Browsing Tag: interest arbitrage

    DeFi risk

    Code loopholes, hackers, market volatility, arbitrageurs: the paradigm of DeFi risk management

    July 20, 2020

    DeFi refers to the decentralized financial agreement realized by smart contract, including asset trading, lending, insurance, various derivatives, etc.; except for credit service, financial service in reality can be realized through DeFi protocol. These agreements are decentralized and automatic, and there is no third-party organization in the management and maintenance. Therefore, the risk control of contracts has become a difficult problem in the industry.

    DeFi has dual attributes of Finance and technology, mainly including the following risks:

    1. Code risk. Including Ethereum underlying code risk, smart contract code risk, wallet code risk, etc. For example, the famous DAO incident in those years, the recent Uniswap vulnerability attack, and all kinds of wallet theft incidents are caused by code risk.
    2. Business risk. The main reason is that there are loopholes in the process of business design, which are reasonably attacked or manipulated. For example, FOMO3D was blocked in those years, and bZx mistakenly used the Uniswap Oracle, which was not resistant to attacks, and was reasonably suppressed to steal assets. These people are called arbitragers. Arbitrage has both disadvantages and advantages for a DeFi project.
    3. Market fluctuation risk. The lack of some response variables in the design of DeFi leads to the occurrence of market extreme situation. For example, MakerDao’s performance in 312 is mainly caused by the extreme volatility risk of the market.
    4. Oracle risk. The Oracle provides global variables and is the basis of most of the DeFi. If the Oracle encounters an attack or stops, the downstream DeFi will collapse. We believe that the Oracle will become the most important infrastructure of the future DeFi, and the Oracle with any centralized risk will eventually die out.
    5. “Technology Agency” risk. It mainly refers to that ordinary users who are not familiar with smart contracts and blockchain use the “convenient” interactive tool developed by the centralized team, which may have risks.
    risk management framework for DeFi

    The above risks should be taken into account in the design of any DeFi project. The complete process is not only to make prompt in the document, but also need some risk management means. Most of these measures are carried out in a decentralized way, and a small amount are completed in the form of community governance (mainly refers to chain governance). Here we propose a risk management framework for DeFi, which is divided into pre event, in-process and post event

    In advance: it is mainly to formally verify the contract code, including clarifying the boundary of methods, resources and even instructions used in the contract, as well as the correlation and influence of these methods, instructions and resources in the combination process, and resolutely use the method without demonstration or combination without finding boundary. This is not the thinking of traditional software development testing, it is a concept close to mathematical demonstration. Good contract development should be based on a proven combination of methods.

    In the event: the main design is downtime design and exception trigger design, that is, the contract can identify and intervene the attack behavior, including automatic shutdown design and governance outage design. The abnormal triggering is a kind of control and management of the unexpected phenomenon in the process of contract operation; the abnormal trigger is generally automatic, and some risk management variables are corrected through the abnormal trigger. Please refer to the beta coefficient and anti blocking attack settings in nest Oracle system, which is the first practice in the industry to consider shutdown and abnormal triggering.

    After the event: risk management after the event includes several parts. First, code vulnerabilities need to be corrected. Generally, it is managed through chain governance, that is, DAO governance. Secondly, the governance asset itself is attacked, and contract bifurcation is needed at this time! This is a blind spot ignored by the industry. Secondly, through the insurance mechanism, the possible risks of the contract are insured to reduce the loss. Finally, the community can track losses through tracking data on the chain and cooperate with various institutions. For on Chain Governance and contract bifurcation, please refer to nest’s design, which is an innovation.

    system framework for the security of DeFi

    The above is a system framework for the security of DeFi for your reference only. At present, the understanding of safety in the industry is too early and too traditional. If we can’t change our thinking and introduce new ideas such as boundary, completeness, consistency, formal verification, shutdown, abnormal triggering, governance and bifurcation, we can’t adapt to the future development.


    After the black swan, the DeFi data mutation!

