Aiming to build a framework based on the principles of freedom and global accessibility, the DeFi sector bases itself on a decentralized system that is trustless and autonomous. The source codes for all the underlying smart contracts are not only available but also verifiable by users.
However, a major drawback of this setup is the lack of a centralized risk management framework, which often puts the bulk of assessing risks of various protocols on the users themselves.
DeFi operations are already quite complex, and all the sophisticated underlying technology makes it tricky for even advanced users to figure things out. This makes the process of assessing risks cumbersome because unless users know what they are dealing with, how can they protect themselves?
However, in recent times, protocols started emerging that have taken a more in-depth look at mapping out the DeFi risk landscape in a comprehensive manner. Let’s talk about why this is a highly necessary development for the industry.
The DeFi sector presents many risks that are rooted both in technological and economic natures. With smart contracts being prone to vulnerabilities and potential hacks, users face significant technological risks. Additionally, the volatile nature of cryptocurrencies and the lack of regulatory oversight in DeFi expose participants to economic risks such as market fluctuations and scams. To safeguard users from these threats, a robust risk management system is imperative.
Smart contract risks are the ones you tend to hear about most often, as they have been quite prevalent in this space over the years. Because of that, there are plenty of parties in DeFi that focus on protection against this vector of attack. Conducting code audits with independent cybersecurity firms, regularly testing and maintaining your dApps, and offering bug bounties on the off chance that you missed something is usually sufficient for protocol developers to mitigate a good portion of technology-related risks.
But market and economic risks are not being brought up nearly as often, even though they should be. These risks are associated with the size of a particular asset pool in the protocol, as well as how supply and demand for said asset fluctuate. Interactions between users on DeFi markets and trading can trigger extreme scenarios like spikes in prices or dangerous liquidity distribution. Every protocol should account for such scenarios to safeguard the interests of their users.
Market manipulation is widespread in traditional finance, and no matter how much DeFi has tried to free itself from the evils of its traditional counterpart, it has not been able to. In DeFi, market manipulation takes the form of pump-and-dump attacks and forced liquidation attacks.
Pump and dump attacks refer to inflating or deflating the price of the underlying asset being used as collateral by market manipulations. Eventually, the price returns to its normal state, leaving the protocol and its liquidity providers with a bunch of unmanageable debt. Coordinated groups or individuals hype up the asset's value or spread negative sentiment or false information about the asset to manipulate its price by triggering panic buying and selling from the users.
Forced liquidations occur when the value of a loan asset is increased or that of the collateral is decreased, which causes large liquidations and damage to the borrowers. Attackers might intentionally manipulate the market or exploit vulnerabilities in the DeFi protocol to cause the value of the collateral to drop.
These attacks are extremely harmful to DeFi users and undermine their trust in the system. And yet, many large protocols still don’t pay enough attention to this avenue of attack. They think that if they have a lot of liquidity, then even if an exploit occurs, it would be easier for the criminal to return the stolen funds in exchange for some kind of monetary reward than to successfully withdraw them from crypto into fiat. This kind of “too big to fail” mentality is unfortunately all too prevalent in the DeFi market.
Becoming aware of these risks and manipulative tactics is the first step toward building more advanced risk management methodologies. It is only recently that platforms like AAVE and Curve started taking a more focused approach to mapping out market and economic risks and introducing parameters to protect against them
These parameters include things like Max Loan-to-Value, Liquidation Thresholds, Interest Rate Curves, Supply and Borrow Caps, Isolated pools, Withdrawal Rate Limits, and more. While building risk thresholds and capping the amount of lending and borrowing might be perceived as restrictive, they are important in an otherwise unregulated sector.
Such measures not only stand to mitigate exposure to risky assets but also help minimize losses in the event of an attack. They can also help in creating well-structured and clearly defined frameworks, making it easier for both new and experienced users to navigate DeFi protocols.
One more method to consider here is real-time transaction monitoring, which allows observing the behavior of transactions that take go in and out of the protocol. The presence of such monitoring means that suspicious transactions that may be manipulative in nature would be caught preemptively, saving protocols and users a lot of time and money.
The best (and probably the trickiest) part of the DeFi space is that it is extremely dynamic, and users need to keep themselves updated at all times. DeFi communities often consist of diverse participants with varying levels of expertise, and engaging with them can allow users to share collective knowledge and gather insights about risks and best safety practices from others’ experiences.
Protocols must constantly adapt diverse risk management parameters for optimal security. Staying active within the communities and asking questions whenever you have doubts is the best way to learn more and build a comprehensive risk management system within the DeFi space.