Browsing Tag: agency risk

    DeFi risk

    Code loopholes, hackers, market volatility, arbitrageurs: the paradigm of DeFi risk management

    July 20, 2020

    DeFi refers to the decentralized financial agreement realized by smart contract, including asset trading, lending, insurance, various derivatives, etc.; except for credit service, financial service in reality can be realized through DeFi protocol. These agreements are decentralized and automatic, and there is no third-party organization in the management and maintenance. Therefore, the risk control of contracts has become a difficult problem in the industry.

    DeFi has dual attributes of Finance and technology, mainly including the following risks:

    1. Code risk. Including Ethereum underlying code risk, smart contract code risk, wallet code risk, etc. For example, the famous DAO incident in those years, the recent Uniswap vulnerability attack, and all kinds of wallet theft incidents are caused by code risk.
    2. Business risk. The main reason is that there are loopholes in the process of business design, which are reasonably attacked or manipulated. For example, FOMO3D was blocked in those years, and bZx mistakenly used the Uniswap Oracle, which was not resistant to attacks, and was reasonably suppressed to steal assets. These people are called arbitragers. Arbitrage has both disadvantages and advantages for a DeFi project.
    3. Market fluctuation risk. The lack of some response variables in the design of DeFi leads to the occurrence of market extreme situation. For example, MakerDao’s performance in 312 is mainly caused by the extreme volatility risk of the market.
    4. Oracle risk. The Oracle provides global variables and is the basis of most of the DeFi. If the Oracle encounters an attack or stops, the downstream DeFi will collapse. We believe that the Oracle will become the most important infrastructure of the future DeFi, and the Oracle with any centralized risk will eventually die out.
    5. “Technology Agency” risk. It mainly refers to that ordinary users who are not familiar with smart contracts and blockchain use the “convenient” interactive tool developed by the centralized team, which may have risks.
    risk management framework for DeFi

    The above risks should be taken into account in the design of any DeFi project. The complete process is not only to make prompt in the document, but also need some risk management means. Most of these measures are carried out in a decentralized way, and a small amount are completed in the form of community governance (mainly refers to chain governance). Here we propose a risk management framework for DeFi, which is divided into pre event, in-process and post event

    In advance: it is mainly to formally verify the contract code, including clarifying the boundary of methods, resources and even instructions used in the contract, as well as the correlation and influence of these methods, instructions and resources in the combination process, and resolutely use the method without demonstration or combination without finding boundary. This is not the thinking of traditional software development testing, it is a concept close to mathematical demonstration. Good contract development should be based on a proven combination of methods.

    In the event: the main design is downtime design and exception trigger design, that is, the contract can identify and intervene the attack behavior, including automatic shutdown design and governance outage design. The abnormal triggering is a kind of control and management of the unexpected phenomenon in the process of contract operation; the abnormal trigger is generally automatic, and some risk management variables are corrected through the abnormal trigger. Please refer to the beta coefficient and anti blocking attack settings in nest Oracle system, which is the first practice in the industry to consider shutdown and abnormal triggering.

    After the event: risk management after the event includes several parts. First, code vulnerabilities need to be corrected. Generally, it is managed through chain governance, that is, DAO governance. Secondly, the governance asset itself is attacked, and contract bifurcation is needed at this time! This is a blind spot ignored by the industry. Secondly, through the insurance mechanism, the possible risks of the contract are insured to reduce the loss. Finally, the community can track losses through tracking data on the chain and cooperate with various institutions. For on Chain Governance and contract bifurcation, please refer to nest’s design, which is an innovation.

    system framework for the security of DeFi

    The above is a system framework for the security of DeFi for your reference only. At present, the understanding of safety in the industry is too early and too traditional. If we can’t change our thinking and introduce new ideas such as boundary, completeness, consistency, formal verification, shutdown, abnormal triggering, governance and bifurcation, we can’t adapt to the future development.

    SOLO mining mode
    Blockchain public chain

    Is the mine pool the first to be regulated?On external incentive and new structure

    July 14, 2020

    With the continuous development of the blockchain world, the mining scale is becoming larger and larger, and the difficulty is also higher and higher. The SOLO mining mode of the early traditional small miners withdrew from the market and replaced by a mine pool integrated with distributed miner’s computing power: some scattered miners entrust the mineral computing power to professional institutions for management, and regularly settle the mining income. The emergence of the mine pool was once questioned by many decentralised fundamentalists. However, when we fully understand the significance of bifurcation, these doubts will not be over. We will write an article on bifurcation in the future.

    Although the concern of decentralization has been dispelled, another problem of the mine pool has not been discussed: the external incentive against the interests of miners! This will become more and more important in Ethereum.

