博客文章

The DeFi Stack

November 24, 2020 | 20 minute read

Editor's Note: This essay was co-authored by Spencer Applebaum, Matt Shapiro, and Shayon Sengupta.

Open Finance is one of Multicoin’s three Crypto Mega Theses, wherein Open Finance is a superset of DeFi. Over the past 12 months, there has been an explosion of activity in DeFi on Ethereum: there is $13.6 billion in capital participating in DeFi, up more than 20x over the last year.

Total value locked in defi nov/2020 Source: DeFi Pulse

This wave of activity has primarily been driven by lending platforms (Compound, Aave, Cream, MakerDAO, dForce) and trading platforms (Uniswap, dYdX, Kyber, Curve, 0x). These platforms combined represent more than 80% of the value participating in DeFi.

The growth in DeFi has been catalyzed by liquidity mining, a tool to bootstrap protocol-layer network effects. A user today can earn a fantastic yield on their cryptoassets by simply providing liquidity to AMMs (Bancor, Curve, Uniswap, Mooniswap, DODO), lending assets on money market protocols (Compound, Aave, and Cream), or shuttling tokens through yield optimizers (RAY, Yearn Finance, Idle Finance, APY.Finance, Harvest Finance).

This is possible in part because of composability. Jesse Walden of Variant elegantly defined composablity as “a platform is composable if its existing resources can be used as building blocks and programmed into higher order applications. Composability is important because it allows developers to do more with less, which in turn, can lead to more rapid and compounding innovation.”

The fact that today someone can use ETH as collateral, create DAI, roll it through Tornado.Cash, exchange it for USDC on Curve, and then bet on an election on Polymarket is amazing. Ethereum has the developer tooling, building blocks, liquidity, wallet support, and tradable assets (ERC-20s) that make building viable DeFi businesses on top possible. Composability creates a virtuous cycle: it makes it easier for entrepreneurs to build new products on Ethereum because they can leverage all of the existing infrastructure, which allows them to come to market faster, which allows them to iterate and find product-market fit faster, which makes the products better, which makes more people want to use the products, etc. The network effect of the DeFi ecosystem is potent.

However, this compounding innovation isn’t without risk. In fact, for DeFi specifically, as innovation compounds, so does risk. In this essay, we explore the dependencies across DeFi and how several key layers underpin the entire space. If any of them were to falter, DeFi as a whole could come crashing down.

The only effective way to understand the risk that investors assume by “yield farming” is to understand the dependencies hidden within the DeFi Stack, referred to as composability risk from here moving forward. In order to do that one must understand the layers in the DeFi Stack.

We have segmented the DeFi Stack into six distinct layers in an effort to better understand these risks and dependencies. Below, we present an overview of composability risk, which is what happens when money legos turn into money jenga.

The DeFi Stack

Unpacking the DeFi Stack

Level 1: Atomic Units of Value

It takes money to make money. Thus, Level 1 in the DeFi stack starts with atomic units of value.

DAI, ETH, money market tokens (cTokens and aTokens), centrally custodied ERC-20s, pegged assets and stablecoins (USDT, USDC, WBTC, renBTC, tBTC), and LP shares from AMM pools are primarily used in DeFi protocols as collateral for derivatives, loans, and leverage. They represent the beginning and end of the lifecycle of a full trade.

DAI and Tether are risky in different ways. DAI’s primary risk is that the Maker system breaks down and DAI loses its peg. Tether’s primary risk, on the other hand, is that something adverse happens to the bank account(s) that house the dollars that back USDT. All centrally custodied assets like WBTC and USDT face binary risk in that they could plummet in value if, for example, the BTC is hacked or the market finds out that Tether’s US dollars are not actually present in a bank account. Each introduces meaningful risk at the bottom of the inverse pyramid that is the DeFi stack. Regardless of a bug or a smart contract failure, if any atomic unit of value falters, any system that leverages it, regardless of how good its code is, will suffer.

