Σ DeFi native boutique ⬩ Always in search of a greater Sum.
Decentralised Finance (DeFi) is touted as a new form of intermediation in crypto markets. The key elements of this ecosystem are novel automated protocols on blockchains – to support trading, lending and investment of cryptoassets – and stablecoins that facilitate fund transfers.
While DeFi is still at a nascent stage, it offers services that are similar to those provided by traditional finance and suffers from familiar vulnerabilities. The basic mechanisms giving rise to these vulnerabilities – leverage, liquidity mismatches and their interaction through profit-seeking and risk-management practices – are all well known from the established financial system. Some features of DeFi could make them particularly destabilising, though.
DeFi protocols are software applications that run on the internet, generally with very little human oversight, and often with millions or billions of dollars flowing through them. Like all software, DeFi protocols have two main software risks – coding errors, that may cause the software to malfunction, and security vulnerabilities that allow hackers to break in and steal funds from the protocol.
Smart contracts are generally the most vulnerable points for cyber-attack and technology failures. Like any other software code, smart contracts require robust testing and adequate controls to mitigate potential risks to blockchain-based business processes. More often than not, the highest-profile security incidents in the DeFi sector are enabled by the vulnerabilities in smart contracts rather than by the exceptional programming skills of hackers. In 2021 alone, more than $600 million worth of tokens were stolen from the DeFi sector. To put this into perspective, these exploits accounted for almost 50% of all the security mishaps in the entire industry. It also highlights that smart contract protocols are increasingly singled out as a potential inroad by bad actors.
There is no guaranteed method to avoid Software Risk in a DeFi investment, but there are ways to reduce it - with proper due diligence and market expertise it can be lessened. SumCap’s team has been pioneering in this emerging space since the birth of DeFi in mid-2019, and have navigated since without suffering any exploit-related loss of funds, but of course, past performance does not guarantee future results.
Most of the large DeFi lending protocols, including Aave, Compound, and Maker, require that borrowers over-collateralise their loans, meaning that borrowers must provide collateral worth over 100% of the borrowed amount. Any loan agreement, in or out of the DeFi ecosystem, involves counterparty risk, which is the risk of loaning money to someone who does not repay.
Oracle price manipulation, which consists in the exploitation of oracles' prices to rake advantage of collateralization requirements, is one of the most common counterparty risks. If the price oracle that a protocol is dependent on is exploited, any loan could turn into bad debt.
For this exact reason, SumCap has a thorough vetting process to exclude protocols that depend on weak oracle providers.