in digital asset values may have an asymmetrical impact on DeFi applications (e.g., rapid selling of DeFi tokens could cause a decline in the value of those tokens).
Additionally, the pseudonymity of trade and smart contract owners makes it difficult to identify sources of market manipulation or incorrect pricing. DeFi may also be susceptible to excessive leverage facilitated by the use of cryptocurrencies or stablecoins as collateral on DeFi trading platforms (which may be unregulated, or may be operating out of compliance with potentially applicable regulatory regimes).
While overcollateralization may help mitigate market risk to an extent for some DeFi applications such as lending, the system as a whole is not currently structured to cope with sudden price shocks.
With no centralized exchange or counterparty in place, DeFi services often rely on incentivizing market-makers to liquidate undercollateralized loans. While these mechanisms are often baked into the structure of the DeFi program, reliance on predetermined governance logic and programmatic design limits the ability of DeFi applications to respond to unanticipated market conditions or user behavior.
This may leave liquidity providers and lenders with unanticipated default risk stemming from an inability to meet their own liquidity obligations. The decentralized nature of these applications also increases the risk of an asset-liability mismatch, which would typically be managed in TradFi through intermediaries.
This is further compounded by the lack of controls in place around utilizing the same collateral across multiple transactions, increasing leverage, and compounding the potential for a liquidity crisis during adverse events.
Mismanagement of private keys by all users is a risk, and that risk is confounded when private keys are held by a custodian or other third party rather than an individual user. Third-party attestations like SOC2, ISO 27001, and CCSS are examples of third-party procedures that may mitigate custodial risks.
In the particular majority of key holders that have access to funds, currently aren’t required to provide a Proof of Reserve. The CCSS, which is a standard for securing cryptocurrencies, includes not only tiered requirements for secure key management but also proof of funds being held by a third party.
However, there is currently no industry oversight ensuring companies and systems are complying with SOC2, ISO 27001, and CCSS. As it stands, many custodians are not utilizing third-party audits of their systems and users and operating on blind trust.
Bridges allow the transfer of tokens between different blockchains. Bridge risk involves incidents that affect the software or pools of bridged assets. The bridge includes the loss of value of tokens if too many are lost via a bridge security incident.