Common Risks in DeFi to Understand

Risks in DeFi tend to layer on top of each other - this isn't a bad thing, it's just reality.

Some of the major risks to understand in DeFi:

  1. Smart Contract Risks Even with audits, smart contracts can have bugs. For upgradeable contracts, you have risks associated with the contract controller changing the code without your knowledge or understanding (possibly introducing bugs). For immutable contracts, you have the risk that there is a bug that can't be patched at all without launching an entirely new contract. There is no right answer only tradeoffs.

  2. Migration Risks As protocols evolve, you have to expend energy keeping up with changes, possibly pay transaction fees to move between contracts or spend time participating in governance to help the protocol move your money for you. LEND became AAVE in 2020, AAVE moved to AAVE v2 in 2021. At time of writing in 2022 we're on AAVE v3. Similarly, Uniswap v2 still has >$100M in value, even though Uniswap is now at v3. To keep your yield as expected, you have to regularly keep track of this and move your money which eats into your yield.

  3. Oracle Risks Oracles allow contracts to know information from outside themselves. Chainlink is the premier oracle service which provides a system for Distributed Oracle Networks (DONs) to provide information to contracts in exchange for payment in the LINK token. Subpar oracle solutions can provide bad price information or even be manipulated to exploit contracts. Excellent oracle tools like Chainlink are well documented, but not every contract uses them responsibly. When TerraUSD & LUNA crashed in May 2022, the DON for LUNA/USD hit a circuit breaker at $0.10. Good protocols understood this risk and paused their contracts accordingly. Bad protocols allowed all LUNA to be treated as being worth $0.10 no matter the real price, resulting in several exploits.

  4. Collateral Risks When you provide an asset to a lending/borrowing platform like Compound or AAVE, you are explicitly letting people borrow it. If they don't pay their debts, their collateral is taken from them. BUT- if you lend ETH and their collateral is USDC, and they get liquidated, then you could end up with an asset you didn't want! Of course, there are liquidation bots that take advantage of the liquidation fees to swap this USDC back to ETH for you, but it's important to understand this possibility of holding the same amount of *value* without holding that value in the tokens you want. When Blizz.Finance (a bad AAVE copy/paste) on Avalanche allowed wrapped LUNA to be used as collateral for loans, it exposed all depositors (whether ETH or USDC or other) to ending up with LUNA instead of their desired token. When LUNA collapsed in May 2022, the oracle hit that circuit breaker and Blizz failed to stop the contracts. This allowed people to deposit LUNA at the incorrect price and borrow all of the deposits. With no intention of every paying them back. Depositors became stuck with LUNA and they had to restart the entire protocol from scratch. This is collateral risk. AAVE does a great job in minimizing collateral risk by stringently studying all collateral options and is even developing isolated collateral to minimize this risk further.

  5. Liquidation Risks If you deposit an asset (e.g. ETH) into a protocol and then borrow another asset (e.g. USDC) against it, then there is a price between the two (ETH/USDC) where you will be liquidated, i.e., they take your ETH and let you keep the USDC you borrowed. There is yield in DeFi that doesn't rely on lending/borrowing, and you aren't obligated to borrow. So this risk can be avoided by not taking on debt. But it's important to note this is possible and important to understand how the protocol you use gets its prices to determine liquidations (see: Oracle Risks above).

  6. Impermanent Loss Risks A common way to earn yield in DeFi is to provide liquidity between assets. For example, in Uniswap you can provide a pile of ETH and a pile of USDC and earn revenue from people paying you to switch between assets using your pile. If I have $1,000 worth of ETH and I want to switch to USDC, I can go to Uniswap and trade them without any single person being required to be my counterparty. This is called Automatic Market Making. A pool of people agree to put ETH and USDC into a big pile together and other people can swap in and out of that pile- for a fee. The 3 fees to be aware of are: - direct swap fee: e.g., 0.05% or 0.3% depending on the pool. - slippage: because transactions in DeFi are aggregated to the block level, other people doing the same ETH -> USDC swap as you may have their swap happen first, which changes the math on how much USDC you get. - price impact - selling an asset lowers the price of that asset. Providing liquidity gives you swap fees. Slippage and price impact are not really fees, but it's still useful to think about them to understand why you don't get $1,000 worth of USDC when you trade $1,000 worth of ETH (and also why using the ETH-USDC 0.3% fee pool may result in less than $997 worth of USDC). Ultimately, putting $1,000 worth of ETH and $1,000 worth of USDC into a pile can generate a good amount of swap fees, as both of those assets are popular and generate a lot of volume. But as ETH's price goes up in an AMM, the pile becomes less ETH and more USDC in number terms (100 ETH and 10,000 USDC can become 90 ETH and 11,000 USDC). So it's possible you put $1,000 worth of ETH and $1,000 worth of USDC into the pile ($2,000 together). Then months later, you pull out $900 worth of ETH and $1,150 worth of USDC ($2,050 together). You made $50 in swap fees! BUT- if ETH's price went up 20% in that time you actually lost money relative to not putting anything into the pile at all. Because $1,000 worth of ETH would be $1,200 and the $1,000 worth of USDC would still be $1,000. ($2,200 together). This is called Impermanent Loss (it becomes permanent when you withdraw your liquidity).

Last updated