Browsing Tag: DeFi risk

    DeFi risk

    Code loopholes, hackers, market volatility, arbitrageurs: the paradigm of DeFi risk management

    July 20, 2020

    DeFi refers to the decentralized financial agreement realized by smart contract, including asset trading, lending, insurance, various derivatives, etc.; except for credit service, financial service in reality can be realized through DeFi protocol. These agreements are decentralized and automatic, and there is no third-party organization in the management and maintenance. Therefore, the risk control of contracts has become a difficult problem in the industry.

    DeFi has dual attributes of Finance and technology, mainly including the following risks:

    1. Code risk. Including Ethereum underlying code risk, smart contract code risk, wallet code risk, etc. For example, the famous DAO incident in those years, the recent Uniswap vulnerability attack, and all kinds of wallet theft incidents are caused by code risk.
    2. Business risk. The main reason is that there are loopholes in the process of business design, which are reasonably attacked or manipulated. For example, FOMO3D was blocked in those years, and bZx mistakenly used the Uniswap Oracle, which was not resistant to attacks, and was reasonably suppressed to steal assets. These people are called arbitragers. Arbitrage has both disadvantages and advantages for a DeFi project.
    3. Market fluctuation risk. The lack of some response variables in the design of DeFi leads to the occurrence of market extreme situation. For example, MakerDao’s performance in 312 is mainly caused by the extreme volatility risk of the market.
    4. Oracle risk. The Oracle provides global variables and is the basis of most of the DeFi. If the Oracle encounters an attack or stops, the downstream DeFi will collapse. We believe that the Oracle will become the most important infrastructure of the future DeFi, and the Oracle with any centralized risk will eventually die out.
    5. “Technology Agency” risk. It mainly refers to that ordinary users who are not familiar with smart contracts and blockchain use the “convenient” interactive tool developed by the centralized team, which may have risks.
    risk management framework for DeFi

    The above risks should be taken into account in the design of any DeFi project. The complete process is not only to make prompt in the document, but also need some risk management means. Most of these measures are carried out in a decentralized way, and a small amount are completed in the form of community governance (mainly refers to chain governance). Here we propose a risk management framework for DeFi, which is divided into pre event, in-process and post event

    In advance: it is mainly to formally verify the contract code, including clarifying the boundary of methods, resources and even instructions used in the contract, as well as the correlation and influence of these methods, instructions and resources in the combination process, and resolutely use the method without demonstration or combination without finding boundary. This is not the thinking of traditional software development testing, it is a concept close to mathematical demonstration. Good contract development should be based on a proven combination of methods.

    In the event: the main design is downtime design and exception trigger design, that is, the contract can identify and intervene the attack behavior, including automatic shutdown design and governance outage design. The abnormal triggering is a kind of control and management of the unexpected phenomenon in the process of contract operation; the abnormal trigger is generally automatic, and some risk management variables are corrected through the abnormal trigger. Please refer to the beta coefficient and anti blocking attack settings in nest Oracle system, which is the first practice in the industry to consider shutdown and abnormal triggering.

    After the event: risk management after the event includes several parts. First, code vulnerabilities need to be corrected. Generally, it is managed through chain governance, that is, DAO governance. Secondly, the governance asset itself is attacked, and contract bifurcation is needed at this time! This is a blind spot ignored by the industry. Secondly, through the insurance mechanism, the possible risks of the contract are insured to reduce the loss. Finally, the community can track losses through tracking data on the chain and cooperate with various institutions. For on Chain Governance and contract bifurcation, please refer to nest’s design, which is an innovation.

    system framework for the security of DeFi

    The above is a system framework for the security of DeFi for your reference only. At present, the understanding of safety in the industry is too early and too traditional. If we can’t change our thinking and introduce new ideas such as boundary, completeness, consistency, formal verification, shutdown, abnormal triggering, governance and bifurcation, we can’t adapt to the future development.


    DeFi insurance design: always start from general equilibrium and reduce systematic arbitrage

    June 23, 2020

    On March 1, 2020, Star daily, a professional media platform of blockchain, and nine chapter Tianwen, a nest enthusiast (nest is a distributed price predictor), held a in-depth exchange and dialogue on the development trend of the DeFi insurance industry. What is the design idea of the DeFi insurance products and the development trend of the DeFi insurance? On these hot issues, we will do our best in this wonderful dialogue. Here are the dialogue contents to share with you:

    Odaily: what do you think is the significance and role of DeFi insurance in the whole DeFi ecosystem?

    Nest enthusiasts: Defi insurance is a kind of security protection for some DeFi products, mainly a kind of compensation for the development risk of DeFi and the fluctuation risk of assets in DeFi.These two kinds of risks are different. In terms of development risks (code vulnerability, backdoor, arbitrage algorithm, etc.), the value of DeFi insurance is high, and it is also the core direction of industry development. As for the insurance of asset fluctuation, it is essentially a kind of swap or option, which more reflects the derivative structure of asset price. It can not be called insurance completely. This kind of product will be included in the derivatives in the future, but its value is also very large, but it is not a strict insurance product.

    Odaily: in your opinion, where is the ceiling of the DeFi insurance segment? What’s the value of the DeFi lock?