    July 5, 2020

    On February 6, 2020, the total value of ETH and ERC-20 tokens locked in Ethereum’s DeFi ecosystem exceeded US $1 billion. After a series of high-level “smash” incidents, a series of “black swan” events coincide.

    bZx attack event

    In mid February 2020, two arbitrage “attacks” occurred in bZx protocol. After the event data statistics show that the two attacks before and after bZx protocol caused the total loss of 3649 ETH. Because Uniswap uses algorithmic price, the price is easy to change dramatically when the transaction depth is limited; arbitrage “attacker” just takes advantage of the algorithm price defect of Uniswap to manipulate the transaction price of some assets maliciously, which causes the users of the related DeFi protocol who introduce the Uniswap data as the Oracle price to suffer huge asset losses.

    ETH Locked in DeFi
    total value locked in DeFi

    After the bZx incident, from February 18 to February 19, the ETH lock up amount of Ethereum head DeFi protocol decreased by about 175000, about 5.8%; while the lock up amount of USD stable currency assets did not change significantly.

    The bZx protocol attack event led to a significant decrease in the number of ETH lockups, which indicates that a large number of DeFi users have doubts about the security of the DeFi protocol. At the same time, the bZx incident triggered a collective discussion on the issues related to the oracle and the flasloan in the industry.

    The encryption market plummeted on March 12

    At the end of the first quarter of 2020, the new crown epidemic is spreading rapidly around the world, which has a serious impact on almost all walks of life. The US stock market has experienced several historic fusions, and the crypto investment market is no exception. On March 12 (later known as “Black Thursday”), the U.S. stock market collapsed, and BTC, ETH and other mainstream encryption assets fell sharply by nearly 40% in a single day. According to the data, during the period from March 12 to March 13, all kinds of trading activities on Ethereum network increased significantly, resulting in serious network congestion for a long time, and many of the DeFi protocols had the highest active period in history.

    The market crash on March 12 affected almost all types of investment assets, including cryptocurrency, except for the stock market. Although the relationship between crypto investment market and traditional financial market does not always exist, the one-day crash and stock market crash are almost caused by the same reasons: the global panic and liquidity crisis caused by the new crown epidemic.

    Enlightenment from the collapse of encryption market on March 12: what is missing in DeFi?

    ETH locked in DeFi 2

    Based on the analysis of the data of online DeFi, we found that there was a large fluctuation in the amount of ETH lock positions from March 7 to 18

    3.07-3.10: ETH lock up volume increased from 2.893m to 3.03M, up 4.7%

    3.10 ~ 3.12: ETH lock up volume began to decline sharply, from 3.03M to 2.928 m, a decrease of 3.4%

    3.12-3.13: ETH lock up volume began to increase again, from 2.928m to 3.037m, up 3.7%

    3.13-3.18: ETH lock up volume began to decline all the way from 3.037m to 2.792m, a decrease of 8%

    This kind of volatility is the true reflection of Ethereum DeFi ecology in the case of a large drop in the price of ETH: at the beginning, the price of ETH fell slightly, the bondholders continued to make up their positions, and the amount of ETH locked positions increased; however, after the great fall of ETH price, some creditors did not have time to make up their positions, or gave up covering positions At the same time, there are also some debt holders who actively redeem the mortgage assets to avoid closing positions, which also makes ETH lock position decrease.

    From the above data performance, the instantaneous negative impact of 312 crash event on ETH lock up is less than the previous bZx attack event; however, as the price of ETH continues to fall, the impact of the event on the lock up of DeFi ecological ETH is growing: in the week after March 12, ETH lock up volume decreased by 12.2%.

    total value locked in DeFi 2

    On the other hand, on the day of 312 sharp fall, the scale of USD stable currency assets locked in DeFi declined significantly, from 893.43m on March 12 to 559.211m on March 13, and the 24-hour stable currency lock position decreased by more than 37%, which is also related to the “liquidity crisis” in the encryption market proposed by later industries.

    ERC777 protocol reentry attack

    On the morning of April 18, 2020, the Uniswap protocol was successfully attacked by hackers using the re-entry vulnerability. The hacker carried out this reentry attack through the compatibility defects of Uniswap and ERC777 standards, which exhausted about 1278 ETH assets in the Uniswap ETH-imBTC pool.

