In DeFi We Trust, Should We?

The potential risks of decentralized finance

Photo by NeONBRAND on Unsplash

The first decentralized currency, Bitcoin, was deployed after the financial crisis in America in 2008 that led to pushing the world’s banking system towards the edge of collapse. Rising prices on global markets, leading to an increase in the rate of global inflation and the rise of social and financial unequal distribution of society worldwide [1]. The crisis betrays the trust of society in existing government-oriented financial systems. Are this coincidence, the development of stateless currency, and crises? I am doubtful.

As decentralization in economics is emerged and proposes a stateless, government-excluded, and non-discriminative value transmission technology to society, we, the blockchain lovers, were the early adopters of the ecosystem.

In the context of financial applications, to eliminate theoretical third parties that compose of the assumptions of trust, secure and centralized, decentralization is a recently emerged technology that empowers the distributed and autonomous decision making across parties or peers. It eliminates the a priori need for centralized authority and empowers decentralization such that all users collectively retain control that is implying that no single person or group has control over the mechanism.

Then, the motto of “In God We Trust” is bruised, and the “In Blockchain We Trust” paradigm has emerged.

Then,

  • The development of the token economy and the creation of different collateral and financing options
  • The establishment of the Decentralized Exchanges (DeX), Decentralized Applications (DApps), and much more
  • The development of making foreign trade transactions in a decentralized way, from where many steps from money transfer to document exchange is carried out by manual processes, to blockchain-based platforms, in a fast and transparent way
  • The potential of reaching more customers for financing and export, and their transaction volumes grow with Initial Coin Offering (ICO)
  • The advent of decentralized digital identity that empowers priority issues by both institutions and regulators
  • The advantage of credit and insurance processes become simpler and faster
  • Creation of alternative credit platforms in a decentralized manner
  • Creation of purchasing / seller-buyer platforms for mechanism design-oriented decentralized incentivization

comes to our lives with decentralized finance (DeFi).

Recently, I have come to the realization that “Am I overhyping the DeFi?” As a decentralization supporter, which I found is valuable, I was always talking about the beauties of DeFi, but what about the possible dangers of DeFi? In this article, I will introduce the possible risks of DeFi in an objective manner, as much as I can.

The Possible Dangers of DeFi

Since it is an unregulated space, it is significant to capture the potential risks of DeFi. Let’s cornered the DeFi.

1. High Volatility

High volatility indicates unexpected changes or price fluctuations in the cryptocurrency market, which can lead to a sharp decrease in value. Of course, the reverse can happen, i.e., the price of the asset can increase by momentum. But, it is important to realize that the potential losses due to the highly volatile nature of unregulated spaces.

2. Impermanent Loss

Impermanent loss happens when you become a liquidity provider (LP), and commit your assets to a liquidity pool. As the price of the cryptocurrency that is locked in the liquidity pool changes over time, it creates a risk of unrealized loss. We say unrealized loss since if the LP had simply held the asset without committing to the pool, it will be a more economical payoff. As the fluctuation of prices increases, the unrealized loss also increases.

Let’s go through an example of how impermanent loss may look like for an LP.

Alice deposits 1 ETH and 100 DAI in a liquidity pool. In this particular automated market maker (AMM), the deposited token pair needs to be of equivalent value. This means that the price of ETH is 100 DAI at the time of deposit. This also means that the dollar value of Alice’s deposit is 200 USD at the time of deposit.

In addition, there’s a total of 10 ETH and 1,000 DAI in the pool — funded by other LPs just like Alice. So, Alice has a 10% share of the pool, and the total liquidity is 10,000.

Let’s say that the price of ETH increases to 400 DAI. While this is happening, arbitrage traders will add DAI to the pool and remove ETH from it until the ratio reflects the current price. Remember, AMMs don’t have order books. What determines the price of the assets in the pool is the ratio between them in the pool. While liquidity remains constant in the pool (10,000), the ratio of the assets in it changes.

If ETH is now 400 DAI, the ratio between how much ETH and how much DAI is in the pool has changed. There is now 5 ETH and 2,000 DAI in the pool, thanks to the work of arbitrage traders.

So, Alice decides to withdraw her funds. As we know from earlier, she’s entitled to a 10% share of the pool. As a result, she can withdraw 0.5 ETH and 200 DAI, totaling 400 USD. She made some nice profits since her deposit of tokens worth 200 USD, right? But wait, what would have happened if she simply holds her 1 ETH and 100 DAI? The combined dollar value of these holdings would be 500 USD now.

