This insight was originally published as a guest article in TabbFORUM. Click here to view.
Terra, Celsius and BlockFi have given the world of finance a wake-up call due to their recent financial difficulties. Their issues have brought risk management to the forefront for traditional financial institutions looking to enter cryptocurrencies and Decentralized Finance (DeFi). In this article, Yuvraj Sidhu, Principal Consultant at Lab49, spells out what TradFi players need to be aware of and explains the importance of understanding the new types of risks from DeFi protocols, as well as their potential impact on the financial system.
Just a few weeks ago, Terra, Celsius and BlockFi were prominent crypto players at the top of their game. But more recently, they have been in the news for all the wrong reasons. Terra’s stablecoin lost its peg in a matter of days, wiping out tens of billions of dollars in market value. Celsius Network fell from a $25 billion valuation and is now focused on bankruptcy and restructuring. And BlockFi is being bailed out by FTX following its hit by recent liquidations. What went wrong?
These organizations could have been better prepared and anticipated the events that have brought them to their current state. Traditional financial institutions cannot afford to make the same mistakes, which is why it’s important to understand the new types of risks that might impact the financial system by Decentralized Finance (DeFi) protocols.
In the first part of this series, we delved into some foundational properties of DeFi that encourage a new wave of innovative financial applications. To recap, these include publicly viewable transactions, composable business logic, and immutable historical data. Such characteristics gave rise to promising new platforms such as Terra Labs, for instance.
Celsius and BlockFi are interesting case studies in that they occupy the same Centralized Finance (CeFi) space that banks and other traditional finance firms may initially explore. Despite not being DeFi plays, they were severely impacted by the implosion of the Terra ecosystem. So, what are some of the risks financial institutions should be aware of, and protect themselves against, as they navigate the world of DeFi?
Traditional financial institutions cannot afford to make the same mistakes, which is why it’s important to understand the new types of risks that might impact the financial system by Decentralized Finance (DeFi) protocols.
Financial engineering
Prior to the recent downturn, the Terra protocol had grown to be the second largest ecosystem in DeFi in terms of Total Value Locked (TVL – or the total value of cryptocurrency deposited in the protocol). The two main engines of this growth were: one, an algorithmic stablecoin, UST, and two, a lending protocol, Anchor, which paid close to 20% interest on deposits. The abnormally high interest rate and deposits were denominated in UST. These conditions had the intended effect of generating extraordinary demand for UST and turbocharging Terra adoption.
This is not the first time investors have been tempted into an investment by the promise of outsized returns. However, in the case of Terra, the financially-engineered foundations should have been obvious red flags: a stablecoin backed by an algorithm underpinned by a volatile asset, and an unsustainable yield on deposits. Nevertheless, many institutional investors were taken in, and when Terra imploded, the contagion spread to the broader cryptocurrency market as a result – including services such as Celsius and BlockFi. There are several excellent post-mortems on how the Terra debacle cascaded into the larger market – the lesson clearly comes down to managing counterparty risk.
While it’s likely that in Terra’s case the intent was not malicious, the same cannot be said of financially engineered exploits, which are endemic in DeFi. Even if a DeFi protocol is technically well-designed, financial engineering methods may be effective when liquidity pools are relatively shallow, which is often the case in DeFi. In these situations, well-funded attackers can manipulate the exchange rate within a pool such that it varies from the market to the point that a large arbitrage opportunity is created. The availability of flash loans on DeFi networks only exacerbates this risk, as any enterprising hacker can access deep liquidity to fund these types of attacks.
For example, the Yearn Finance incident in early 2021 is an interesting case study of a hacker creating an arbitrage opportunity by borrowing heavily to manipulate the exchange rate in a specific liquidity pool, netting $2.8M for the hacker and costing Yearn $11M.
Counterparty risk
Counterparty risk is nothing new. However, with the relatively shallow liquidity, high leverage and extreme volatility of crypto markets, it assumes added importance. When markets begin compressing – as they have been lately – deleveraging causes forced sales and further drops in asset prices. Institutions need to be diligent about understanding the risks taken on by their counterparties and protect themselves from being exposed.
Traditional finance firms are adept at analyzing and mitigating counterparty risk, despite the relative lack of transparency. As discussed in the first part of this series, transparency is a foundational aspect of DeFi. Firms will need to build capabilities to analyze DeFi transactions related to their counterparties to determine whether there is any exposure that needs to be addressed.
