Transparency, overcollateralization and automation all make decentralized finance dramatically different from traditional services. That might mean there are fewer systemic risks – or just that there are entirely new risks.
By David Z. Morris
There are two questions of acute relevance I want to try to answer in the wake of the latest crypto market retreat. First, is decentralized finance more trustworthy and robust than conventional financial services? And second, are some DeFi systems more stable than others?
Those questions became newly weighty as a wave of loan defaults and insolvencies in recent weeks hit centralized “lending platforms” like Celsius Network and Voyager Digital. Those entities sometimes leveraged DeFi rhetoric and, in Celsius’ case, deployed customer funds to DeFi systems with extremely mixed results. Three Arrows Capital, arguably the Typhoid Mary of this year’s crypto contagion, had major exposure to the luna (LUNA) token and terraUSD (UST) algorithmic stablecoin, a fatally flawed system based on some DeFi principles. (For a thorough description of these relationships, see my recent account of the Great Crypto Unwind.)
At the same time, more reputable DeFi systems have held up better than centralized lenders in the downturn. While their volumes and yields have declined sharply, systems like the Uniswap exchange, Aave lending system and DAI stablecoin have continued to function smoothly. Most importantly, the systems haven’t been destabilized by huge losses from loan defaults or declining asset prices, which proved fatal for the centralized lenders.
So why did centralized and human-monitored players like Celsius and Voyager prove so fragile compared to largely automated systems? And what separates DeFi systems that did fail, particularly LUNA, from those that held up?
The answers are complex, but essentially boil down to specific financial and technical design decisions. Some of these, such as systemic transparency, overcollateralized lending and automated liquidation of borrowers, are inherent to DeFi. Other features, including “tokenomics” and governance, can vary dramatically between systems – and go a long way to explaining why not all DeFi is created equal.
What is DeFi?
First, a quick refresher. In theory, DeFi systems are to trading, lending and other financial services what bitcoin (BTC) is to currency. Because they’re run on distributed blockchains, these systems are meant to be uncensorable and transparent. They are built largely around “smart contracts,” on-chain functions that can be used by anyone with an internet connection and crypto in their wallet and which automatically execute without human supervision.
Smart contract-based DeFi services include digital asset trading and lending. Some stablecoins, such as MakerDAO’s DAI, are also based on DeFi technology. A core concept for trading and lending services is “yield farming” or “liquidity mining,” which rewards users for “staking” funds to liquidity pools. Standing pools of staked assets eliminate the need to directly match buyers with sellers or lenders with borrowers.
A further declared goal of DeFi is to dispense with centralized leadership and enable users to manage the systems, though that goal has been pursued inconsistently. For a deeper exploration, see CoinDesk’s full DeFi explainer.
Arguably the defining characteristic of decentralized finance systems, the feature from which all others flow, is their almost complete transparency. Much as you can track bitcoin transactions by looking directly at blockchain records, DeFi systems allow near-complete visibility into loans and order books. This notably includes visibility into “liquidation points,” or asset prices at which the collateral for certain loans would be market-sold to cover losses. More on those in a moment.
This transparency is a sharp contrast to services like Celsius, which take depositor funds and deploy them in a wide variety of ways to generate yield. Depositors have almost no visibility into, much less oversight of, how those funds are deployed. Those deployments can include over-the-counter trades which are nearly impossible to spot on-chain, or intentional obfuscation of DeFi activities.
While that opacity can be a valid strategic choice for investment funds trying to outmaneuver competitors, it also means depositors in centralized systems are accepting a simply unknown amount of risk. The most dramatic illustration of this came with the revelation that a DeFi account known as 0Xb1 had been trading on behalf of Celsius, but did not disclose that connection – while apparently losing hundreds of millions of dollars.
“That is definitely one of the biggest issues when it comes to these [centralized lending] providers,” says Eric Chen, founder of the DeFi protocol Injective. “They say they’re going to deploy DeFi strategies for you, and they can undertake a lot more or a lot less risk than what the consumer prefers.”
