November 8, 2020 5 min read
Opinions expressed by Entrepreneur contributors are their own.
The cryptocurrency world is prone to hype, whether on the grand scale of the ICO boom and Bitcoin price pump of 2017 or the lesser scale of a new project or platform launching. This year has been all about DeFi and its revolutionary potential to reshape finance. In February, total value locked in decentralized finance applications exceeded $1 billion for the first time. By late October, it had hit $12 billion. The growth reflects the increasing willingness of traders to speculate on this nascent and largely experimental sector. With the potential for returns bordering on the ridiculous — 52,000 percent in one estimate — it’s hardly surprising.
But activity in DeFi is now showing signs of slowing down, with the volume on decentralized exchanges starting to drop off. Perhaps this was inevitable, but it represents a timely moment to reflect on some of the lessons learned from riding the DeFi rollercoaster.
1. DeFi can be dangerously exposed to price manipulation
Price manipulation became a problem early in 2020, as users sought to exploit the relatively new availability of flash loans. A flash loan involves taking out an uncollateralized loan using a protocol like Aave or dYdX, and using it in one or more related trades, then repaying the initial loan and pocketing any profits. The catch is that the entire series of events has to be performed within a single Ethereum transaction.
One challenge of decentralized finance is that the Ethereum blockchain doesn’t know the market value of the tokens based on its platform. Therefore, DeFi protocols use price oracles to settle trades. In February, a trader took advantage of the fact that bZx, a lending protocol, used the prices on decentralized exchange Uniswap as its price oracle. With low liquidity in a particular Uniswap pool, it was easy to borrow enough in a flash loan to dump tokens on Uniswap, forcing the price down while a parallel trade took out a long position. The trader came out of this chain of events with $330,000 in profit.
So, what can we learn from this? DeFi needs better price oracles. Relying on a single data point with fluctuating liquidity represents a vulnerability. Decentralized oracle services such as Kylin Network aim to overcome this challenge. A decentralized oracle doesn’t use a single price feed. Instead, it takes data from many different sources. Kylin Network is developed on the new interoperability platform, Polkadot. Therefore, it is a cross-chain protocol that can both take data from multiple blockchains and be deployed on applications running on any platform.
By using price oracles that take data from multiple feeds, then engineering an arbitration mechanism that allows for real-time validation, DeFi applications can reduce or even negate the risk of price manipulation.
2. Unaudited code is a risk
As developers rushed to get their DeFi applications out to the markets amid the hype, it became apparent that anything goes as far as code is concerned. This year, there have been several incidents illustrating the dangers of unaudited code.
In April, hackers exploited a vulnerability in lending app dForce that affected a particular type of Ethereum token, stealing $25 million worth of funds. However, it should never have been allowed to happen, given the vulnerability was known among Ethereum developers. Reputable projects like Uniswap and Compound had already issued upgrades to address the issue. For its part, dForce had simply copied and pasted an older version of Compound’s code that still contained the vulnerability.
Such is the appetite for DeFi that some developers are finding traders will start using their code even before they’ve confirmed it’s ready for release. In October, whizzkid developer of the popular yEarn finance protocol, Andre Cronje, confirmed he was developing a new dApp called Eminence. Investors started pouring funds into it before he had even released it. Some of them later sent Cronje death threats after hackers realized what was going on, exploited the unfinished code and stole their funds.
In the latter case, an easy lesson for DeFi investors is not to put your funds into unreleased protocols. However, the first case illustrates that developers need to ensure that their code is robust against attacks. Some projects, such as the Polkadot-based Equilibrium, are addressing the issue head-on by engaging external code auditors.
It’s still early days, but the Smart Contract Security Alliance is a coalition of blockchain auditing firms that aim to create standards for smart contract security. Ultimately, this could prove to become a stamp of credibility, indicating applications that are operating safe and secure code.
3. DeFi tokens are probably overhyped
DeFi tokens, earned through the practice of yield farming, have been the new ICO token of 2020. Like their ICO predecessors, most of them underwent price spikes driven by initial hype around the token. The boom and bust pattern is observable in tokens from established DeFi projects, including Compound and Uniswap, which fell 70 percent and 60 percent respectively, between their launch dates and the end of October. Perhaps unsurprisingly, the trend is no different in the newer DeFi projects released this summer, none of which managed to retain their initial value.
This price pattern isn’t necessarily an indicator that these tokens don’t hold any longer-term value. Some of them confer governance rights, such as voting on particular developments within a project, similar to company shares. These features may help them sustain their price level stability in the longer-term. However, when a new DeFi project token emerges, and the price is rocketing to meteoric highs, chances are it’s not a sustainable long-term investment.
In the case of DeFi tokens, the best advice is the oldest adage in the crypto sector — do your own research.