Celsius, for example, interacts with DeFi protocols such as Curve Finance, and consequently all of their associated transactions are publicly visible. By monitoring large liquidation events connected to Celsius wallets, counterparties could have inferred early on that there was a potential liquidity issue, and taken corrective action against exposure. There are forensic methods available to correlate wallet addresses with organizations that bank risk management functions should become familiar with.
It’s a dynamic environment with a high degree of geographic specificity. The obvious risk is that significant effort and capital is expended building systems that are fundamentally incompatible with future regulation in specific locales.
Attack surface exposure
Transparency, however, is a double-edged sword. On the one hand it engenders trust for customers and counterparties alike. However, due to visibility into code and data, any previously held notions of “security via obscurity” are no longer applicable. If there is a vulnerability in a DeFi application, assume that it will be found and exploited. The fact that most smart contract programming languages are Turing complete—able to solve any computational problem—enables arbitrarily complex code bases. Complex code potentially exposes a larger attack surface and is more difficult to test and audit for potential vulnerabilities.
Within DeFi networks, validator nodes perform a crucial job in processing transactions and mining blocks. However, while carrying out this function they introspect pending transactions in the mempool, and potentially front-run transactions and manipulate processing order if there is maximum extractable value (MEV – value that can be extracted by miners in excess of standard fees and rewards) to be had as a result. Although front-running is nothing new in traditional finance, the interesting thing in DeFi is that these activities are completely observable and quantifiable. With this data out in the open the added risk is that targeted applications may see adoption challenges unless countermeasures are established to protect users.
Incentive design, immutability and governance
The design of incentives (Mechanism Design) is an evolving discipline at the intersection of algorithms and game theory, using systems of economic incentives to reward user behaviors that ultimately sustain the system. If incentives are improperly designed or implemented, a host of unknown unknowns may be unleashed – it’s anyone’s guess as to how the application will actually be utilized, and the original intent of the application is at serious risk.
One prevalent method to enable application changes after the initial release involves the issuance of governance tokens that give holders voting rights. This decentralized governance model enables the system to evolve in a controlled manner, which may be useful if there are issues with the original design.
But decentralized governance introduces the risk that the system moves in a direction that’s misaligned with the goals of actual users. There is no guarantee that governance users and their choices are representative of actual users. While this outcome is possible with traditional governance models, in DeFi, any sort of fiduciary requirement is non-existent. There is also a far greater risk that a malicious actor could gain control of governance tokens and intentionally introduce hostile changes.
There is plenty of work ahead for banks that intend to integrate with or develop their own DeFi applications. Risk management should be high on the agenda, especially as institutions work together to define the trajectory of the digital finance industry.
External dependencies
In the first article of this series, we introduced the notion of composability of smart contracts. If a DeFi application is dependent on the functionality of external smart contracts, it may inherit their vulnerabilities as well. Integration points with traditional systems to fetch market or economic data could introduce data quality risk.
For example, to access off-chain (real world) data, blockchains utilize various types of oracle platforms which may be centralized or decentralized. Centralized oracles negate the benefits of a DeFi application as there is a potential single point of failure that could impact system integrity. Decentralized oracles, while preferable, are still maturing and have seen their share of hacks. It’s essential to define a data strategy that considers the sourcing of off-chain data specific to the use case at hand.
Regulatory risk
Last but not the least, there are additional dynamics in play in the context of DeFi that bear close attention and analysis as banks weigh strategic options. For example, regulatory environments related to cryptocurrencies are rapidly evolving globally, dampening investment in DeFi applications until these regimes mature further.
It’s a dynamic environment with a high degree of geographic specificity. The obvious risk is that significant effort and capital is expended building systems that are fundamentally incompatible with future regulation in specific locales. For banks, an additional dynamic is the evolving approach to digital IDs in the context of Open Banking.
As we’ve seen, there is plenty of work ahead for banks that intend to integrate with or develop their own DeFi applications. For financial institutions, risk management should be high on the agenda, especially as institutions work together to define the trajectory of the digital finance industry. We’ve explored the potential risks in this article but watch this space for the third part of this series. The final part will explore the various strategies for safely integrating with DeFi ecosystems, and will share views on the evolving DeFi infrastructure, regulatory regimes and impactful case studies.