An even more important bit of transparency in DeFi comes from strict policies on loan collateral. One reason Three Arrows Capital blew up is that it was taking out an array of huge loans from funds that were seemingly unaware of Three Arrows’ overall debt levels. In at least one case, a huge loan was issued with no collateral at all, apparently based purely on faith in Three Arrows.
But DeFi users face extremely conservative limits on borrowing, which help keep individual platforms stable. While Three Arrows (and traditional funds like Bill Hwang’s Archegos) can leverage their reputation to harvest loans all over town, DeFi platforms require collateral for loans, and that collateral must be effectively “locked” within the systems.
That prevents the pledging of the same collateral for multiple loans. Recycling collateral can be a form of fraud, but it’s hard to detect in traditional, centralized financial structures.
“Centralized providers, a lot of them are very credit-based,” says Chen. “And you can use the same collateral multiple times.”
The downside of DeFi collateralization standards, it should be noted, is relative inefficiency of capital. Because of that inefficiency, some question DeFi’s long-term value without something akin to a credit-rating system or other paths to undercollateralized lending. On the other hand, if DeFi’s capital inefficiency keeps leverage and risk from building up in the system, maybe that’s not such a bad thing.
Transparent, automated liquidations
Though specifics vary, most DeFi systems are set up to automatically liquidate loan collateral before the collateral falls below the value of the loan. That’s possible because collateral is locked into fully automated systems and forms a stark contrast to the frequently analog and interpersonal process by which centralized lenders issue margin calls for underwater borrowers.
The speed of liquidations is key to keeping protocols solvent. In a traditional lending context, including loans from centralized crypto exchanges to funds like Three Arrows, margin calling a large borrower can be an analog, slow, interpersonal process taking hours or days. That creates the opportunity for much larger imbalances to open up between falling collateral and outstanding loans.
And, of course, sometimes traditional loans don’t get repaid at all. Because its loans were off-chain, Three Arrows Capital was able to simply “ghost” creditors when it became clear it was insolvent. It appears Three Arrows may have on the order of $2 billion in uncovered debt outstanding, which has become an existential threat to counterparties including Voyager Digital.
By contrast, Celsius, despite also appearing insolvent, has repaid several large loans from DeFi lending protocols including AAVE, Compound and Maker. In the case of the Maker loan, a final $41 million repayment in the DAI stablecoin unlocked nearly half a billion dollars’ worth of collateral in wrapped bitcoin (wBTC).
In short, having collateral locked in a protocol seems to have a much greater disciplining effect than the legal agreements backing conventional loans. In fact, there remains some question of whether the protocols actually had legal primacy over other counterparties in the repayment stack, considering that Celsius entered Chapter 11 bankruptcy protection just days after those repayments.
It’s hard to think of a clearer affirmation of the old saw that possession (of your collateral) is nine-tenths of the law.
Hunting liquidation points
That’s one of the main reasons DeFi lending systems like Aave have weathered the crypto downturn better than centralized lenders. But transparent and automated liquidation also introduces extremely novel market dynamics, and perhaps its own set of risks.
Most notable is the visibility of borrowers’ “liquidation points.” Broadly, these are the price levels for particular assets at which a particular loan falls below required levels of collateralization. DeFi traders can identify specific price points that would trigger liquidations, and thus further major price drops.
These liquidation points are not publicly known in traditional asset markets, and their visibility in DeFi sets up fierce battles between bulls and bears when a major liquidation level is close – so-called “liquidation hunting.” While this can create volatility, it also arguably makes things fairer. Because while they’re not publicly known, various liquidation points in traditional markets are visible to entities like lenders and exchanges. That information asymmetry could easily be exploited by those centralized players.
That presents a bit of a philosophical quandary. Is it better for all players to know these liquidations points, creating a contentious but fair playing field? Or is it better that only a small number of people know, and the liquidation points don’t get widely hunted but trigger drops that are complete surprises to most in the market?
Automated liquidations do have at least two clear downsides.
First, while they protect individual platforms, they may increase broader risk for cascading liquidations of particular assets. A major liquidation of a big block of collateral risks driving down the collateral value for a tranche of other loans, which could in turn be liquidated, pushing the asset down further.
