DeFi Evaluation Model: How much is the risk of unlicensed lending agreements?

This paper presents a model for assessing the risk levels of various DeFi lending agreements. To explain the various risks that exist in these platforms, the researchers used a multi-factor model to study smart contracts, collateral, and liquidity risk. The model uses a combination of public off-chain and on-chain data to assess the relative risk levels of multiple different Ethereum DeFi products.

Note: This model is a DeFi Score open source model from ConsenSy .


(Image courtesy of consensus)

table of Contents

1 Introduction

2. Overview of unlicensed lending agreements

2, 1 smart contract risk 2, 2 financial risk 2, 3 other considerations

3, the proportion of scores

4. Limitations and future improvements

First, the introduction

The 2008 financial crisis was the main driving force behind Nakamoto's creation of Bitcoin. In the founding block of Bitcoin, Nakamoto wrote the bank rescue plan at the time. Some people believe that the financial crisis is partly caused by the misunderstanding and mispricing of the credit risk of the entire financial system by the traditional financial community. Risk management is one of the most critical parts of modern financial infrastructure, and it has established a more robust and secure financial system for all.

In the past year, we have seen a trend of explosive growth in unlicensed financial agreements on the Ethereum blockchain, with many agreements catering to the lending market. These markets have grown into the largest sub-category of so-called "decentralized finance" or "DeFi" with an annual growth rate of 355%. However, not all lending platforms are equal. Different lending products have very different risks/returns, and direct comparison of their interest rates can be a very inappropriate option.

A better understanding and modeling of the risks in the DeFi industry will be an important step towards the maturity of DeFi. It is for this purpose that we have introduced a quantitative model to assess the level of risk of various unlicensed lending agreements.

2. Overview of unlicensed lending agreements

An unlicensed lending agreement is a system that allows users to borrow a variety of different digital assets through an Ethereum blockchain (or other public chain) "smart contract." These "smart contracts" are not legal contracts, but computer code that effectively survives and executes on the Ethereum blockchain. The user who lends the asset will receive the loan interest, while the borrower provides the collateral (usually higher than the loan) and pays the variable interest rate. Some examples of unlicensed lending agreements include Compound , dYdX, and Nuo.

2, 1 risk of smart contracts

In DeFi, smart contract risk is a major factor in the risk of counterparty. Although DeFi is often referred to as no trust, users of the defi platform must trust the smart contracts they are interacting with. Smart contracts can be opaque to users, meaning that users trust contract code in the same way that they trust any Web 2.0 infrastructure. There is also a risk that there will be potential vulnerabilities in smart contracts that may be hacked, which can have serious financial implications for users of the contract, such as losing all collateral locked in the contract. Our proposed model looks at two elements of smart contract risk.

1, code security

The security of smart contracts is very important when assessing the risk of funds deposited by users in smart contracts. As you know, errors in smart contracts can lead to significant financial losses.

For example, the “The DAO” contract attack on June 17, 2016 caused 3.6 million ETHs (about 1/3 of the entire DAO funds) to be transferred to their controlled addresses by hackers (Ethereum was forced to do so) Hard fork).

While there is no guarantee that any smart contract is safe and error-free, the code auditing and formal verification process provided by some reputable security companies can help identify serious vulnerabilities. The team's vulnerability award program is a positive sign that the development team values ​​security and encourages independent security researchers to identify protocol flaws and ultimately achieve a broader security review.

In this model, three out-of-chain but publicly available data are examined to assess code security:

  1. Whether the code is audited: The first question is whether the code has been reviewed by a reputable security team.
  2. Formal verification: The second data point is whether the code has been formalized by a reputable security team.
  3. Vulnerability Bounty Program: The third data point is whether the development team provides a public vulnerability bounty program.

2, code openness

Part of DeFi's promise is that the functionality of smart contracts is completely on-chain, which means the code is verifiable and transparent. However, developers of the DeFi platform can still hide their code in various ways, such as not verifying bytecode (bytecode) and using out-of-chain oracle processes, and this behavior can only provide weak security guarantees, worst case This will cause a delay in finding critical errors. Although bytecode decompilation is possible, it is a difficult and time consuming process and it is difficult to follow the "don't trust, verify" slogan.

Code openness is evaluated by looking at whether the byte code is verified.

2, 2, financial risk

DeFi contains many of the same risks as traditional finance. While most lending platforms use over-collateralization to reduce credit risk, this mechanism does not completely eliminate credit risk. As we all know, cryptocurrency assets are unstable, and these platforms have no way to recover from systemic bankruptcies caused by unstable mortgage assets.

The current model looks at two elements of financial risk:

1. Collateral

Without a widely accepted reputational or identity approach to the chain, the only way to avoid unnecessary credit risk on the DeFi money market platform is to use an overcollateralization mechanism . While all platforms currently use very conservative mortgage ratios, the high volatility of cryptocurrency assets means that these over-collateralization mechanisms may still be insufficient.

