What are the risks in DeFi?
People began using DeFi without comprehending the risks: here’s what you ought to know about an imperfect technology. It is essential to understand that investing in DeFi is highly risky. That’s it, keep it in mind.
This post reflects my personal opinion and I’ve been known to be wrong at times. If you find any mistakes, let me know in the comments below.
1. Crypto risks
- Solidity. The bugs in the solidity language that ETH and other projects use to write a code for a smart contract. Of course, language updates, but this is not guaranteed that bugs will not appear again. Check another article about it
- Stable coins legal attacks. The disclosure of unconfirmed and unsecured USDT by real money and assets can cause both a negative and the appearance of a black swan for the market. Check this article – is Tether a black swan?
- Oracle issues. Oracle can erroneously make a mistake in displaying the price of a token for landing protocols for which assets are often pledged and for which you take a loan. The wrong display of the price for Oracle => incorrect display of liquidation threshold metric => liquidation of a position by assets => -% of liquidation of your assets.
2. DeFi market risks
- Gas fees. There may be situations when you sent LP tokens to the liquidity pool and spent $15 of gas in order to withdraw. After the market grows and the number of transactions increases, you will need about $250. This happened this year when I spent $240 on gas in the 1inch project to withdraw tokens from the liquidity pool. Check the gas price here
- New shit projects. It often happens that you notice a new protocol which everyone is talking about and you add liquidity without any research, and the protocol turns out to be crappy or even a scam. This happens very often in the DeFi market. Be careful! Another Deriswap scam caught it at the moment of creating a Uniswap pair. Don’t get hooked by scammers there. A rug pull transaction from the contract creator.
- Liquidity problems. These happen when you try to put assets into the liquidity pool but before that you need to mint your tokens and create new ones. Only after that can you use them in a pool. But the problem is that when you try to remint tokens there are not enough real tokens. Thus, you cannot return the original tokens due to lack of liquidity, and you cannot sell minted tokens since there is no market for them.
3. DeFi project risks
- Website. Here the main problem may be a non-working site or exploits. An example is Pancakeswap, when the dns was changed for six hours to the site, named as a DNS hijacking.
- Rug pull. It describes a very disastrous situation that occurs when the CEO or a team can leave an investor with extreme losses. In other words, scam you. So, be careful who you give your money to! Turkish bitcoin exchange made a rug pull. One estimate put the locked-up funds at between $2-10 billion.
- Impermanent loss. Users face impermanent loss when the price of a token changes after they have added two assets to a pool. The only ways to avoid IL is not to use farming, but to choose stablecoins or the 3 version of Uniswap (in version 3, there is an option to minimize IL)
- The price of a token. When you see 2000% of the API in the liquidity pool, this may be a sign that the capitalization of the token is still being formed. This usually happens when you go into a project and see such a large APY that you buy a project token and stake with a stablecoin, but after a day the price of the token drops sharply, and the interest does not save you, since the % drop will be more than the % on payments.
- Leverage problems. This is a very insidious thing that can both make you a millionaire and deprive you of all your money. If you don’t want to devote all your time to this, it is better not to use it. You can be liquidated with a large leverage and lose all the money you earned. Do it carefully, if you know what you’re doing.
- Governance token attack. An attacker can use a 51% attack at that moment when the tokens bought by a user allow him/her to approve or reject any proposal in the protocol through the governance token. This study described a governance attack on Maker Dao.
- A few n. of validators. On the one hand, a small number of validators in the network is superb since it allows the network to scale, but on the other hand, it makes the network non-decentralized, which depends on a small number of validators. Example: Binance Smart Chain (21 validators) and Matic (8 multisigs for ETH).
4. Protocol risks
- Bugs. An audit is not a guarantee that a protocol cannot be hacked. The site Rekt.News proves that hackers find holes in the protocols even with an audit and use exploits to withdraw large amounts of money. The Pickle.Finance was hacked due to controller bug #4. Twitter thread.
- Slippage. Slippage occurs when a trader makes an exchange at a price different from the one he initially requested. Due to the price movement, you can get a smaller number of other assets. The investment company lost $542k due to the 7x slippage, transferring the usdt-usdc liquidity to the Alpha Homora project. Twitter drama. A detailed transaction.
- 100% withdrawal fee. Some developers, having great powers and a penchant for bad things, can prescribe a team in the contract so that the withdrawal fee from the liquidity pool can reach 100%. This seems to hint that all your money remains with the contact. Sorry!
- Flash loans. This allows you to take out an unsecured loan with the obligation to return it in the same transaction. This opens up space for making fraudulent manipulations with the contract through a large loan in order to withdraw some of the liquidity from the contract. WARP.FINANCE lost 7.8 mln DAI due to manipulation of prices on Uniswap using flashloan. A detailed transaction.
If you choose to invest in DeFi, the first step is to make sure the protocols you’re considering are well-audited and secure. You won’t be able to avoid all the risks, and therefore it is worth approaching this consciously as far as possible.
This seems to be long-term bullish of DeFi. DeFi has a lot of inefficiency and a lot of developers are already working on it. There may be even more risks with the contract and the protocol, and I have covered only the main points on which it is worth focusing your attention.
Be vigilant, do DYOR and distribute your funds wisely!