As the decentralized finance (DeFi) market grows, the subject of risk is taking center stage. DeFi holds the promise of automated, transparent and decentralized financial platforms that challenge some of the key foundations of financial markets, but the different risk dimensions in DeFi products remain, for the most part, understudied.
What makes risk management in DeFi so challenging is that it doesn’t quite conform with the traditional risk management theory in financial instruments. For decades, capital markets have evolved around risk management models focused on market factors such as volatility. That is mostly because other factors can be mitigated by the risk and reputation of intermediaries. By replacing those intermediaries with automated financial technology – smart contracts – DeFi achieves unprecedented levels of financial automation, but also introduces new risk vectors that we haven’t seen before.
Risk Management in Capital Markets vs. DeFi
Nobel laureate Paul Samuelson once claimed that “Wall Street stands on the shoulders of Harry Markowitz.” While the comment may be an exaggeration, it emphasizes the importance of Markowitz’s contributions to modern portfolio theory and risk management in capital markets. Intellectuals like Markowitz or his student William Sharpe provided the mathematical foundation for a quantifiable approach to portfolio construction based on risk-adjusted returns. Common market terms such as value-at-risk or beta are the foundation of risk analysis in modern portfolios. While the notion of risk is intrinsically complex, most factors are related to the variations in volatility and prices of a given asset or related assets.
Part of the reason why the risk management theories of Sharpe, Markowitz and others worked in capital markets is because they are built on the notion of trusted intermediaries and a stable infrastructure. Regulators, central banks and other entities play a role in de-risking macro factors from assets in ways that don’t affect portfolio composition. The infrastructure for buying and selling those assets is assumed to be so stable that investors don’t even think about it.
Traditional risk management theory doesn’t apply to DeFi because by relying on programmable smart contracts and a new infrastructure instead of trusting intermediaries, DeFi introduces new risk elements that don’t have an equivalent in traditional capital markets.
5 Risk Vectors that DeFi Investors Should Know About
If traditional risk management theory doesn’t quite apply to the world of DeFi, then other methodologies are needed. The first step toward efficient risk management models in DeFi is to qualify the different risk dimensions of its investment and trading. Most investors in DeFi are aware of the so-called smart contract risk, but the reality is that there is no such a generic concept. There are different forms of smart contract risk and other peripheral risk factors that affect DeFi protocols.
While there are many vectors of risk in DeFi, most of them fall into some of the following five groups:
1. Intrinsic Protocol Risk
DeFi platforms automate specific financial primitives in the form of smart contracts. The dynamics of those protocols are one of the most important dimensions of risks in DeFi applications. Intrinsic protocol risk refers to risk mechanics embedded by default in the design of a protocol. They still present important risks to investment strategies even if the protocols are working as expected.
Intrinsic protocol risk in DeFi comes in all shapes. In DeFi lending protocols such as Compound or Aave, liquidations is a mechanism that maintains lending markets collateralization at appropriate levels. Liquidations allow participants to take part of the principal in uncollateralized positions. Slippage is another condition present in automated market making (AMM) protocols such as Curve. High slippage conditions in Curve pools can force investors to pay extremely high fees to remove liquidity supplied to a protocol.
Intrinsic risk in DeFi protocols is one of the main examples of risk transference from centralized, human counterparties to programmable mechanics in a protocol.
2. Exogenous Protocol Risk
While intrinsic protocols are based on native dynamics, DeFi trades are often exposed to exogenous factors that alter the protocol’s expected behavior. Attacks exploiting the underlying mechanics of a DeFi protocol such as oracle manipulations, flash loan exploits or attacks that take advantage of bugs in the smart contract logic are prominent examples of this category. Recent exploits in protocols such as Cream Finance or Badger DAO highlight that exogenous protocol risk would be an omnipresent factor in the evolution of DeFi.
3. Governance Risks
A unique aspect of DeFi, decentralized governance proposals control the behavior of a DeFi protocol and, quite often, are the cause of changes in its liquidity composition in affecting investors. For instance, governance proposals that alter weights in AMM pools or collateralization ratios in lending protocols typically help liquidity flow in or out of the protocol. A more concerning aspect of DeFi governance from the risk perspective is the increasing centralization of the governance structure of many DeFi protocols.
Even though DeFi governance models are architecturally decentralized, many of them are controlled by a small number of parties that can influence the outcome of any proposal. This aspect is not as concerning as it seems as many of the large parties able to influence the outcome of DeFi governance votes are in that position only because of their active participation and alignment in the DeFi ecosystem – a clear sign of interest alignment.
From a risk management perspective, however, DeFi protocols are functionally exposed to governance attacks. In general, DeFi could benefit from more robust governance models. Firms like Andreesen Horowitz have outlined some novel DeFi governance models that are worth exploring.
4. Underlying Blockchain Risk
DeFi protocols take a level of infrastructure dependency on their underlying blockchain. Compromising aspects such as the consensus mechanisms on a specific blockchains can materialize into vulnerabilities on DeFi protocols running on that platform. A typical example of this are the so-called validator cartels in proof-of-stake (PoS) networks in which a number of validators collude to influence the rewards distribution in the network and can effectively stop the functioning of DeFi protocols.
5. Market Risk
We tend to obsess about the protocol and infrastructure aspects and often ignore the native market risk exposure of investments in the space. For instance, investments in non-stablecoin AMM pools are vulnerable to loss if the price of the assets diverges drastically from the time when the liquidity was supplied to the pool. Another example is abrupt crashes in the price of an asset that could trigger the massive removal of liquidity from a pool, causing major levels of slippage.
The programmable nature of DeFi protocols means that they can natively react to traditional market risk elements such as volatility and price in ways that can cause cascading effects impacting investors’ positions.
DeFi-First Risk Management
Traditional risk portfolio theory is designed for markets of trusted intermediaries and infrastructure. By replacing these intermediaries with programmable smart contracts, DeFi introduces new forms of risks that we haven’t seen before in capital markets. In order to streamline institutional adoption, it is likely that DeFi will require a native risk management models that encompass the native protocol, infrastructure and market risks of the sector.
Native DeFi risk management models could be implemented both at the protocol level as well as part of tier 2 financial services dapps (decentralized applications). For instance, we can think of next generation DeFi protocols that automatically create incentive models when liquidity pools become unbalanced or native DeFi insurance models that protect against slippage or impermanent loss.
Just as risk management models built the foundation of modern financial markets, they are likely to become an essential component of the next wave of DeFi protocols. But like many other things, DeFi requires us to reimagine risk management theory for a new world of decentralization and automation.