We can see that Alice would have been better off by HODLing rather than depositing into the liquidity pool. This is what we call impermanent loss. In this case, Alice’s loss wasn’t that substantial as the initial deposit was a relatively small amount. Keep in mind, however, that impermanent loss can lead to big losses (including a significant portion of the initial deposit).

With that said, Alice’s example completely disregards the trading fees she would have earned for providing liquidity. In many cases, the fees earned would negate the losses and make providing liquidity profitable nevertheless. Even so, it’s crucial to understand impermanent loss before providing liquidity to a DeFi protocol. [2]

3. Flash Loan Attacks

Flash loans are simply uncollateralized loans. As DeFi offers uncollateralized lending with large capital, it is crucial to understand the potential danger in flash loans. A borrower can receive large capital in crypto in an uncollateralized way. That sounds amazing, right? But the point is, the borrower must pay the full amount in the same transaction that is hardcoded in the smart contract.

The lender is protected by smart contracts by receiving his/her asset in the case of any roll-back problem. As the process is fully decentralized, there is no limit to the amount a person can borrow. The potential dangers begin with the actor who borrows hundreds of thousands of money, uses them to manipulate the market, or exploits vulnerable smart contract protocols for personal utility.

Let’s give an example.

A recent flash loan attack against the yield-farming aggregator PancakeBunny made headlines when the attackers caused the price of PancakeBunny’s token, BUNNY, to drop 95%. They did this by borrowing large amounts of BNB through the PancakeSwap lending protocol, manipulating the price of BUNNY in off-market lending pools, and then dumping that BUNNY on the open market, causing its price to crash. [3]

4. Smart Contract Bugs & Vulnerabilities

As smart contracts are written by developers, software bugs can happen. The most common smart contract bugs are listed below. The reader should keep in mind that, these are just common bugs, there are more than that.

  • Reentrancy

A reentrancy bug occurs when an attacker can call a function in the smart contract multiple times before the first execution of the function is completed [4].

  • Unauthorized Access

Authorization of access is another aspect of any smart contract, any mistake in authorization can lead to potential attacks.

  • Logical Errors in the Code

The logical side of code represents the laws to be taken, and the mistake in logic can lead to loss of funds or an increase in vulnerability.

  • Storing Private Data

As solidity programming languages offer private and internal keywords to the developers, the mismatch usage of these keywords can increase the risk of the vulnerability of the system.

5. Rug Pulls

Rug pulls are the escape keys that enable access to the liquidity pool. The story begins with the agent who deposits assets into the liquidity pool to earn interest. When the liquidity pool accumulates enough capital, the creator of the pool can use back doors, i.e., keys that enable access to the pool, to steal the assets. Hence, rug pulls are exit scams. This type of attack is pre-determined, which means that the developer of the smart contract coded before the launch of the product. Here is the example.

A famed “billion-dollar rug pull” came in 2020, when SushiSwap developer Chef Nomi unexpectedly liquidated his SUSHI tokens after raising over a billion dollars in collateral. The price of the Uniswap competitor’s token fell to near zero in what is remembered as one of “the most dramatic moments in DeFi.” [3]

That’s the end of the article. Don’t forget that every rose has a thorn. Believe what you believe, but “In Knowledge We Trust”.

Stay Decentralized!

Here I am

Twitter | Linkedin | Medium | Mail

Originally published at here.

References

[1] United Nations. (n.d.). The social impact of the economic crisis | DISD. United Nations. Retrieved October 21, 2021, from https://www.un.org/development/desa/dspd/world-social-report/2011-2/the-social-impact-of-the-economic-crisis.html.

[2] Binance Academy. “Impermanent Loss Explained.” Binance Academy. Binance Academy, 23 Aug. 2021. Web. 27 Oct. 2021.

[3] Tan, Eli. “Defi Lending: 3 Major Risks to Know.” CoinDesk Latest Headlines RSS. CoinDesk, 13 July 2021. Web. 27 Oct. 2021.

[4] R, Manoj P. “Most Common Smart Contract Bugs of 2020.” Medium. Solidified, 30 Nov. 2020. Web. 27 Oct. 2021.


In DeFi We Trust, Should We? was originally published in DataDrivenInvestor on Medium, where people are continuing the conversation by highlighting and responding to this story.