    The so-called external incentive is the concept corresponding to the internal incentive. Before discussing this concept, the relationship between the miner and the mine pool is clear: This is a very clear principal-agent relationship in the traditional legal system, the miner is the principal, and the mine pool is the agent. In the principal-agent relationship, the agent should maximize the interests of the principal within the scope of the agreement, and can not use the agency to do any interest transfer or maximize their own interests (but not the principal’s interests). Although this principle is clear, it is difficult to implement it. It needs some mechanism design to solve the problem of incentive compatibility: the maximization of the agent’s own interests is consistent with the maximization of the principal’s interests.

    Based on the principal-agent relationship, we will discuss the internal incentive and external incentive. The so-called internal incentive refers to the value target and its distribution within the scope of the contract agreed by both parties. In terms of mining, the internal incentive is to maximize the mining revenue, including the ETH obtained from mining and the ETH obtained from package trading. Because the general mining pool obtains a certain proportion of the total mining income, this contract arrangement is theoretically incentive compatible, that is, the mine pool can maximize its own interests only by maximizing the interests of miners, or it will naturally maximize the interests of miners. This is the compatibility of internal incentives that we have analyzed at present.

    internal incentive

    However, in Ethereum, the situation may change, and this change is the emergence of DeFi.

    We mentioned in the previous article on miners’ risks that although miners cannot change transactions, there is the possibility of selective packaging transactions. The earlier the package is, or only one transaction is packed, the greater the profit will be.

    At this time, it is possible for the mine pool to make use of its own computing power to arrange related party transactions. However, this arrangement does not completely damage the interests of the miners, because the miners will still get the maximum mining income or a little lower mining income, that is, the mine pool perfectly implements the internal incentive, but obtains other benefits in the DeFi through the package transaction arrangement. This part of the income is not agreed in the contract of miners, or even can not be agreed, which is external incentive.

    Recently, it is often mentioned that the word “front-running“, that is, the above-mentioned miner preemptively arranges a transaction package, which has been regarded as a risk by the DeFi industry, and the mine pool is the most likely to take advantage of this advantage. How to determine the ownership of the profits if the mine pool has obtained profits as a result? As I mentioned earlier, there is a traditional principal-agent relationship between the mine pool and the miners, and the income should belong to the miners in a strict sense! The problem now is that if the mine pool does not disclose its packaging strategy, no one can infer whether the ore pool has obtained external incentives based on the data on the chain, and the miners can not prove it! There is a black hole of trust.

    However, if the strategy of the mine pool is disclosed and strictly implemented, it can avoid the problem of external incentive, but it is easy to be targeted by some malicious attackers. For example, the strategy of blocking attack is very clear, or in turn, the benefit of external incentive is snatched by the attacker (indicating that the design of downstream DeFi should avoid the architecture similar to front running), and even other more serious attacks Hit the solution, so that the chain application developers can not defend.

    In this way, there is a pair of contradictions in the mine pool: open strategy — attack, non disclosure strategy — trust black hole.

    mine pool architecture

    We propose a reasonable mine pool architecture: open random strategy.

    According to the effectiveness of internal incentive, several reasonable packaging strategies are designed and disclosed. These strategies are to maximize the interests of miners, and the difference is the order or combination of packaging. Then, based on some hardware random sources and software random algorithms, they are combined into a hybrid strategy (strategy set of probability distribution), and the original data of random sources are saved for verification by miners at any time. This scheme makes it impossible for attackers to capture the packing strategy effectively, and for all miners, it greatly reduces the possibility of external incentive for the mine pool, that is, it fills the trust black hole. Of course, if the mine pool does not strictly implement this process, it can still force profits, then the evidence and supervision can be used.

    Because the mine pool is completely in line with the traditional legal system, the theoretical basis of its supervision is very sufficient. In the future, it must be the most sensitive module of the public chain system, and also the module that is most easily included in the supervision. This is the necessity of the orderly development of the whole public chain. We believe that the structure of the mine pool proposed by us will appear sooner or later.

    agency risk

    Dazzling moment in financial history: blockchain technology will completely eliminate agency risk!

    June 27, 2020

    People who have just come into contact with blockchain are often at a loss. What kind of economic language is used to describe the meaning of blockchain.

    Some people say it’s cost, but they don’t see which industry’s cost has changed because of blockchain; others say it’s trust, and they don’t see the quantifiable description of trust under blockchain, so many people think the value of blockchain is that it can’t be tampered with.

    These are very superficial understandings. In the language of economics, blockchain essentially changes the agency risk in the principal-agent relationship.

    Agency risk is everywhere.

    When you entrust someone to do something for you, he fails to fulfill it; when you leave something in someone else’s place, he fails to take good care of it; or when the service you pay for goes wrong, it’s all agency risk. What’s really worrying is that your assets are entrusted to others, resulting in huge losses, such as our investment fund, our investment in P2P and so on.

