Decentralized finance, or DeFi, was promoted as a remedy for the flaws of traditional finance when it first gained traction in 2020.
Decentralized lending was promoted as DeFi’s killer product, allowing users to instantly borrow and lend digital assets on blockchains without the need for banks or credit checks. DeFi lending “blue chips” like the Aave protocol, the largest decentralized lender, continued to operate as centralized crypto lenders like FTX collapsed last year as a result of unscrupulous actors and financial mismanagement, supporting DeFi’s case as an improvement to traditional banking.
According to DefiLlama, despite the downturn in the cryptocurrency markets, Aave still has user deposits of $4.6 billion, collected from users worldwide to support bankless borrowing on Ethereum and other blockchains.
A $70 million theft on Curve, one of the biggest decentralized cryptocurrency exchanges, a few weeks ago, however, exposed weaknesses in the DeFi promise. The attack unleashed a chain of events akin to a Rube Goldberg machine that tested the limits of DeFi lending, threatened to plunge the value of a crucial DeFi asset into a “death spiral,” and raised serious concerns about the capacity of community-driven financial platforms to manage risk.
Limitations of too-collateralized lending
Smart contracts, blockchain-based computer programs that let people conduct direct business with one another, power DeFi. As a result of the reliance on code, lending, borrowing, and token exchange are meant to be quick, affordable, and widely accessible.
A “decentralized” network of individual depositors, each of whom receives a portion of the interest paid by borrowers, provides the capital that DeFi lending platforms like Aave, Frax, and Abracadabra give out. These individuals share the risk associated with large positions; if a borrower cannot repay their obligation, these lenders are left holding the bag.
DeFi lenders typically have rigorous over-collateralization rules, which means borrowers must put up more value in collateral than they take out as loans. This is because they have fewer resources than banks to assess a borrower’s creditworthiness.
Recent occurrences have demonstrated the limitations of high collateral for risk mitigation.
Michael Egorov, the creator of the Curve exchange, took out loans totaling almost $100 million on various decentralized lending platforms over several months in 2023. He pledged CRV, the native Curve token worth more than $200 million, as security.
If a borrower’s collateral drops below a certain price, DeFi lenders are programmed to liquidate the collateral automatically—that is, sell it off on the open market. The lenders of Egorov believed they had adequate CRV security to protect themselves in case of a possible default.
However, the exchange founder’s DeFi lenders realized they would soon be burdened with millions of dollars in bad debt when a hack last month drained $70 million from Curve, bringing the price of CRV down 20%, closer to costs where Egorov’s collateral would have been automatically liquidated.
Egorov’s complete collateral position was reportedly not considered when smart contracts granted him loans since it was spread across several different lending protocols and was challenging to account for programmatically. Egorov had pledged a significant one-third of all CRVs in circulation as collateral. Even a small portion of this amount may have caused the market for CRV, a systemically important DeFi asset that is somewhat illiquid, to collapse.
“You’re never going to be able to liquidate very rapidly,” said Sacha Ghebali, a data analyst at cryptocurrency analytics company TheTie. “When a project’s founder wants to lend a huge portion of a token’s supply, you’re never going to be able to do that.” You must set boundaries there.
To avoid being the final people with worthless CRVs, some of Egorov’s most powerful leaders briefly engaged in a standoff akin to the one in Mexico. They debated whether to liquidate the Curve founder first.
Egorov avoided liquidation because he could settle some of his debts with wealthy “whales,” such as Justin Sun, the founder of Tron, who had a vested interest in keeping DeFi afloat.
The Egorov situation, however, “put a chink in the armour of DeFi protocols in showing that you can have bad debt, you can have credit losses in over-collateralized loans – provided that the collateral is not liquid enough,” said Sid Powell, the CEO of Maple Finance. This DeFi lending firm focuses on institutions.
Decentralized risk management issues
Every lending platform has provisions built into its code to guard against situations involving systemic risk, such as the CRV debacle. Generally, the regulations specify which assets may be borrowed and what types of collateral may be offered in exchange. Over-collateralization requirements are one key form of risk management, but they are not the only one.
An Aave representative was careful to point out that Egorov’s $60 million Aave lending position was made in Aave V2, an older version of the platform, and would not have been possible in the newer Aave V3 protocol, which “has risk parameters which limit this exact scenario to the point where bad debt is extremely unlikely.”
To set these kinds of risk parameters, banks employ qualified managers. The investors receive this liability due to Aave and other DeFi lenders.
The Aave DAO, also known as the platform’s holders of the AAVE token, determines Aave’s risk criteria. The system is presented as a means for Aave’s investors to control how their money is borrowed democratically.
A spokesman for Aave told CoinDesk that “the Aave DAO is known for conservative management. Some experts claim that the Curve issue demonstrated that risk management is too complex for a DAO.
The Aave model is not designed to grow with this kind of complexity, according to Frambot, who has worked with Morpho to implement new sorts of risk management systems. DAOs take a while to decide, and “you need a PhD in risk management to understand these things,” according to the author.
Leaving it to the experts
If the Curve issue showed anything, DeFi lending protocols should be seen as systems that heavily rely on human judgments rather than autonomous pieces of computer code, according to Frambot. The founder of Morpho claimed that the Aave protocol is more akin to an on-chain fund with decentralized and open rails. To manage the danger of this position, they first allow users to deposit money.
Aave’s spokeswoman stated that although “the DAO has various risk-mitigation, third-party services” to offer risk “assessments and recommendations, it is ultimately up to the DAO to determine how to respond to potential risks.”
According to Frambot, risk management is too time-consuming and complex for a DAO to handle, which results in a concentration of power in the hands of big delegates and risk management companies.
Companies with specialized tools to analyze risk and suggest parameter modifications include Gauntlet and Chaos, two of Aave DAO’s primary risk management partners. Frambot stated that risk managers “literally every day” push risk parameters that are entirely trusted and opaque as if we have no idea how they are determined. Yet you know that the DAO will approve it because it is a product of a reputable company.
Since December 2020, 303 ideas have made it to a formal Aave DAO governance vote; normally, these come after a “snapshot” community poll on the Aave forums. Of these, just 8% have been explicitly rejected. 233 of the 262 ideas that the Aave DAO has authorized and implemented were adopted by a unanimous vote. Most of them are concerned modifying risk parameters.
Aave DAO decisions are also frequently made by a few “delegates”—individuals or organizations authorized to cast ballots on behalf of other AAVE holders. The three biggest delegates accounted for more than half of the votes in the previous five Aave DAO votes.
The CEO of Agoric, a business developing a DeFi-focused blockchain, Dean Tribble, said some demagoguery was involved in becoming a delegate. People are rewarded for voting by the majority, which explains why such large swings in outcomes affect 100% of the vote. Or a vocal minority can have a disproportionate impact.
The Curve debacle illustrated the system’s potential for arbitrary behaviour.
