Risk Identification

Financial Risk

This is a risk related to the decrease of investment value due to participants’ transactions in DeFi.

1. Market Risk

Explanation

This is a risk of having investment value declining during a specific period caused by market conditions. The market conditions can be changed by news or investors’ behavior.

DeFi is a complicated and innovative system for investors. Valuating the digital assets for a suitable price is extremely difficult compared to traditional investments. This challenge causes the investors to come up with different token valuations, making the price more fluctuated.

Risk assessment and Risk mitigation

Risk assessment for price fluctuation can be done in various ways. However, the primary method used for this risk assessment will be Value at Risk, widely used with traditional assets.

Value at Risk is a simple statistical measurement that uses variance and covariance to find the overall risk of the asset for investment, with a confidence value at 95%. Since this method is very easy to utilize and straightforward, it has been widely used since 1990.

However, currently, there are many modern developed tools. Therefore, Value at Risk may not be the best method and still has some disadvantages.

2. Counterparty Risk

Explanation

This is a risk of having the counterparty default on its obligation for different financial instruments, such as credit risk and settlement risk.

For traditional finance, financial institutions will generally mitigate default risk by checking the clients’ financial status and cash flow before lending. This process can exclude some clients who cannot pay back the loan, which reduces the risk of having bad debts. In contrast, for DeFi, the investors do not need to disclose their personal information, which makes credit checking very difficult.

Due to this limitation, DeFi uses an over-collateralized method to prevent bad debt in the system. However, some investors borrow a large amount of money (over-leverage), making them very sensitive to highly volatile collateral assets. In some cases, the investors might experience under-collateralization, which will lead to asset liquidation.

We can see that DeFi is very serious about asset liquidation. In traditional finance, if the borrowers' default, financial institutions still have some kind of measures to help the borrowers, such as debt restructuring, reducing the interest rate, etc.

Nevertheless, we can see that some types of risks in traditional finance have been eliminated in DeFi, such as settlement risk. In DeFi, the investors will be guaranteed to get assets at the requested price because the order placing and settlement processes have been combined in the blockchain network.

Risk assessment and Risk mitigation

As mentioned above, DeFi uses the over-collateralized method instead of credit rating. Each protocol has its own margin level, and this difference can mitigate the counterparty risk.

3. Liquidity Risk

Explanation

This is a risk of not having enough funds or assets to realize value or liquidity failure for borrowers or short sale traders. This risk will lead to an involuntary liquidated situation, and holding such assets will be distributed to creditors. Insufficient liquidity will result in market inefficiency and can impact the price movement inevitably.

The liquidation process differs from a traditional financial instrument which depends on the counterparty, such as banks or clearinghouses. However, for DeFi, there will be a market maker to handle all under-collateralized loans, resulting in the collateral assets being liquidated. This process may vary in each protocol, but most will use an auction similar to a real estate auction.

In a decentralized system, liquidity risk can be mitigated by designing a sound governance system and developing incentive systems. The method may give some incentives for liquidity retention, which can limit liquidity risk.

Risk assessment and Risk mitigation

Technical Risk

It is a risk of having supporting system malfunction, such as submitting orders, asset transfer and digital account connection, etc. This malfunction can have an impact on the investment.

1. Transaction Risk

Explanation

This is a risk of restricted or failed transactions on a blockchain-based layer caused by a system attack resulting in double-spending or fee adjustments.

Risk assessment and Risk mitigation

Transaction risk assessment is very challenging. This is because we have to create an automatic system to perform error checking at the based layer with many transactions. To make this assessment easier, instead of using this automated system, we can closely monitor news and understand the malfunctions in detail.

2. Smart Contract Risk

Explanation

This is a possibility that the system does not function as it should be due to bugs in the smart contract. This malfunction affects transactions in the system and increases the risk of funds being attacked by malicious people.

The smart contract risk is currently one of the most important factors because the programming instructions are very sophisticated. Therefore, utilizing the system without adequately verifying and good understanding may lead to vulnerability and loss of funds, and in most cases, the developers cannot recover the damage or compensate the investors.

Moreover, being transparent regarding programming instructions in the smart contract can be positive and negative. Being very transparent can disclose the system vulnerability for the attack, but at the same time, it allows the white hat hackers and bounty hunters to detect vulnerabilities and enhance the system security.

Risk assessment and Risk mitigation

Smart contract risk assessment can be done through the security audit or programming instructions audit. Moreover, the developers can also set up a bug bounty program to reward the white hat hackers or bounty hunters to detect vulnerability in the system.

3. Miner Risk

Explanation

This is a possibility to have market manipulation caused by miners. Since miners are the ones who verify transactions in the block, the miners can control transactions, such as front running to manipulate the asset price, etc.

This risk is very similar to the settlement risk in traditional financial services with a center at banks and financial institutions. This risk is still a discussion topic among users about its possibility to happen.

Risk assessment and Risk mitigation

Today, the miner risk is a challenging topic that needs to be proved and is still discussed among technicians. Therefore, we can only perform this risk assessment by closely monitoring the protocol functioning mechanism and news.

4. Oracle Risk

Explanation

Oracle Risk arises when DeFi uses data coming from outside sources. This is because there is a possibility that this data has some errors or is being manipulated by a malicious person.

Therefore, it is crucial to evaluate the reliability of reference data sources. Some systems may choose centralized data sources due to convenience and speed reasons. However, although this data source is very reliable, there is still a risk of having data manipulated. For example, in November 2020, DAI price was manipulated to rise 30% in Coinbase Exchange, which resulted in a Compound protocol to liquidate its users per the under-collateral requirement.

Risk assessment and Risk mitigation

Risk assessment can be achieved by evaluating vulnerability in data reference mechanism/function from Oracle and understanding economics exploit preventing measures through Oracle.