The composition of mortgage assets that support these DeFi platforms is also very different, some of which are made up of more liquid and stable assets. For example, the platform may mainly use Ethereum (ETH). Although ETH is a very unstable asset, ETH is relatively more stable and fluid than LINK. These collateral differences are an important factor when considering platform risks.

The collateral risk is assessed by looking at two data, both of which are derived from the chain data. The first data point is the 30-day exponential moving average (EMA) of the mortgage ratio, and the second data point is an analysis of the collateral combination.

In general, the EMA is calculated as follows:


among them:

  1. The coefficient α indicates the degree of weight reduction, which is a constant smoothing factor between 0 and 1, where a smoothing factor of 2/31 is selected;
  2. Yt is the value over time period t, here is 30, used to find the 30-day EMA;
  3. St is the EMA value at any time period t;

There are also many different models to assess the risk of a portfolio. One of the most common models is the VaR (VaR) model. There are many different variants of the VaR model. The model currently uses the CVaR (Conditional Risk Value Method) model, also known as the Expected Shortage Model, which uses CVaR because it better captures the probability of a more extreme situation called a black swan. This approach would be more appropriate due to the extreme volatility of cryptocurrency assets. This model uses the 99% CVaR model with the following formula:


2. Liquidity

Platforms in the current range attempt to motivate liquidity by using a dynamic interest rate model that generates different interest rates based on the level of liquidity in each asset pool. However, stimulating liquidity does not mean guaranteeing liquidity. Users take risks, such as when all assets are borrowed, they may not be able to recover the borrowed assets as needed.

Liquidity risk is assessed by a single data point that can be derived from the chain data (ie, the level of liquidity), which is the 30-day exponential moving average of liquidity. Use the absolute level of liquidity rather than the percentage of utilization (undeunder debt/total assets) because it has a side effect, ie it will make the larger pool of funds score higher.

2, 3 other considerations

1. Insurance demand

In most developed banking systems, money market accounts have some form of deposit insurance. In the United States, this type of deposit insurance is the Insurance of the Federal Deposit Insurance Corporation (FDIC), which provides up to $250,000 in insurance for a single bank deposit account.

In the DeFi ecosystem, there is no equivalent deposit insurance. Although there are some promising innovations in the field of DeFi insurance, none of them is mature enough.

Some platforms use part of their platform accrued interest for insurance reserves to prevent liquidity crunch or black swan events. However, these insurance pools are far from large enough to cover a large bankruptcy incident on one of the platforms.

2. Regulatory risk

DeFi is still very new as an industry, especially in the algorithmic currency market. The development of these platforms has not actually achieved decentralization, and they have not been approved by banks/financial regulators in the United States or other countries. This means that users also have a degree of regulatory risk when interacting with these platforms.

Third, the proportion of scores

1. Smart contract risk (50%): audit code (25%), verify byte source (15%) of all codes, formal verification (5%), vulnerability reward plan (5%); 2. financial risk ( 35%): collateral constitutes CVaR (10%), mortgage rate 30 days EMA (15%), liquidity 30 day EMA (10%); 3. Other considerations (15%): insurance/regulatory risk;

Fourth, limitations and future improvements

Note that this is not a valid statistical model. There is currently not enough data to properly validate this model, which is still a framework for evaluating the risks associated with different DeFi platforms.

This approach is at an early stage and it is even more difficult to make forward-looking statements without rich historical data.

This model does not consider many other risk factors associated with DeFi products, such as Oracle Risk, Centralization Risk, and Clearing Strategy, because they are difficult to quantify and are therefore not included in the initial framework.

It can also be meaningful to continue to subdivide these scoring subcomponents so that subcomponents can be combined into different types of blockchain financial products. Future coverage may include increased DeFi revenue products (such as Set), synthetic asset products (such as Maker and UMA), market-making products (such as uniswap), and various CeFI-compatible products for these products.

This approach will initially be open source on github, but the ultimate goal is to determine factor weights and factor inclusions by allowing decentralized governance, which can make the model more decentralized.

The ultimate goal of this research is to focus all of its work on a risk DAO that can be like an open source credit rating agency. While the risk management work required to achieve this is daunting, we are excited about the future.

Relevant information

1, ans, Alex. “A Ratings-Based Model for Credit Events in MakerDAO.” A Ratings-Based Model for Credit Events in MakerDAO. Placeholder VC, July 2019. t/5d37587d026881000198ef51/1563908221879/Maker-Ratings.pdf.

2. Nakamoto, Satoshi. "Bitcoin Genesis Block." Blockchain, January 3, 2009.

3. Callagy, Robert, Vanessa Robert, Marc Pinto, and Daniel Marty. “Money Market Funds.” Money Market Funds. New York, NY: Moody's Investor Service, 2019.

Model contributor

Main contributors:

Jack Clancy, Other contributors:

Jordan Lyall Todd Murtha Thomas Lipari