    What’s worse, just 24 hours later, at 08:45 a.m. on April 19, another DeFi protocol, dForce, was attacked by hackers in a similar way. In the dForce attack, hackers successfully borrowed a variety of encryption assets from dForce platform by using inflated imBTC as collateral, resulting in heavy losses to dForce platform users, with a total amount of up to 25 million US dollars. (Note: the stolen funds were recovered successfully under the coordination of various efforts)

    total value locked in DeFi 3
    ETH locked in DeFi 3
    total value locked in DeFi 4

    After the incident, the encryption funds of dForce lock warehouse dropped to nearly 0, and the head of the difi users suffered a serious impact, which greatly damaged the vitality of the whole industry. However, this re-entry attack is not a major technical vulnerability with high complexity, but a low-level development vulnerability, which does not have more impact on other Ethereum DeFi protocols. Therefore, from the data performance point of view, after the attack event, the lock up amount of ETH and USD stable currency assets of DeFi ecology did not fluctuate significantly.


    However, on the 19th, there was a huge increase in the related transactions of USD stable currency assets on Compund; in addition, the trading volume of USD stable currency on Kyber and IDEX also increased. Some of these data changes are closely related to the operation after hackers steal dForce assets.

    The incident of this reentry attack has triggered collective speculation in the DeFi industry, which is of great significance to the development of the entire DeFi industry. It makes more and more DFI developers begin to reexamine security issues, decentralization principles, rights and responsibilities involved, and even so-called moral issues.

    The above is about some accidents and data in the DeFi ecology since 2020.

    DeFi has just started, and it will be more wonderful next time. Let’s look forward to it!


    DeFi insurance design: always start from general equilibrium and reduce systematic arbitrage

    June 23, 2020

    On March 1, 2020, Star daily, a professional media platform of blockchain, and nine chapter Tianwen, a nest enthusiast (nest is a distributed price predictor), held a in-depth exchange and dialogue on the development trend of the DeFi insurance industry. What is the design idea of the DeFi insurance products and the development trend of the DeFi insurance? On these hot issues, we will do our best in this wonderful dialogue. Here are the dialogue contents to share with you:

    Odaily: what do you think is the significance and role of DeFi insurance in the whole DeFi ecosystem?

    Nest enthusiasts: Defi insurance is a kind of security protection for some DeFi products, mainly a kind of compensation for the development risk of DeFi and the fluctuation risk of assets in DeFi.These two kinds of risks are different. In terms of development risks (code vulnerability, backdoor, arbitrage algorithm, etc.), the value of DeFi insurance is high, and it is also the core direction of industry development. As for the insurance of asset fluctuation, it is essentially a kind of swap or option, which more reflects the derivative structure of asset price. It can not be called insurance completely. This kind of product will be included in the derivatives in the future, but its value is also very large, but it is not a strict insurance product.

    Odaily: in your opinion, where is the ceiling of the DeFi insurance segment? What’s the value of the DeFi lock?

    Nest enthusiast: The ceiling of the DeFi product is ultimately the market value of Eth, because all risks on the chain can be offset by insurance, but the code risk of Eth cannot be offset by insurance, because your insurance is also developed on the chain. If we say that the market value of eth measures the code risk and consensus risk of eth, then without changing the current structure of eth (anti attack), the ceiling of insurance is the market value of eth. But in terms of supply demand relationship, it may be far below this standard. It has something to do with infi’s lock in, but not entirely. For example, if the asset fluctuation insurance in question 1 is included, it is larger than the lock in. It’s mainly about the type 2 demand mentioned above, which is hard to estimate. If the type 2 demand is not considered, it is really limited by the size of the insured DeFi lock warehouse.

    Odaily: due to the high interoperability and composability of DeFi products, the capital loss event on DeFi is often not an independent probability event. When a product’s capital is damaged, it is often associated with other products. In view of this problem, do the current insurance products have better coping strategies?