    Nest enthusiast: The ceiling of the DeFi product is ultimately the market value of Eth, because all risks on the chain can be offset by insurance, but the code risk of Eth cannot be offset by insurance, because your insurance is also developed on the chain. If we say that the market value of eth measures the code risk and consensus risk of eth, then without changing the current structure of eth (anti attack), the ceiling of insurance is the market value of eth. But in terms of supply demand relationship, it may be far below this standard. It has something to do with infi’s lock in, but not entirely. For example, if the asset fluctuation insurance in question 1 is included, it is larger than the lock in. It’s mainly about the type 2 demand mentioned above, which is hard to estimate. If the type 2 demand is not considered, it is really limited by the size of the insured DeFi lock warehouse.

    Odaily: due to the high interoperability and composability of DeFi products, the capital loss event on DeFi is often not an independent probability event. When a product’s capital is damaged, it is often associated with other products. In view of this problem, do the current insurance products have better coping strategies?

    Nest fans: it’s a good thing, not a bad thing. This reflects the effectiveness of the financial market. The solution is not to provide more insurance. Even if more insurance is provided, it will be incorporated into the whole arbitrage system by the arbitrager. The core is to improve the DeFi The overall view of product developers is not to develop financial products with wishful thinking or partial equilibrium thinking, but from the perspective of general equilibrium, that is, all variables in the whole market should be considered for your product, and your product should constantly attack and arbitrage existing products! Only based on such a starting point of development can it be correct.

    The problem of traditional Internet development is to use demand as the starting point, such as user experience, user experience, efficiency, etc., but in the financial field, especially in the contract product field, there is only one demand: arbitrage (or making money), the demand of all participants is homogeneous, so we need to consider the whole market behavior, whether your product will help reduce the market arbitrage or increase it Arbitrage? If it is reduced, your product can stand, if it is increased, you will be arbitraged, and the product has no meaning. So, it’s not about insurance, it’s about the mindset shift of all the DeFi developers.


    Nest system is based on this assumption to build a modern DeFi system. From Oracle to trading market, interest rate market, derivative market and insurance market, it is based on whether to reduce arbitrage opportunities in the whole market. We need to know that as long as the arbitrage increases, it means that there are a group of people with the advantage strategy, which will lead to the disappearance of the whole market! The design and development of profi is a big deal, and the experimenter will have a lot of holes to step on, about the risk of centralization or the security of contract code.

    Odaily: a few days ago, nexus mutual was exposed to governance loopholes, which made a big question mark for the DFI insurance platform: who can underwrite the insurance acceptor of DFI? From this point of view, does it mean that the fully decentralized DeFi insurance platform can’t guarantee the security of DeFi?

    Nest fans: it’s all about product design. I mentioned in the article “the first principle of decentralization”. The so-called governance in this chain, if it still defaults, is essentially centralized and will be eliminated. This kind of product and phenomenon should not be included in the discussion, but should be criticized on a large scale.

    Odaily: apart from DeFi insurance, what do you think is the more feasible risk prevention in terms of technology for the risks caused by the composability of DeFi?

    Nest enthusiasts: we have explained in the answer to the previous question 3 that this is a good thing. The problem is not in the thinking of combination, but in the thinking of the combiner, because they are going on along the wrong product development ideas, and they are going to be eliminated finally. The new generation of Profi will have a global perspective, that is, we 3 General equilibrium thinking mentioned in: the development of each product is aimed at reducing market arbitrage opportunities. Some people say, you don’t think about the needs? Obviously, if the demand is not satisfied, there is an arbitrage opportunity (note that the demand here does not refer to the demand that is used fast and good-looking, but refers to the demand that the risk and return are not reasonably allocated and priced). We need to meet the new development thinking of profi and enter the era of efficient finance.

    Odaily: which of the existing DeFi insurance products and platforms do you like better? (Ethernet, CDX, nexus mutual, opyn, vouchforme, keeperdao, etc.)


    Nest fans: as we mentioned earlier, I think it’s all partially balanced products. Be careful of being arbitraged. Someone should systematically analyze this kind of products. If the thinking does not change, this kind of partially balanced products will be eliminated by the market with the passage of time.

    Odaily: can you talk about the philosophy of the design of DeFi insurance products? Can we also put forward some suggestions for improvement of existing products?

    Nest fans: Always start from general equilibrium, reduce the arbitrage of the whole system, and always improve the pricing efficiency of the whole system. What is insurance? Insurance is a negative security. Why do we have negative securities? For the sake of the market. Why complete market? Only in this way can pricing be effective. What does effective pricing mean? The market is efficient. What does the market effectively represent? Financial resources are allocated most efficiently and best.

    Odaily: finally, can you summarize that, will DeFi insurance become a trend in the future? What do you think are the necessary conditions for decentralization insurance to become a trend?

    Nest enthusiast: I think the main trend is DeFi, and the DeFi insurance is just an important part of it. As I said before: Oracle, trading market, interest rate market, insurance market and derivative market are all very important. They are developing together. Because this is a super rational world on the blockchain, the arbitrage of code completion is only in a moment, and each link cannot be slow. I think it is a trend of all-round development. The necessary condition is first the prediction machine. With this, it will flourish later. I hope you will pay more attention to the Nest price oracle network, a better solution to the problem of prediction machine.