From "Lego Toys" to "Open Finance", DeFi lacks a systematic risk control solution

200323_DeFi system risk control solution_Babit

DeFi is the abbreviation of Decentralized Finance, which is "decentralization + finance". It is a financial system that is decided by multiple parties and does not rely on centralized power. Decentralization is not a purpose, but a means. The true vision is an open financial market that is ultimately formed by the combination and evolution of various financial Lego based on code trust.

But as far as DeFi is concerned, it is at best a "Lego toy" that is neither open nor secure. DeFi currently has at least three shortcomings: risk control, liquidity, and governance.

1. Risk control : Due to the developers' own operations, the DeFi ecosystem currently lacks an overall risk control design. The recent attacks have shown that the attackers are very familiar with the products of the Ethereum DeFi ecosystem and their combined effects. For example, using the unlimitedness of synthetix in sUSD, and clear insight that bZx relies heavily on uniswap feed prices, so as to manipulate profits through uniswap price manipulation.

2. Liquidity : Since the chain is separate from the chain, even the same DeFi application has to be redeployed on the respective chain. The fragmentation of users and assets leads to a lack of liquidity. 90% of DeFi projects are clustered on Ethereum, and the system is vulnerable to single asset fluctuations, making it very vulnerable. Under the extreme conditions of the 3.12 tragedy, DEX went through a large area, and the Ethereum network was congested and the fees were high. As a result, the market failed, users could not buy DAI at all, and there was a substantial premium.

3. Governance : After an unexpected crisis, rules are often revised. Such as MakerDao's recent liquidation problems and whether funds can be frozen in Compound after the theft of bZx. Because "Code is law", it involves how to modify, and how to decide the rules for modification. Decentralized communities cannot escape the topic of governance. Not only a single DeFi project, but also the public chain that carries DeFi. Their governance model will affect the security of the entire ecology.

Below we analyze these three things in turn, and explain the solution of MOV.

Both risk prediction and risk control, at least 10 years of risk

Risk control is mainly reflected in the risk management of contract audit, financial arbitrage loophole discovery, market risk prediction, and overall system risk control. When there are n important applications in a DeFi ecosystem, the risk complexity consideration should be the nth power of 2. The recent attack events in the DeFi ecosystem have fully demonstrated the importance of overall system risk control. If DeFi is to benchmark the modern financial system, it must be as stable as it can be, and it can withstand at least ten years of risk.

As the earliest pathfinder, Ethereum has erupted many types of DeFi applications in an instant, but it lacks organizational strength in organizing risk control. It can only be passively repaired after constant attacks. This has accumulated experience for the rising stars, in order to perform financial arbitrage between various portfolios, and carry out tedious and arduous investigation projects in advance. For example, the oracles often used in DeFi attacks, and some applications rely too much on the price of external oracles. MOV exchanges ecological parameters and data based on self-consistent and self-driven value exchange on the chain to form its own decentralized financial oracle. Data input, transformation and output operate completely on the chain, and the rules are transparent, providing ecological expansion and DeFi application prosperity. Safe and reliable objective data services.

MOV is a comprehensive financial system that integrates decentralized trading protocols, lending, stable financial systems, and financial derivatives markets. We call it the SOLD financial system (StableCoin, Oracle, Lending, DeFi). MOV is as open and free as the Ethereum DeFi ecosystem, and in most cases it allows free transfer between protocols, including unofficial DeFi products and projects. However, MOV is also a DeFi system that pays special attention to ecological risk control. Unlike Ethereum, it makes risk judgments and early warnings on inferior DeFi projects. For malicious DeFi products or high-risk projects, MOV will appropriately limit its seamless invocation of basic DeFi facilities (such as the MOV stablecoin system) from the perspective of overall ecological risk control, so as to avoid a series of chains due to its own risk issues The disaster affected the products of MOV's financial infrastructure and other project parties.

Risk prediction and risk control are two-sided. Risk prediction is a pre-judgment of potential crises in order to prepare in advance. Risk control is whether the system can still survive the crisis.

Risk prediction is to use the very mature and practical theories and methods of modern finance to predict market risks. The most intuitive thing is that in this extreme market, most DeFis have crossed the mortgage rate and started a large-scale liquidation. The setting of the mortgage rate is a real-time control of market risks by DeFi. MOV has paid great attention to this and Technology construction.

Risk control. If there is a liquidation crisis or liquidity crisis, is there any way to do the last line of defense? To this end, MOV has designed a distinctive three-tier clearing system: Level 1 is market arbitrage clearing, Level 2 is the overall system clearing, and Level 3 is risk bond clearing. MOV's internal stability mechanism is built on the basis of risk clearing and risk bonds. It not only encourages the market to participate in the spontaneous response to liquidation arbitrage, but also reduces the loss to users and resists the black swan incident. MOV retains the system and official levels. Risk intervention behavior and reserve mechanism. Therefore, the positioning of MOV is to stabilize the financial system, not just stablecoins.

Cross-chain is the fundamental solution to liquidity, the essence is asset mapping

DeFi's liquidity is reflected in all aspects of decentralized trading protocols, borrowing, margin trading, stablecoins, and so on. Once liquidity problems occur, it will trigger a run-in crisis, aggravate market panic selling, and trigger a chain disaster. The most liquid place is the centralized exchange. However, it relies on centralized organizations to guarantee with credit and assets. The control of assets is not in the hands of users. Fake traffic, price manipulation, and even additional tokens are all public secrets.

