How to make it in DeFi (pt.2) - Risks
Let's talk about risks and where to seek information in the DeFi space. First of all, if you missed part 1 you can find it here >> Article , in this article I will continue to discuss how to make it in DeFi but now we need to address the risks and what you should look out for:
1. Smart contract risk:
DeFi protocols are able to do what they do because of numerous and often sophisticated smart contracts that operate on the respective blockchain that the protocol is running.
As with most computer software there is a chance that small contracts can get hacked. This isn't necessarily something that you can spot immediately. You should therefore ensure that it has been audited by a firm that is well-known for providing a quality smart contract audit (more about this later).
2. De-peg risks:
The premise behind stable coins is that they retain the same value as the currency that it is pegged against and therefore retaining that peg is vitally important. For example what if USDT/UST/DAI isn't worth $1?
But it is also important for tokens that are pegged to the native token, for example FTM/TOMB.
3. Liquidity risk:
Let's say you lend out your tokens to a DeFi platform, and then the DeFi platform lets people borrow your tokens. If you want to withdraw your tokens you can't (unless there are tokens available at that particular moment).
Don't think this is a huge risk, but it's worth mentioning.
4. Bank-run risk:
A bank run happens when suppliers attempt to rapidly and simultaneously withdraw more funds than are available on the platform, causing further panic and distrust of the system. In extreme cases, the DeFi protocols reserves may not be sufficient to cover the withdrawals.
5. Admin key risk:
Always be on the lookout for centralized admin controls that allow a developer or team to lock or move funds deposited into the DeFi app. Changes should only be allowed with approval from multiple parties or a DAO that governs upgrades and proposals.
Ok, so this is the theory regarding risks. Let's now have a look at how you can gather information and what to look for in a new DeFi project:
Step 1 - Social media:
If you hear about a new project the first thing you can do is to check their Twitter page and see if they have a Discord/Telegram channel.
Are the projects followed by many people on Twitter? And is their following good?
If you've been on Twitter for a while, it shouldn't take too long to determine if a project seems promising or not.
Another metric you can watch is how many of the people that you follow are already following the project. If there's no one, then that's probably not a good sign.
Step 2 - Whitepaper/roadmap:
If the information that you find through Twitter/Discord looks promising you should then check the project's website and the whitepaper. It's important that the project has a solid roadmap. If there's no roadmap/whitepaper you should definitely stop your researching process here.
Step 3 - Is the project audited?
Audits are the first line of defense when it comes to finding a safe staking/yield farm. But even if a project has been audited, your funds are never 100% safe. You see, the auditing process is not of an equally high quality in all auditing companies.
Four things to consider:
Is the protocol really audited? Lots of protocols try to mislead and can even provide completely fraudulent information.
When a DeFi protocol wants to obtain an audit they can send the code that they're using, have it audited but then launch with a totally different code. The contract should therefore be on-chain, not on the cloud based developer repository Github.
The DeFi protocol may hide some of the code (not delivering everything for an audit).
Quality of the auditor/audit company: The most reputable auditing companies include: OpenZeppelin, Certik, PeckShield, Trail of Bits, Obelisk, Solidity Finance, Omniscia, Paladin, Hacken, and Consensys Diligence.
There are a lot of auditing companies and the list could be longer. If you don't feel confident in the company, consider reaching out to the community or do some additional research to ensure that they are a reputable company.
Step 4 - Find out more about the team
Does the team appear on social media and on the platform website with their full names, or are the team members anonymous?
It is much easier to trust team members who aren't anonymous. At least try to find out more about what they've done in their careers, where they've worked, if they have a comprehensive LinkedIn profile etc. You should also be able to send a direct message to the team.
Step 5 - Check the website DefiSafety.
This website reviews many different protocols. It can takes a while before new protocols are listed here, but for the protocols you are considering putting money in, they should be listed here.
It is also worth checking http://rugdoc.io to read more about different DeFi protocols.
Step 6: Are steps 1 to 5 checked off?
If the protocols are checking off on all the 5 steps, you would have undertaken some quite thorough due diligence and as such you should feel relatively safe relatively about utilising the protocol.
Always consider buying a small amount first, just to check that the protocol works smoothly and that the staking/unstaking function works as you are expecting.
Invariably you're going to hear about DeFi protocols that don't satisfy your due diligence because they don't check off all of these steps in terms of security. If you intend to still proceed, in such instances never allocate more than a maximum of 5% of your total portfolio for these high-risk projects.
Step 7: Discuss and stay informed
Discuss with friends on Twitter about the protocol, if all of your crypto-skilled friends give you negative feedback it could definitely be a red flag.
Let's have a look at 3 popular protocols and you will see how you can rate them with a 1-10 risk score.
A risk of 1 doesn't necessarily mean that it's risk-free, because you always have smart contract risk associated with these protocols.
1. Anchor Protocol Earn Savings account:
In part 1 I have already written about Anchor, however to summarize:
Complete transparency with team with the CEO (@stablekwon) as the anchor of Terra behind them.
The Terra ecosystem is built around the Anchor Protocol which makes me trust this.
Anchor Protocol is triple audited.
They have a bug bounty program that incentives programmers with rewards of between $10k and $150K if they find errors in the code.
There is a huge following on Twitter.
The interest rate on Anchor has been between 19-20% since its launch.
Risk level 1.5/10 (low risk)
TIME is an OHM fork that was made by Daniel Esesta (@danielesesta) so there is complete transparency here.
There is a big following on social media
Launched in September 2021
Extremely high APY (80,000% which makes people think it's a scam)
It's unaudited (as far as I know), but it's a fork of $OHM (which has been audited twice: PeckShield and Omniscia).
The platform itself is solid, however the risk here is the tokenomics model (DeFi 2.0).
In order for TIME to grow, more money will be needed to be invested into the system.
The reality is that TIME will perform well if the bull market continues, but it could have a hard time in consolidating markets and obviously bear markets.
You could look at TIME as an asymmetric bet that can make you money if you hold it long-term, but it's extremely volatile and in case there were a bank-run situation you may lose most of your holdings. So this is a high-risk bet, which can make you a lot of money (or eventually lose it all).
Allocation to DeFi 2.0 and tokens like $TIME should be a small percentage of your portfolio.
Risk level: 9/10 (because of the tokenomics, TIME itself is solid).
3. Abracadabra UST-$MIM Degenbox Strategy
A solid platform with lots of 'degen' strategies.
This strategy includes using $UST as collateral to borrow MIM with leverage in order to maximize your stablecoin yield.
On Anchor Protocol you can get 20%, with Abracadabra you can get over 100%. The risk is liquidation. If UST goes lower than your liquidation price, you will lose your collateral and it will be game over (at least for your money on Abracadabra).
Hard to give an exact number of risk levels here, because it depends on the amount of leverage you use.
Risk: 5-10 (depending on the leverage).
The DeFi space is growing and advancing at an incredible pace with many innovative platforms and protocols emerging all of the time. It's impossible to monitor all of them. The best way to approach this space is to focus on some ecosystems rather than to try everything.
If there is one thing that you take away from this article it's understanding the importance of Doing Your Own Research! So if you choose to venture into this exciting new area of cryptocurrency investing make sure that you don't do it blindly.