I love DeFi, the design space it opens up is impossible to fully comprehend and it seems like every week there is some new novel-to-mind-blowing product or service being launched. Only a fraction of these will ever reach mainstream adoption or accrue a meaningful amount of liquidity but this iteration through successes and failures is required to find the compelling use cases. I am of the mind that its the products that are doing something completely new, rather than ones re-hashing traditional financial market structures that will catch on but that isn’t the point of this post.
DeFi has been referred to as money-legos, the composability of all of the different products being the strength of the space as a whole. One new product can enhance dozens of existing products which makes for a compelling positive-sum area to work in. With the excitement, though there are (rightful) concerns growing around DeFi around the real risks to users of the various products. Most of this is thought of in the context of a potential hack or bug that leads to a loss event that, at best hurts a few peoples wallets, and at worst brings the whole thing crashing down.
While the risk of a specific loss event is very much worth worrying about, any one event only becomes a systemic threat to the overall system if there is a high correlation of risk. The work that DeFi score is doing is very interesting and useful for specific services but is only an input into a calculation that is needed to get a sense of the risks facing the space as a whole.
So let's do something about it
I spent 11 years working with hedge funds on trading, compliance, allocation, risk mgmt, etc. platforms. A couple of those years straddled the ‘08/’09 financial crisis and only one thing was clear. The funds didn’t know how to properly assess risks and the regulators knew even less. I am not saying I do but I am willing to say I know I don’t and start from there. At this early juncture, it is important to start investigating options for the new decentralized financial system being built right now. With orders-of-magnitude better data availability and transparency, I am confident that a reasonable solution can be found. Here are my thoughts on the start of a general risk topology.
What other apps and services do this app depend on? If I am assessing the risk for pooltogether, a good portion of the potential risk of loss comes from compound. So one could say that any pooltogether deposit carries 60% compound risk (of the total probability of loss, what are the odds the reason is compound). This can go to n-layers of integrations.
What inputs does an app share with other apps?
- Sharing a common open-source repository
- Sharing price oracles
The auditor could be input here (maybe they had a blindspot or use a tool that is eventually found to miss something) but I don’t think its significant enough to include.
The Special Sauce
All apps carry some risk that is all their own. So while the percentage exposure to other apps, price oracles, etc. is getting allocated some percentage should be left to represent their special sauce.
Just Fudge It
This is not an especially scientific assessment. I think initially these percentages could be set by a group of knowledgable parties. In the future, some of it could be automated and the rest left to a shelling game to crowdsource results. As long as they are directionally correct the impact of any miscalculation would be minimal.
And then what?
For my own purposes, I am working on a risk transfer protocol that will provide options for users to purchase coverage against losses at applications they are using. To provide reasonable premiums and attractive returns to capital providers it must be under-collateralized while still instilling confidence that it will be able to service all valid claims. That takes diversification and real diversification at that. I am working on an excel model for diversification adjusted exposure in DeFi, but it is still a bit rough. If you would like to see the rough draft and provide some feedback dont hesitate to reach out.