    Agency risk refers to the risk that an agent has no ability or fails to perform the principal-agent relationship in accordance with the rules.

    Code is the law

    All of the above seems to be common and has nothing to do with blockchain; but in fact, the real meaning of blockchain is here: the algorithmic realization of agent risk through public ledger and decentralized consensus, that is, agent risk is implicit in the code, and the code is open-source and determined at the beginning, so agent risk is completely known. This is the real value of blockchain, and de trust refers to the agency risk in a general sense: the trust risk to people and institutions. Cost reduction is to avoid the risk of all kinds of adverse selection, thus bringing the decline of social cost.

    Therefore, the essence of blockchain is a problem of principal-agent framework. Technological changes have brought about a revolution of principal-agent. We no longer put the core risk on a third-party organization. Code is the law, and code is the main risk.

    Here are a few examples:

    Case 1: Bitcoin

    Through Bitcoin, in an ideal situation, we do not rely on any third party to save or transfer assets, which is also what many people say, through cryptography, we guarantee the “inviolability of private property”.


    There is not no risk in this. For example, the code is also likely to make mistakes (although it has been tested for 10 years, it can’t be said that it’s impossible). But the code is open-source at the beginning. For everyone, this risk is completely informed and cannot be modified (except for bifurcation); more importantly, in this process, an individual or institution has no impact on BTC transfer Maybe, we can reliably complete point-to-point payment.

    Bitcoin, a major technological innovation, has completely changed the past economic model and brought us to a new era of trust algorithm rather than individual.

    Case 2: USDT

    USDT is the digital dollar issued on Ethereum. Although USDT is on the blockchain, the system to ensure the value of USDT is off the chain, that is, the issuer Tether company promises that each USDT is equal to one dollar.

    Although Tether company has done a lot of work to ensure the effectiveness of this commitment, such as trusteeship and audit of bank accounts, we must trust Tether company, audit institution, trusteeship bank, etc. in order to truly and smoothly implement the whole process, which is quite different from BTC’s full trust in the calculation method. Although blockchain is used, its value includes huge agency risk. Once Tether company and other companies do not honor, USDT becomes a string of codes, rather than a dollar.

    Case 3: Platform currency

    Blockchain industry has a special kind of assets, called platform currency, which embodies the service fee reduction, transaction pricing, profit return and other values of an exchange platform. This kind of asset, such as BNB, as token of the coin security platform, whether or not it uses blockchain technology, essentially contains a huge agency risk like USDT, that is, money security exchange can change, revoke or even change the value reflected in the token. What can we do? Only believe in the safety of money.

    Case 4: DAI

    In addition, there is a special kind of asset, such as the stable currency DAI of MakerDAO. In essence, it is a stable option. DAI generated by eth mortgage is an option based on eth. It has a strict pricing formula, which is in line with the design that we have no agency risk but only algorithm risk. But there is also a problem with DAI. The price variable that determines its risk value is input by human. There is no good verification mechanism for this price, but it is input irregularly through several internal nodes. The basis for our position closing is the input price of these so-called nodes. Obviously, this risk is not algorithmic, but we need to believe that these nodes do not do evil or make mistakes, although However, maker has a rollback mechanism, but it also introduces the trust risk of rollback: who will determine the need for rollback? Why trust them?

    the degree of decentralization

    Based on the above analysis, we can summarize:

    That is, in the blockchain world, a complete value interaction process, as long as there is a link with agent risk, it is actually different from BTC, that is, we still introduce human risk, not code risk.

    Therefore, in the blockchain world, the quality of decentralization and the agency risk are two sides of a coin, and they are different expressions. The former is a perceptual description, and the latter is a rational definition. It is completely appropriate for us to measure the degree of decentralization with the agency risk.

    Not only can we judge the degree of decentralization of a system, but also we can find out which areas of agent risk can be solved by blockchain, so that we can really enter the application era of blockchain.

    Trust algorithm

    In a world full of agency risks, we have established a set of incentive system based on laws, systems, etc. to maintain the effectiveness of principal-agent structure, so that the world can operate normally. But the cost is also huge. Imagine all kinds of corporate scandals and regulatory corruption, which is the inevitable risk of the past model. No matter how well our incentive mechanism is designed, this fundamental risk cannot be eliminated. It can be said that the evolution of human society is the story of constantly changing models to deal with agency risk.

    However, this change brought about by blockchain technology is the most thorough solution to the agent risk. No longer need to trust any third party, no matter authority, hero or sage, but only need to trust the code! Trust algorithm!

    This is a dazzling moment in the financial history, which is worth our in-depth and comprehensive exploration. However, most people did not return to their minds, thinking it was just a small attempt, and soon compromised in the traditional model, which makes people sigh.