    Nest fans: it’s a good thing, not a bad thing. This reflects the effectiveness of the financial market. The solution is not to provide more insurance. Even if more insurance is provided, it will be incorporated into the whole arbitrage system by the arbitrager. The core is to improve the DeFi The overall view of product developers is not to develop financial products with wishful thinking or partial equilibrium thinking, but from the perspective of general equilibrium, that is, all variables in the whole market should be considered for your product, and your product should constantly attack and arbitrage existing products! Only based on such a starting point of development can it be correct.

    The problem of traditional Internet development is to use demand as the starting point, such as user experience, user experience, efficiency, etc., but in the financial field, especially in the contract product field, there is only one demand: arbitrage (or making money), the demand of all participants is homogeneous, so we need to consider the whole market behavior, whether your product will help reduce the market arbitrage or increase it Arbitrage? If it is reduced, your product can stand, if it is increased, you will be arbitraged, and the product has no meaning. So, it’s not about insurance, it’s about the mindset shift of all the DeFi developers.


    Nest system is based on this assumption to build a modern DeFi system. From Oracle to trading market, interest rate market, derivative market and insurance market, it is based on whether to reduce arbitrage opportunities in the whole market. We need to know that as long as the arbitrage increases, it means that there are a group of people with the advantage strategy, which will lead to the disappearance of the whole market! The design and development of profi is a big deal, and the experimenter will have a lot of holes to step on, about the risk of centralization or the security of contract code.

    Odaily: a few days ago, nexus mutual was exposed to governance loopholes, which made a big question mark for the DFI insurance platform: who can underwrite the insurance acceptor of DFI? From this point of view, does it mean that the fully decentralized DeFi insurance platform can’t guarantee the security of DeFi?

    Nest fans: it’s all about product design. I mentioned in the article “the first principle of decentralization”. The so-called governance in this chain, if it still defaults, is essentially centralized and will be eliminated. This kind of product and phenomenon should not be included in the discussion, but should be criticized on a large scale.

    Odaily: apart from DeFi insurance, what do you think is the more feasible risk prevention in terms of technology for the risks caused by the composability of DeFi?

    Nest enthusiasts: we have explained in the answer to the previous question 3 that this is a good thing. The problem is not in the thinking of combination, but in the thinking of the combiner, because they are going on along the wrong product development ideas, and they are going to be eliminated finally. The new generation of Profi will have a global perspective, that is, we 3 General equilibrium thinking mentioned in: the development of each product is aimed at reducing market arbitrage opportunities. Some people say, you don’t think about the needs? Obviously, if the demand is not satisfied, there is an arbitrage opportunity (note that the demand here does not refer to the demand that is used fast and good-looking, but refers to the demand that the risk and return are not reasonably allocated and priced). We need to meet the new development thinking of profi and enter the era of efficient finance.

    Odaily: which of the existing DeFi insurance products and platforms do you like better? (Ethernet, CDX, nexus mutual, opyn, vouchforme, keeperdao, etc.)


    Nest fans: as we mentioned earlier, I think it’s all partially balanced products. Be careful of being arbitraged. Someone should systematically analyze this kind of products. If the thinking does not change, this kind of partially balanced products will be eliminated by the market with the passage of time.

    Odaily: can you talk about the philosophy of the design of DeFi insurance products? Can we also put forward some suggestions for improvement of existing products?

    Nest fans: Always start from general equilibrium, reduce the arbitrage of the whole system, and always improve the pricing efficiency of the whole system. What is insurance? Insurance is a negative security. Why do we have negative securities? For the sake of the market. Why complete market? Only in this way can pricing be effective. What does effective pricing mean? The market is efficient. What does the market effectively represent? Financial resources are allocated most efficiently and best.

    Odaily: finally, can you summarize that, will DeFi insurance become a trend in the future? What do you think are the necessary conditions for decentralization insurance to become a trend?

    Nest enthusiast: I think the main trend is DeFi, and the DeFi insurance is just an important part of it. As I said before: Oracle, trading market, interest rate market, insurance market and derivative market are all very important. They are developing together. Because this is a super rational world on the blockchain, the arbitrage of code completion is only in a moment, and each link cannot be slow. I think it is a trend of all-round development. The necessary condition is first the prediction machine. With this, it will flourish later. I hope you will pay more attention to the Nest price oracle network, a better solution to the problem of prediction machine.