DAI-USD Price History Source: Coin Metrics

Level 2: The Transaction Layer

Being able to mint atomic units of value is not enough. DeFi users - both humans and bots - must be able to transact on chain. This ability - which is often incorrectly taken for granted - is Level 2 of the DeFi Stack.

As DeFi protocols gain traction, they become part of an increasingly complex DeFi system. No longer does a protocol simply need to query key:value lookups (e.g. look up public address, return number of tokens held). Modern DeFi protocols depend on external transactions to operate smoothly, including tracking and storing collateral balances, measuring collateral ratios, processing oracle prices, executing liquidations, distributing staking rewards, issuing margin and leverage, etc. These operations consume a large amount of gas, and thus need sufficient Layer 1 or Layer 2 capacity. As such, we identify the “ability to transact” as a core primitive in the DeFi Stack.

While this may seem like a given, it’s hardly such. Gas fees on Ethereum - which can exceed $100 USD for a single transaction - illustrate the cost of transacting. If users and bots can’t transact on chain, liquidations, margin top-ups, oracle feeds, etc won’t process, creating a cascade of bankruptcies across DeFi.

The ability to transact is being improved in many ways. Projects like Solana are innovating at Layer 1, optimizing for throughput, latency, and gas costs, the result of which is a step function over the status quo (50,000 TPS, sub-second latency, and near $0 transaction fees). Other projects like SKALE, StarkWare, and Optimism are building Layer 2 solutions to facilitate scaling on top of Ethereum.

Level 3: Price Oracles

Building on the transaction layer, price oracles are the next foundational piece of infrastructure. Secure and verifiable inputs of market data are critical to the functioning of DeFi protocols. The insular design of smart contracts from off-chain data implies that centralized oracles introduce a single point of failure for entire systems.

Oracles enable higher order primitives to trigger events, such as liquidations. Coinbase (centralized) and MakerDAO’s medianizer, Chainlink, Band, Tellor, UMA, API3, Compound Open Oracle, and Nest (decentralized) are the nine largest and most popular oracles today.

If Chainlink’s oracles were to fail or misreport, loans on Aave or Synths on Synthetix could be inadvertently liquidated and DEX mid-prices on Bancor and DODO could skew out of line. An array of systems could flip from solvent to insolvent in a matter of seconds.

Levels 1, 2, and 3 comprise the core infrastructure of DeFi. On top of that infrastructure, entrepreneurs are building more sophisticated and interoperable financial primitives (AKA financial constructions).

Level 4: DeFi Primitives

The primitive layer is what most people think of when they think of “yield farming” or pure play DeFi applications. DeFi primitives include:

  1. Lending protocols
  2. AMM trading pools
  3. Order book exchanges
  4. Derivatives networks
  5. Asset management platforms

These primitives are best thought of as a network rather than as a stack because these protocols do not necessarily layer onto each other in a specific order. Each primitive can be used independently or in conjunction with some other primitive, whether it is on this layer or a lower layer of the DeFi Stack. A few examples:

  • cTokens (layer 1) are used as collateral in Curve (layer 4).
  • Users can borrow from Aave, and then deposit that asset in Uniswap. Alternatively, users can deposit an asset in Uniswap, and then use Uniswap LP shares as collateral in Aave.

Some examples of how DeFi primitives leverage Level 1 - 3 building blocks:

  1. DAI backs all open interest on Augur and is a collateral token in many stablecoin pools on Curve.
  2. USDC backs all open interest on dYdX.
  3. Aave relies on Chainlink’s oracles to accurately issue and liquidate crypto-backed loans.
  4. dYdX uses MakerDAO’s V1 oracle to secure the protocol’s internal ETH-USD price.
  5. Lending protocols and non-custodial derivatives protocols (Perpetual Protocol, Compound, Aave, MCDEX) need Keepers to be able to send transactions to liquidate underwater positions. When the Ethereum network is clogged, positions can quickly become bankrupt, as evidenced by MakerDAO during the March 12th crash.