The decentralized liquidity solution is cross-chain, and the essence of cross-chain is asset mapping. If DeFi is built on a cross-chain ecosystem, everything will be different. Each application only needs to be deployed once to provide services to all users on the chain, and users can freely use all assets through assets across the chain. A complete cross-chain mechanism will form a good network effect and interoperability, making diversified asset fusion and collaboration more de-boundary and seamless, and it is a key entrance to a complex heterogeneous ecosystem.

Polkadot and Cosmos are the most famous cross-chain projects, both of which belong to the large relay architecture based on PoS governance. However, in solving the issue of liquidity, the side chain relay protocol based on smart contracts is not suitable for accessing probabilistic final public chains (such as Bitcoin), which will lead to long confirmation time for cross-chain transactions and affect user experience. The model will also face higher costs of data availability maintenance and multi-asset expansion.

The gateway mechanism is an efficient and practical mechanism that has been tested in actual scenarios. The gateway plays an important role in establishing cross-chain trust endorsements, unifying cross-chain communication protocols, and coordinating the confirmation of main and side chain transactions. In practical scenarios, cross-chain gateways will face the disadvantages of centralized operations, resulting in the inability to fully trust cross-chain collaboration and low interoperability, which will affect the expansion of traffic, applications, and developer ecosystems. The cost-standardized decentralized cross-chain gateway mechanism seems far-reaching.

The cross-chain gateway federation in the MOV protocol is a co-governance and co-management alliance network system formed by key ecological participants driven by a reasonable economic model and business concerns. It effectively solves the problems of traditional trust-free escrow cooperation and standardized access to mainstream assets of cross-chain gateways, and provides an efficient interoperability mechanism and traffic entry for the cross-chain collaboration ecosystem of diverse assets.

MOV proposes that a complete open-chain cross-chain protocol needs to meet the following four design elements: (1) decentralized governance of the gateway, that is, de-trust of cross-chain and asset custody; (2) true cross-chain events Proof of validity, verify the existence and confirmation of cross-chain transactions by maintaining the light node synchronous block header mechanism; (3) Unify the data format of cross-chain protocols to ensure the atomicity and security of the entire cross-link routing; (4) The effectiveness of cross-chain messages proves that extreme crimes can be prevented through monitoring mechanisms such as inspectors.

Use Complex Governance Prudently to Prevent Economic Rights from Gaining Political Rights

An important governance issue involved in cross-chain interactions, how to prevent sidechain verifiers from doing collective evil? The Cosmos sidechain is an autonomous system. The election of sidechain validators is determined by the sidechain; the management of Polkadot sidechain validators is determined by the Polkadot main chain. But whether it is an autonomous validator election or a unified validator election, if the actual value of the assets in the cross-chain interaction is greater than the value of the validator's mortgage, the validator will have enough motivation to do evil.

Both Polkadot and Cosmos rely on their own economic models and native tokens to solve the evil and incentive issues in cross-chain collaboration. The introduction of the newly issued governance token is to use the economy to gain political rights, and it will eventually die with politics. In particular, this method of lightning loans can easily obtain a large number of governance rights, which is not only financial arbitrage, but also a large systemic risk. In addition, the heavy mode solution will face complex governance structures, and the decision boundaries between honest and malicious nodes are often not completely clear. The fluctuation of governance will affect the efficiency of cross-chain collaboration, which is not conducive to the establishment of other mainstream public chains in the early stages. Start their own cross-chain ecology.

The biggest method of MOV ecological governance is to use governance carefully. It is hoped that a very "governance" ecology can still be made without issuing new governance tokens, which is a great challenge. OFMF is a new type of joint asset custody model or collaborative service based on the needs of cross-chain asset collaboration, and works with federal node members to create a secure distributed cross-chain asset custody system.

The security of the federal node depends on the economic checks and balances of the MOV ecological incentives. It has set six roles to maintain a dynamic balance of cost and benefit ratios at different development stages. The economic behaviors of the six roles are closely coordinated to form a complete ecological cooperative body, so that power can be separated and dispersed and easily expanded, and each collaboration can be completed safely and efficiently. Federal nodes manage different private keys and private key shares, run their respective nodes, and collaboratively sign transactions in a threshold signature synchronous network and a multi-signature asynchronous network. By combining threshold powers and multi-signature powers, you can further prevent power risks and collaborate in automation The last link of manual review is retained on the basis of.

It can be seen that if DeFi wants to move from "Lego Toys" to "open finance", it needs wider market liquidity, and the extensive liquidity and rich product portfolio will bring great challenges to system risk control. This requires both prescient risk management measures and two-handed preparations for risk forecasting and risk prevention and control, as well as proper management of unexpected crises through governance structures. Complex governance itself may bring potential challenges to risk control, and may also hinder liquidity to a certain extent. In the end, this is an art of trade-offs, finding the best critical point between security and stability and freedom and smoothness; this is also an overall consideration. The success of DeFi depends not only on the innovation of the project developer itself, but also on the underlying architecture The room for expansion.