Second, and perhaps more pernicious, automated liquidation can function as a backdoor method to obfuscate asset sales. For instance, the creator of a project may use an automated liquidation to indirectly dump its token in a way that’s not transparent to users.
All DeFi is not created equal
While some DeFi projects have weathered the downturn, others most certainly have not. Above all, that includes the Luna Foundation Guard, which administered the luna ecosystem and algorithmic “stablecoin” terraUSD that collapsed in May. The system operated transparently and on-chain, fulfilling the most basic criteria for being considered “DeFi.” But its example also highlights that DeFi can certainly be designed in unsustainable or high-risk ways.
In particular, it is troubling to the idea of decentralization that the LUNA system was using external subsidies to pay yield to users who deposited funds – even if no one was taking loans at those rates. The Anchor protocol, Luna’s answer to a lending protocol like Aave, grew incredibly rapidly because it offered up to 20% interest on deposits. But that money came from a “yield fund” that periodically had to be refilled by Luna Foundation Guard administrators with funds from venture capitalists, rather than paying out yield generated from real loans.
Those subsidized yields helped attract deposits, substantially broadening the harm when the system collapsed. But exogenous subsidies aren’t inherently against the ethos of DeFi.
“At the beginning, you can devote some capital to building a liquidity pool,” says Maya Zehavi, an angel investor focused on DeFi. “I would call that active governance. [It’s] what investors are putting in as a value add.”
Indeed, an initial round of “yield farming” offers helped protocols, including Uniswap, to bootstrap liquidity pools that have since become self-sustaining. But those offers are usually time-limited, and robust DeFi systems adjust their yield based on loan demand. The problem with Luna and Anchor was that there was no plan to sunset the inflated yield rates, or allow them to adjust to match loan demand.
“What I see as natural DeFi is when you’ve developed a system that can generate its own fees,” says Zehavi, “And regenerate and be sustainable.”
Another variable between DeFi protocols is their approach to governance. A truly decentralized system would have no key figures or leaders – but in practice, many DeFi systems are controlled by a small group of developers.
”There’s a key manager, there’s a multisig that has a lot of control over user funds,” says Eric Chen of Injective. “That almost feels custodial. Where user funds are lost, that’s usually when it’s something more centralized trying to disguise itself as being decentralized.”
Many of these effectively centralized systems justify their founders’ control as a step along the route to full decentralization. And indeed, there is no consensus about the best way to let users participate in system governance, such as decisions about yield structures.
“In the governance debate I’d take a nuanced view,” says Zehavi. “Some stuff should be governed off-chain … I think that direct democracy has proven again and again that it’s prone to manipulation.”
Good DeFi, bad DeFi
Experts seem to agree there’s no simple, straightforward way to separate robust DeFi structures from more fragile designs.
“There’s not really a gold standard or a yardstick for it,” says Chen. “You can tell easily by looking at code and contracts and how it’s structured, but in terms of a general user that’s pretty hard. It’s honestly just something you learn over time.”
For those who know what they’re looking for, Zehavi cites a long list of criteria for evaluating a platform. “I’m looking at how big the TVL [total value locked] is, what the [asset] concentration is, how big the pools are, where the yield is coming from, who the founders are. And I look for smart money.”
If you don’t feel confident evaluating a platform on those points, the good news is there are simpler rubrics. First, the protocols that have made it through the current crisis have probably earned some long-term trust, barring major system changes.
The second guideline is as simple as investing advice gets, and seemingly just as hard to follow: If something seems too good to be true, it probably is.
“A good general rule is, if [yield] returns are being advertised as risk-free, and they’re above the risk-free rate of the current market,” Chen warns, “It’s probably something a bit more on the concerning side.”
This article originally appeared on CoinDesk.
Injective is a custom interoperable layer one protocol for building powerful exchange, DeFi, derivatives & Web3 applications. Injective was created using the Cosmos SDK and is able to achieve instant transaction finality while sustaining lightning fast speeds. INJ is the native deflationary scarce asset that powers the Injective Protocol and its rapidly growing ecosystem. Injective is incubated by Binance and is backed by Pantera Capital.