Level 5: Protocol Aggregators

Aggregators live on top of primitives.

This level is composed of supply and demand-side aggregators. Some examples:

  1. Supply-side aggregators
  2. Demand-side aggregators
  3. Aggregator of aggregators
  4. Novel aggregators

Level 5 protocol aggregators do not custody collateral assets. These products often provide smart contract constructions that enable users to interact with other Ethereum DeFi protocols.

Aggregators have exploded in popularity because they are good at one thing: making (or saving) money. However, investors must consider the risk at this layer of the stack. If any of the underlying protocols fail, users can lose part or all of their funds. This risk is heightened because many yield aggregators like Yearn leverage multiple underlying protocols, so users are assuming the risk of all of the underlying protocols that a given Yearn vault rotates between. On the bright side, demand side DEX aggregators are safest from this risk (since they don’t hold capital but rather just execute atomic transactions intra-block).

Level 6: Wallets and Front Ends

Wallets and front ends sit on top of all of DeFi. Some examples:

  1. Relayers
  2. Wallets
  3. DeFi-Native Front ends

The raison d'être for DeFi wallets, relayers, and front ends is to enhance UX in DeFi. Wallets and front ends don’t compete on financial or technical constructions, but rather they compete on design, customer support, ease-of-use, localization, etc. They are primarily in the business of customer acquisition.

We segment these companies across functionalities. For example, relayers provide a front end for one specific protocol (e.g. Guesser is a front end for Augur and Tokenlon is a 0x-focused decentralized exchange). Front ends like Instadapp and Zapper simplify composing smart contract calls across disparate DeFi primitives.

DeFi Risk Management

Quantifying Compounding Risk in DeFi

There is growing risk in DeFi today. Arjun Balaji of Paradigm described this phenomenon eloquently in a recent tweet:

“The risk surface of DeFi is growing exponentially. This is a combo of:

  • Contract bugs
  • Poor protocol parameterization
  • On-chain congestion
  • Oracle failure
  • Keeper bot/LP failure

Risk is amplified by contract composability and leverage.”

Let’s consider one of the most popular yield farming opportunities: Curve’s sUSD pool. Users deposit one or more stablecoins (DAI, USDT, TUSD, sUSD) into the pool and stake their LP tokens to Synthetix’s Mintr platform for SNX rewards.

curve pool illustration

Each stablecoin in the Curve pool has a unique risk profile (DAI’s peg is held together by Maker’s governance, oracles, and liquidators, and USDT’s value is contingent on the collective faith in Tether’s reserve). The construction of the stablecoin pool reduces the impact of any one stablecoin collapsing in value for that coin’s holders, while simultaneously supporting each coin’s peg. However, the collapse of one coin would still adversely impact the others in the pool, and this would adversely impact all protocols that rely on this pool (instability in the Synthetix debt pool, liquidations among Maker CDPs). This is the double edged sword of Ethereum’s composability — ease of integration facilitates breakneck innovation, but the risks compound in lockstep.

Let’s take a look at some of the largest potential risks in DeFi today.

There is currently $11.4 billion of value locked in the top DeFi protocols (Uniswap, Compound, Aave, Balancer, Curve, and MakerDAO, etc).

Of that $11.4 billion, DAI comprises 9% ($1 billion) of the value locked, USDC represents 24% ($2.8 billion), renBTC comprises 3% ($308 million), and WBTC makes up 17% ($2 billion). If any were to meaningfully deviate from their pegs, there would likely be a cascading wave of liquidations, insolvencies, and price fluctuations.

USD value of Dai, etc Source: Dune Analytics (h/t Jack Purdy from Messari)

Chainlink drives a key function for three out of the top five synthetic asset platforms ordered by TVL. In particular, Synthetix has $126 million in the debt pool predicated on the price of SNX and all synthetic assets generated (which are entirely secured by Chainlink).

