This post was originally published on Bankless in May 2020.
Even though Satoshi built Bitcoin, he might appreciate the world that Ethereum’s Decentralized Finance (DeFi) created.
Like Bitcoin, which built off anger around the 2007 financial crisis to create a new payments system, DeFi throws today’s traditional banking paradigm on its head. It’s permission-less, programmable, and powerful, working through open code, open access, and decentralization.
Today, DeFi has hit nearly $1 BN locked up. As it has grown, hacks proliferate, costing millions in user funds:
Despite how different it is from finance, DeFi will need to grapple with three of the same factors that led to the 2007 financial crisis that birthed crypto: yield chasing, musical chairs, and hyper connectedness.
In physics, it’s impossible to get away from gravity. In finance, it’s impossible to get away from the market.
Yield chasing is inherently risky
Yield chasing was one of the earliest causes of the financial crisis. Low interest rates after the dot com boom cause investors to chase higher yields, in the form of subprime loans.
In finance, yield is meant to reflect risk. Today, an investor can get 80 basis points on US Treasuries, while simultaneously getting 6% on junk bonds. The difference is meant to reward the risk that junk bonds may not actually repay their principal.
The challenge for investors is determining what yields are an opportunity and which are high simply due to the risks the financial product is taking.
A core mistake in the financial crisis was mis-assessing the risk of high yielding mortgage-backed securities. Subprime loans—even their AAA tranches—never were bulletproof, even though rating agencies and mortgage originators said otherwise.
DeFi struggles with the same problem, where some users compare yields across protocols without noting the inherent risk of these products:
The actual risk-adjusted return on capital (return divided by risk) is driven by factors that are time consuming for any retail customer to dig into, like:
- Security risk
- Collateral ratios
- Governance process
- Liquidation process
- Network availability
If retail customers aren’t looking at all this information, they will take risky opportunities and miss those that lower yields but are much more sound.
And unlike the ICOs, the upside for most DeFi projects is capped despite the substantial risk. A jackpot ICO could return 5000% for a potential loss of 100%. But the best case scenario for decentralized lending is 10%-20% return, with the potential to still lose 100% due to an exploit.
“As long as the music is playing, you’ve got to get up and dance”
Yield chasing leads to a vicious cycle for both banks and DeFi protocols.
As Chuck Prince, the CEO of Citigroup infamously said at the start of the 2007 financial crisis:
When the music stops, in terms of liquidity, things will be complicated. But as long as the music is playing, you’ve got to get up and dance.
Essentially, organizations that carefully manage risk will lose, until they win. The markets are a vicious cycle, meaning that thoughtful CEOs aren’t rewarded until the market tanks and puts their risk maximizing competitors out of business. As Warren Buffet said, “Only when the tide goes out do you discover who’s been swimming naked.”
The same effect happens in DeFi. For example, a simple way to beat Compound’s lending rates is to require a lower collateral ratio, closer to 100%. The lower collateral makes these loans more attractive to borrowers, increasing the yield they are willing to give savers. In a world of yield chasing, this competing product can quickly gain market share—just like Chuck Prince’s Citigroup—even though it’s much riskier.
A vicious cycle ensues, with competition leading to reduced underwriting standards, higher yields, and higher risk for every protocol. Thoughtful protocols can try to enforce higher collateral ratios, but they’ll have to offer lower yields to do so. Users will then go to their less thoughtful competitors, forcing everyone to reduce their standards if they want to compete for users.
This is the classic prisoner’s dilemma writ large:
Risk scoring—rating agencies on Wall St, projects like DeFi Score in DeFi—can play a part but often their voices are dismissed.
In DeFi, risk scoring especially won’t matter until users actually rewards smart risk managers. Realistically, this only happens when users lose their money and start taking these details seriously.
Everything is connected
During the financial crisis, no bank was an island. Today, no DeFi protocol is an island.
Mistakes at Lehman and Merrill Lynch caused issues at the best run banks. Goldman needed AIG to to pay out on its insurance policy, no matter how smart Goldman had been about managing risk:
Finance is an interwoven house of cards:
In DeFi, protocols are similarly interconnected. Compound depends on the multi-collateral DAI smart contract. PoolTogether depends on Compound and multi-collateral DAI to both work. As Daniel Que notes because of composability, DeFi protocols can become a house of cards.
For example, in one of the two recent BZX hacks, the dependence on Kyber’s oracle led to a price jump of Synthetix USD, which led to a loss for BZX. Lendf.me, a fork of Compound, was exploited for 25MM by exploiting a reentrancy vulnerability in imBTC (an ERC777 token). The hacker built up a false balance, which they could then borrow funds against.
Composability is one of the superpowers of DeFi, but it is also one of its greatest dangers. Just like the best run bank cannot be safe in a financial crisis, the most audited smart contracts cannot protect against the interaction effects across all other protocols and primitives, especially those that weren’t built when the original code was deployed.
Finance is Finance
DeFi is still in its infancy, with plenty of time before it is the basis for the next financial system. But it will need to become anti-fragile if it is to become the basis of how finance happens.
Projects like DeFi Score can educate users about risk. DeFi protocols can write test suites that test common dependency bugs. Protocols can be built in a way to be resilient to unanticipated failures. DeFi itself can provide insurance through Opyn.
Ultimately, DeFi isn’t banking. But finance is finance, no matter what the tech stack below it is.