As decentralised finance keeps expanding with new projects servicing new needs, understanding the risks of a given position has become exceedingly complex. This post sets out some basic steps on how to undertake a risk assessment in DeFi, taking account of common situations you can find yourself in while using your Monolith wallet.
A basic typology of DeFi risks
There are three main types of risk you’ll encounter using decentralised financial services:
- Technical Risks — DeFi services are made possible thanks to smart contracts, which can fail or have structural defaults. It’s possible to protect yourself against smart contract failures using a service such as Nexus Mutual.
- Economic Risks — DeFi services process monetary flows. Sometimes, liquidity is not optimal and slippage occurs. Our swap service will warn you if slippage is excessive for instance. Additionally, DeFi services can be subject to additional economic risk depending on the oracle solution used.
- Governance Risks — DeFi services usually have an open governance process — as it aligns with DeFi values such as transparency and accessibility. However, with open governance, new types of attack are possible. Governance attacks are hard to anticipate and the risks overall are quite novel as they are specific to DeFi.
Below are simple examples of how these three distinct types of risks can present themselves through everyday scenarios:
- Situation: Using a token
- Risk Type: Technical + potentially economic
- Risk Scope: Token Contracts
Realization: Every transaction with tokens implies a form of trust in the token(s) contract(s). This is particularly important for stable or pegged assets — as there is a trust in the pegging mechanism on top of the contract.
- Situation: Swapping tokens
- Risk Type: Technical + Economic
- Risk Scope: Token + Exchange Contracts
Realization: Swapping tokens imply using services, such as decentralised exchanges aggregators relying on smart contracts, which could create exposure. While swapping to low liquidity tokens, slippage can occur.
- Situation: Providing Liquidity to a DEX like Uniswap
- Risk Type: Technical + Economic
- Risk Scope: Liquidity Pool Contracts + Impermanent Losses
Realization: Token swaps on DEX’s are settled through liquidity provided by peers — who also assume the contract risk of the pool. Liquidity providers are also exposed to Impermanent Losses. Liquidity pools can also suffer from losses due to economic attacks if their oracle rate is faulty (software exposure).
- Situation: Storing tokens in a wallet
- Risk Type: Technical + "Governance"
- Risk Scope: Wallet Contracts and/or Wallet Custodian (if relevant)
Realization: Storing tokens in an Ethereum wallet involves different types of risk depending on the infrastructure of the service. Using a custodian service (which owns your crypto) is assuming the risk of the custodian defaulting. Non-custodial wallets on the other hand usually rely on smart contracts which incur a technical risk.
DeFi Risk assessment, in practice
Understanding risk in DeFi can be tricky, especially when services can be easily integrated with one another in a permissionless manner. With that in mind, a good way to start is to detail and research every single service you’re interacting within a given situation — it will give you an overview of your overall risk and allow you to determine your comfort with any given ‘position’.
Let’s consider for instance something you can do already in your Monolith wallet: swap a token to cDAI to start earning interest on Compound.
From the user perspective, it’s a fast and simple operation: they open their app to swap their choice of token to cDAI, and sign to validate the transaction.
On the Ethereum network, several things are happening:
- ParaSwap is called to get the price and best path on the pair
- If the swap is confirmed, ParaSwap’s ‘multipath’ will execute the transaction, first a swap involving potentially several decentralised exchanges, and then depositing the DAI on Compound.
- The user receives its cDAI token. From now on until exiting the position, the user is assuming any risk (such as technical risks) involved with Compound and particularly the DAI pool.
Understanding DeFi risks better
This document is an overview intended to give clues to evaluate the extent of the risk. Quantifying each risk requires a thorough understanding and is recommended before undertaking any transaction on Monolith (or elsewhere).
A good first step in doing this is to look at the risk documentation of the projects you’re using. In that regard, https://docs.aave.com/risk/ is what we would consider one of the clearer documents to review.
You can also use services such as DeFiScore, developed by ConsenSys Codefi team, which will help you quantify the risk factor of lending pools.
In case you still have your doubts, learning more is always a good first step! The best hedge against risk is a precise understanding of what can go wrong and how you could be potentially impacted. You can join DeFiScore’s Telegram chat to discuss risk in DeFi with like-minded people.