Synthetix suffered an oracle attack on June 25, 2019 in which the price feed for sKRW (Synthetic Korean Won) returned incorrect values, creating an opportunity for an arbitrage bot to extract approximately 37M sETH worth of value from the system (although ultimately the attacker returned the funds following negotiations).

Oracle price feeds can also be directly manipulated by users for personal gain. On February 18 2020, an attacker used a flash loan to inflate Uniswap’s sUSD price to approximately $2, supplied sUSD collateral to bZx at this inflated valuation in order to borrow approximately 2400 ETH, and effectively exited the bZx position without a loss in collateral -- all in a single transaction. Since then, oracle attacks have increased, including recent attacks on Harvest, Value DeFi, and others.

Between Synthetix, Aave, and Nexus Mutual alone, Chainlink secures approximately $2.2 billion worth of value, which as discussed is potentially vulnerable to price manipulation attacks.

The last major risk factor is congestion on Ethereum. As we saw recently with the launch of UNI, Ethereum is still not yet ready for global scale trading activity. Several Decentralized BitMEX teams (including our portfolio investment Perpetual Protocol) have had to delay mainnet launches due to increasing gas costs. Not only would be it costly to open positions, but it would be prohibitively expensive to execute critical transactions like topping up collateral and liquidating near-underwater positions.

Risk Mitigation in DeFi

Levels 1 - 3 of The DeFi Stack, which affect virtually all of DeFi, are the most important when thinking about risk mitigation, and as such they are what we focus on here.

Collateral Tokens

Most protocols in DeFi use the same assets as collateral. These tokens include DAI and centrally custodied assets (USDC, USDT, WBTC, renBTC, etc). They also include interest-bearing money market tokens like aTokens and cTokens. DeFi developers can protect against collateral risk in a few ways:

  1. Limit collateral types (e.g. dYdX only allows USDC for perpetual swap positions, whereas Maker allows several types). The trade-off is that enabling more types of volatile collateral creates systemic risk for all collateral in the same pool.
  2. Only accept stablecoins that are transparent and audited as collateral (e.g. USDC and PAX).
  3. Phase collateral types in slowly over time using well-defined risk parameters for each form of collateral, such as liquidity and market cap requirements.
  4. Limit collateral concentration and/or incentivize liquidity providers to add collateral that is underrepresented (e.g. Curve incentivizes LPs to add DAI right now in their 25-25-25-25 pools because DAI has less liquidity in the pool).
  5. Teams that build level 3 primitives could purchase insurance on collateral for their users. This would essentially bring insurance to lower levels of the stack. As an example: dYdX could buy credit default swaps on USDC equal to their perp swap traders’ notional exposure. Stablecoin issuers, insurance companies, or decentralized insurance providers (Opyn, Nexus) could potentially serve as underwriters for the swaps. Opium.Exchange recently launched credit default swaps on the price of BitGo’s WBTC token falling. DeFi teams that have added WBTC as collateral can purchase these swaps to protect users.

Oracles

The oracle mechanism is a major failure and attack vector for almost all DeFi protocols. As mentioned above, 30% of the top 10 protocols on DeFi Pulse rely on Chainlink, while another 20% utilize the LINK token in some capacity. If Chainlink stumbles in some way, a huge percentage of DeFi could collapse.

To mitigate oracle risk, protocol teams can source prices and other off-chain data from several oracle providers (Chainlink, MakerDAO medianizer, Band, Nest, Coinbase) and then use the median. If one skews out of whack X% from the others, it can be ignored (for its centralized oracle, FTX disgregards prices more than 30 basis points from the median). This would potentially protect against a scenario in which one oracle is compromised. Additionally, protocols can use TWAPs or VWAPs to mitigate flash loan attacks.