Operational Risk

This is a risk arising from the human factor in operations. Since a single point of failure is crucial for system stability, a higher degree of a decentralized system can help reduce risks.

Although DeFi relies entirely on the automatic system, human actions still play an essential role in the system, such as key management, protocol development, governance, etc.

1. Routine Maintenance & Upgrades

Explanation

This is a possibility of system upgrading failure due to composability characteristics and complicated node connections. The more system is decentralized, the more difficult it can be improved. However, this may also increase the risk of getting attacked.

However, people who disagree with the protocol might choose to fork the project to change some aspects. Sometimes, the forked project gets more popular than the original project and can also create more confusion for the users at the same time.

Risk assessment and Risk mitigation

Risk assessment for routine maintenance & upgrades can be done by learning the possibility of forking the project.

2. Key Management

Explanation

This is a possibility that the private key is getting lost due to carelessness or stealing, which results in the inability to access our funds. Unfortunately, this is a common risk for every protocol using blockchain. Due to the anonymity, users don’t have to register or pass any identity verification, but they will need to use a private key for identification.

Moreover, the protocol is a non-custodial system to mitigate risk from centralized financial services and being targeted. To keep these benefits, the asset managing responsibility is entirely transferred to the users.

Risk assessment and Risk mitigation

Risk assessment for key management can be done by considering access control in each protocol, including private key management models, such as using multi-signature, social recovery, asset custodians, etc.

3. Governance Mechanism

Explanation

This is a possibility of being taken advantage of by the controlling system because most decentralized governance mechanisms in each protocol use a voting system. 1 governance token has one voting right. This voting system may be intervened by a person who holds many tokens for their benefits, such as casting votes to authorize the protocol to allow farming with their digital assets, casting ballots to increase the loan interest in the system, etc.

Risk assessment and Risk mitigation

Risk assessment for Governance mechanism can be achieved by considering tokenomics, voting mechanism, holding token transparency analysis, etc.

4. Redress of Disputes

Explanation

It is possible to have disputes from transactions that might occur when there is an error in the system caused by the users or the system itself. When a smart contract is implemented, the resulting outcome is not reversible nor editable.

In general, when there is a failure or problem, the users can ask for compensation which requires using system controlling authority to modify some rules. This event can impact credibility later on.

Risk assessment and Risk mitigation

For redress of disputes risk assessment, in general, each protocol doesn’t specify dispute handling procedure as the documentation assumes that the smart contract can function appropriately according to the defined logic. However, when disputes arise, it may be necessary to consider the limitation of admin or dev access control. For example, can this access control only compensate improper transactions? Can this access control change important rules?

Legal compliance risk

This is a risk of using DeFi for illegal purposes or to get around the law deliberately.

1. Financial crime

Explanation

Digital asset transaction in DeFi is a challenging topic in regulating aspect because users use the pseudonymous name without a custodian. Although it is possible to track the financial path, it’s still challenging to identify the account owner. Moreover, every blockchain transaction cannot be blocked or prohibited. Some protocols even use a privacy-enhancing function which adds more complexity for tracking.

The nature of DeFi system adds more risk for financial crime. This is different from traditional finance, which applies AML/CFT for regulating purposes. Therefore, it is very interesting to see how regulating measures will be used in the future.

Risk assessment and Risk mitigation

Risk assessment for Financial Crime can be achieved by monitoring KYC policy, DeFi regulation laws, and compliance points of view in different countries.

2. Fraud and market manipulation

Explanation

This is an act relating to deception, defraud, and attempts to take advantage of the investors. Primarily, we are talking about the actions intentionally carried out by the developers rather than the third party, such as rug pull. This malicious action is all about creating a protocol to attract investors. Then the developers will secretly transfer funds to their account and shut down the system and communication channel.

Risk assessment and Risk mitigation

Risk assessment for fraud and market manipulation can be done by looking at the auditing report from trusted auditors. This audit can be either formal verification or a manual audit.

To limit the risk of hard rug, we can assess other related factors, such as masterchef ownership, time locks, transfer tax, anti-whale functions, locker contracts, harvest lockups, previously performed rug pull codes, etc.

Emergent Risk

This is a risk of failure to man

age overall DeFi, caused by the inefficient connection of individual functioning parts.

1. Dynamic Interactions (Interaction Risk)

Explanation

This is a possibility of having the system failure caused by connecting with other protocols. Currently, many protocols combine and work with each other. Although each protocol has been audited and has efficient programming instruction, it may be affected by other risky protocols. Moreover, DeFi protocols can be connected internationally. Therefore, inconsistent governance can result in risks connecting. This risk can also spread to the traditional finance that has been linked to these protocols.

Risk assessment and Risk mitigation

Risk assessment for dynamic interactions can be achieved by closely monitoring the performance of each connecting point.

2. Flash Crashes or Price Cascades

Explanation

This is possible to have a flash crash in digital asset price, which is much more volatile than the traditional financial market. Due to the nature of algorithmic & permissionless decentralized operations, no SEC or broker can intervene in this event. Moreover, the damage can be worsened by using leverage and involuntarily liquidation. Thus, this event can broadly cause massive damage to a large number of investors.

Risk assessment and Risk mitigation

If the digital asset price drops severely and lasts long, it might cause the measurement tools, such as the VAR model, to function abnormally. Therefore, risk assessment for flash crashes and price cascades can be performed using agent-based simulation, which analyses participants’ behavior, such as borrowers, lenders, traders, and liquidators. This analysis will be used with Monte Carlo simulation to find price possibilities in various situations.

However, this process needs to be based on some assumptions, such as no-arbitrage or instant liquidation, which is very different from traditional finance.

Summary

We have put together overall risk factors and assessment methods and summarized them in the table below to illustrate risk assessment criteria.