Risk in DeFi

Risk in DeFi

Today’s post is about a recent report from Moody’s on Risk in DeFi.

Risk in DeFi

The title of the report is “Block by Block: Assessing RIsk in Decentralised Finance”.

I came across this report because one of its authors is Lily Francus, also known as nope_its_lily.

  • She came to fame by writing about options (using her Nope indicator) on Twitter and Reddit, particularly during the meme stocks frenzy of early 2021.

At the time she was a PhD student (( In a medical field, from memory, not in finance )) but now she is a director at Moody’s.

The other main author is Tarun Chitra, CEO of Gauntlet.

  • Gauntlet is a modelling and simulation platform for blockchain.

The report looks at how to measure risk in the DeFi environment.



DeFi is the use of “smart contracts” (computer programs) that are stored on the blockchain to replace traditional financial services.

  • The contracts will self-execute when certain pre-defined conditions are met.

The decentralised and transparent nature of the blockchain means that logs are visible and transactions are irreversible.

  • The key difference is the elimination of the requirement for a trusted intermediary (as with banks and credit cards, say).

The intention is to make services more accessible, though problems of implementation (notably low capacity and high transaction fees) mean that in practice DeFi is less accessible at present.

The top 100 DeFi tokens were capitalised at $100 bn as of December 2021.


DeFi layers

The report describes five layers within a DeFi platform:

  1. The settlement layer (protocol plus blockchain)
    • This is usually ETH but could also be Avalanche or Solana.
  2. The asset layer is the token definition
    • The most well-known are ERC-20 for fungible tokens (used in DeFi) and ERC-721 for non-fungible tokens (NFT).
  3. The protocol layer is the code (smart contracts)
  4. The application later is the user front end
    • This is usually a browser extension or a mobile app
  5. The aggregation layer combines lower-level assets and products
    • The report gives the example of a yield aggregator protocol that displays real-time yields across a variety of assets and protocols.

The key feature here is the opportunity to combine different smart contracts into larger combinations that must succeed or fail as a set, reducing risk (and potentially lowering fees).

  • A second benefit is the potential for the complete automation of processes without human intervention.

DeFi loans

A notable difference to TradFi is the lack of recourse on loan defaults beyond any initial collateral provided.

  • Since exchange rates – both within crypto and between crypto and fiat, sometimes via stablecoins – are volatile, even 100% collateral may not be enough.

Most platforms require over-collateralisation at more than 100%.

  • Gauntlet is one of the firms providing data to optimise collateralisation requirements.

Most platforms use two tokens.

  • When a collateralized borrower initiates a loan, the collateral is locked and the borrower receives a promissory token that can be redeemed for the collateral along with interest due.

These tokens can be transferred (to allow third parties to receive interest) but only the borrower can redeem the collateral.

See also:  DeFi and the Future of Finance - Part 3

The second type of token is a governance token which allows the holder to vote on platform decisions and usually to receive a cut of platform fees.


DeFi risks

The report identifies three main risks:

  1. Valuation risk, that the loaned capital and loan amount (including interest) will change in value
  2. Opportunity risk, that a better offer may appear in the future (during the lifetime of the loan), and
  3. Counter-party risk

The first two are symmetrical – borrows and lenders have the same information with which to evaluate them.

  • The third is asymmetrical – each side knows more about its own risk.
Adverse selection

Counterparty risk can be subdivided into an adverse selection and the principal-agent problem.

In TradFi, asymmetry leads to trusted third-parties like the bond rating agencies (of which Moody’s is one).

  • It also results in legislation controlling how lenders may operate.

In DeFi, adverse selection largely reduces to collateral valuation, which decreases with collateral liquidity.

  • A second issue is that the trustless nature of blockchain means that lending does not incorporate borrower histories and bad actors could take advantage of this. (( At the same time, historically borrower actions are freely available on the blockchain ))
Principal-agent problem

The PA problem is essentially a conflict of interests.

  • For example, fund managers paid by AUM have little incentive to deviate from a safe index, or from their peers.

In contrast, managers paid by performance are incentivised to take on high levels of risk, since losses will not be penalised to the same extent (and often, not at all).

Again, third parties often provide risk scores to help principals choose the best agents.

In DeFi the conflict is between investors (lenders) and those who govern the platform.

  • Governance is usually dominated by a few large “shareholders”.

In theory, governance should be in the long-term interests of the platform, but there can be short term impacts to the value of governance tokens.

  • In addition, spot price synchronisation across exchanges operates directly through arbitrage, which is not free.

A balance needs to be struck between incentivising arbitrageurs and ensuring sufficient liquidity from non-arbitrageurs.

Who bears the risk?

In a loan, the primary risk falls on the lender, who must hope that the borrower will not default.

  • Default risk is compensated by the interest rate, and comparing this rate to the risk-free rate gives an estimate of default risk.

With listed corporate debt, stock values can also be used to compute risk by viewing equity as a call option on the asset value of the firm.

In DeFi, the lender is effectively the platform, and the usual first bearer of risk will be the holders of the governance tokens.

  • Extra tokens can be created (leading to dilution) when there are losses or shortfalls, and tokens can be “burned” (destroyed) when the platform is profitable.

So in the same way that equity can be used to gauge corporate risk, the value of governance tokens can indicate platform/protocol risk.

  • Any fall in the value of the promissory token (which is often a stablecoin) would also indicate risk.
See also:  Bitcoin Investment Thesis - Fidelity
Modelling risk

DeFi risk table

The report has a handy summary table looking at the seven risks identified in the earlier diagram, together with some mitigation techniques. (( Oracles are data-providers for off-blockchain events and are often targeted for manipulation ))


Compared to Lily’s other writings, this is a fairly dry piece, which is not to say that I didn’t learn anything. The key takeaways for me are:

  1. Over collateralization as a standard puts more risk on DeFi borrowers than in the TradFi world.
  2. The value of the governance token is a measure of risk.
  3. A collapse in the promissory token spells serious trouble.

What I’m not clear on is Moody’s role in assessing DeFi risk.

  • Trusted third parties seem antithetical to the crypto philosophy.

Until next time.

Mike is the owner of 7 Circles, and a private investor living in London. He has been managing his own money for 40 years, with some success.

You may also like...

Leave a Reply

Your email address will not be published.

Risk in DeFi

by Mike Rawson time to read: 4 min