Alternatively, teams can choose to limit how much the oracle price can move in a certain period of time. This can increase safety in a scenario where the oracle is compromised and manipulated. But if the price does move a lot and the oracle doesn’t, that can cause material market distortions that could materially threaten the solvency of the system.

For a more detailed overview of oracle attacks, check out samczsun’s recent post.

Ability to Transact

On March 12, the MakerDAO system was partially bankrupted because of chain congestion. Keepers, network participants in Maker who can liquidate near underwater positions, were unable to transact because of increasing gas costs. The default configuration of the software that the Keepers used did not adjust gas prices in response to network congestion.

With the rise of decentralized derivatives protocols on Ethereum (e.g. dYdX, Perpetual Protocol, DerivaDEX, MCDEX, Futureswap), the ability to transact will become increasingly important. Imagine if Binance wasn’t able to liquidate losing traders; the insurance fund would be wiped out completely, resulting in a massive exchange-wide auto deleveraging!

With that being said, Keepers are currently earning more than $10M / year across Compound, Aave, dYdX, MakerDAO, etc, and as such we are cautiously optimistic that those Keepers will improve performance over time to capture this opportunity:

Monthly Revenues for DeFi Liquidators Source: LoanScan

We’ve identified a number of solutions that DeFi primitives can use to decrease this risk of not being able to transact:

Move to Layer 2 or more scalable solution (rollups, sidechains, other Layer 1s, etc)

  1. Optimistic rollups are backwards compatible with the EVM, they inherit Layer 1 security, can be higher-throughput (especially across many shards), have low latency and lower gas fees, but there is a long time to withdraw.
  2. Sidechains like SKALE and Matic are instantly backwards compatible with EVM, have high throughput, low latency, and low gas fees, and offer instant deposit/withdrawal highly configurable for devs. However, they don’t inherit Ethereum’s Layer 1 security.
  3. Layer 1s like Solana, Near, Algorand, Dfinity, Nervos, Kadena, and Ava run alternative blockchains to Ethereum. They are generally more scalable and cheaper, however they don’t have the collateral base and building blocks (yet) that have made Ethereum successful.

Create sophisticated and pooled liquidator bots that have capital on hand at all times:

  • KeeperDAO is a communal liquidity pool that allows contributions by token holders, for which they earn rewards from on-chain liquidations. KeeperDAO works across the entire DeFi ecosystem and operates highly sophisticated and optimized software.
  • Individual teams that build primitives can create their own mini KeeperDAOs. For example, Mainframe is pooling liquidator collateral for their fixed rate zero coupon bond lending system. Therefore, the protocol does not have to rely on individuals to execute liquidations.
  • Building on top of this, teams should ensure they optimize their out of the box liquidator software so that it doesn’t fail like Maker did on March 12.

Mining pools can offer prioritized inclusion in blocks:

  • We have been thinking about the opportunity for mining pools to issue their own tokens (we will call them MPT here for simplicity). MPTs could work as follows: When an address which holds at least 10,000 MPT broadcasts a transaction, Mining Pool X’s software would notice that transaction and mark it as a Prioritized Transaction (PT). A PT is included as the first transaction in the next block Mining Pool X mines (so long as the PT pays the minimum gas required).
  • DeFi teams themselves could own large amounts of MPT in order to ensure their key operational calls (e.g. oracle price updates, liquidations, margin issuances) are prioritized and included in blocks.
  • Sparkpool recently announced that they’re testing a network called Taichi. According to Gasnow, Taichi “will directly push received transactions into the mempool of mining pools” and bypass the traditional mempool. This concept helped Ethereum researcher samczsun save $9.6 million for Lien Finance users a few weeks ago.

