The adjusted total value locked in DeFi smart contracts has grown to $80 billion from $8 billion in one year. In traditional finance, there’s always an intermediary. If an entity acts fraudulently, it is possible to prosecute them.
There are also the regulators enforcing risk management and insurances to minimize the risk. However, DeFi projects aren’t regulated and, by nature, decentralized. There’s even a term to describe user funds’ sudden disappearance: ‘rug pull.’ Recent examples include Pancake.Bunny, Yfdex.Finance, and Compounder.Finance.
In most cases, the projects were not managed by an identifiable entity that could be prosecuted. However, where there is a risk, there is also an opportunity.
Below we highlight the four significant DeFi risks.
Smart Contracts
DeFi applications manage the exchange of assets using smart contracts, which are pieces of code running on the blockchain. Those algorithms define how a particular DeFi application will move cryptos.
Every software code offers hackers the potential to exploit bugs and attempt to drain the funds.
Market Risks
This reflects the broader market risk associated with holding digital assets that present high price volatility. The return on the DeFi investment may not be enough to offset the price drop of the original asset invested. As a result, even stablecoins run the risk of having their price breaking the peg.
Oracle Problems
DeFi applications rely on oracles to access external world data, for example, Ether price at major centralized exchanges. Without oracles, DeFi applications would seldomly provide some real-world utility.
The risks emerge when the data coming from these oracles is inaccurate or has been manipulated. DeFi platforms become susceptible to attacks whenever the oracle data providers or validators have enough power to control it.
Malicious Intent
Some DeFi projects have been created by anonymous figures, creating additional risks. Although infrequent, some developers abandon a project and run away with investors’ capital. This ‘rug pull’ happens by draining the funds from the liquidity pool.
Developers and founders might exploit some hidden smart contracts vulnerabilities that they previously created on purpose.
How to Avoid Unpleasant Surprises?
There’s no 100% measure to prevent DeFi losses. However, by following these simple rules, you will likely avoid many traps.
Smart Contract Review and Auditing
Pick DeFi projects whose smart contracts have been publicly audited and reviewed. Make sure that smart contracts’ code used in the project is the same that has been analyzed.
Every smart contract code needs to be reviewed by professional and reputable sources, such as Certik Blockchain Security, and Paladin Security.
Review the Tokenomics
Make sure you analyze the project with the following in mind.
- Will your APY suffer if bigger money enters the liquidity pools?
- Are the yields generated by the project programmed to diminish over time?
- What is the fundamental project value creation? What is the yields’ source?
- Is there real interaction in the project’s social media? Is the team responsive?
- What are the credentials of the project developers?
Lastly, make sure to review the project roadmap and measure its potential, timeline, and partnerships.
Open Source Creates Clones
Open-source protocols certainly bring faster innovation, but anyone can easily build a clone DeFi protocol without asking permission. That is one more reason to be very skeptical of new projects and avoid rushing into every DeFi token launch.