Miner extractable value (MEV)

  • The phrase miner extractable value was first coined by Phil Daian in his seminal research paper Flash Boys 2.0. The basic idea is that because miners have the ability to order transactions in blocks and censor transactions, they can choose to replace an arbitrage or liquidation transaction with their own transaction (but with zero or lower transaction fees). While this practice is generally considered “evil”, and is certainly problematic for chain stability, it may actually end up being a useful tool for risk management in DeFi. In this scenario liquidator and keeper margins will go to zero. But if miners systematically perform MEV on liquidations and arbitrages, they will deter system-wide bankruptcies and price discrepancies because the liquidation and arbitrage transactions will always happen!

Offsetting of derivatives positions and cross-margining

  • If liquidity providers could cross margin collateral across derivatives venues and net long and short positions on competing protocols, they could provide more liquidity per dollar of collateral. As an example: if an Ethereum address owns a 1x long BTC-USD perpetual swap on dYdX, and a 1x short BTC-USD perp on MCDEX, those positions could theoretically net such that the trader only needs a fraction of the collateral that is otherwise necessary. This would have the added benefit of tremendously reducing liquidation volume. However, this is unlikely to happen in the near term given the lack of maturity both technically and in governance of these systems.

GasTokens such as CHI and GST-2:

Gas token is an underexplored avenue for “scaling”. Right now, the combined market cap of CHI and GST-2, the two major gas tokens, is sub-$2M. What is a gas token? Gas tokens store gas to use in a later freeing transaction, or as pre-paying for gas to be used later. When gas prices are low, savvy traders mint them, and then when gas prices increase at a later date, traders redeem gas tokens and save transaction fees. We expect DeFi teams will begin accumulating gas tokens and use them on their protocols if they need to use an internally built liquidator bot during times of extreme market volatility.

Summary

The increasing interconnectedness between various DeFi protocols is creating compounding risk. There are a lot of different DeFi protocols out there. However, most of the major DeFi protocols have a few common denominators:

  • There is a pool of collateral sitting in a contract that can be traded or borrowed against.
  • To avoid system wide bankruptcies on borrow/lend and derivatives protocols, an oracle pushes a price feed to the contracts.
  • If the debt is determined to be underwater, a third party Keeper can initiate a liquidation and earn a profit for their activity.

As such, in this essay, we aimed to provide a simple framework for thinking about how to manage the three major risks in DeFi: (1) collateral risk; (2) oracle risk; and (3) liquidation risk e.g. making it easier to transact.

While it sounds relatively simple (it primarily boils down to three types of risks!), there are a lot of moving parts that we internally at Multicoin call “legos”. There is currently $13 billion of capital locked in these DeFi networks, and a lot of this money is dependent on a few fundamental building blocks. While some of this value is protected by smart contract insurance providers like Nexus Mutual and Opyn, there is virtually no protection available today for economic and/or congestion failures.

As DeFi matures and more complex primitives launch (e.g. Decentralized BitMEXs and Fixed Rates), teams will need to think more critically about protecting against systemic risk factors. Institutional players such as Genesis and BlockFi, and credible neo-banks like Betterment and Wealthfront, will eventually want to use permissionless DeFi rails. When they do, the first question they will ask DeFi teams is how they’ve chosen to protect against black swans like singular oracle failures or blockchain congestion. Having answers for these questions in advance may be the difference between winning business relationships in DeFi and losing them.

If you’re building tools to help mitigate any of the major risks in DeFi, please reach out to us at spencer@multicoin.capital, matt@multicoin.capital, and shayon@multicoin.capital. We’re interested in this sector.

Disclosure: Multicoin has established, maintains and enforces written policies and procedures reasonably designed to identify and effectively manage conflicts of interest related to its investment activities. Multicoin Capital abides by a “No Trade Policy” for the assets listed in this report for 3 days (“No Trade Period”) following its public release. At the time of publication, Multicoin Capital holds positions DF, AAVE, SOL, SKALE, StarkWare, NEAR, ALGO, PERP.

有兴趣加入我们的团队,与我们共事,或者创造一些伟大的东西?

联系方式