Demystifying DeFi: lending and money markets – Vol II
By Exponential Team
Published Feb 09, 2023
In the world of DeFi, code is law. Users rely on smart contracts to secure billions of dollars in digital assets. DeFi’s biggest revolutionary potential is eliminating human bias and monetary hegemony that traditional financial institutions have perpetuated for centuries. Unfortunately, code can be flawed just like humans can be — although whether more or less can be debated. To avoid falling prey to these vulnerabilities, protocols must be rigorously audited to avoid coding errors and security breaches. No protocol is immune to exploits; each one has a unique economic design that can be exploited under the right circumstances.
That is not stopping investors from chasing yield. As the industry continues to grow, the number of attack vectors has also increased. DeFi money markets account for the second-highest amount of total funds lost due to hacks (behind cross-chain bridges). Now more than ever, users need to understand the potential dangers and limitations of lending assets on-chain.
notion image
In our first post, we laid out the state of lending markets today — including inherent risks and lessons from past notable exploits. Keeping track of the myriad risk vectors at the speed that DeFi moves is nearly impossible. Luckily, there is a solution. In this post, we will evaluate various DeFi lending protocols using Exponential’s Risk Framework, which distills thousands of risk vectors into a simple letter grade so investors can evaluate risk at a glance, and make smart DeFi moves.

Our approach to DeFi risk assessment

Risk of assets enabled as collateral

When evaluating the risk of a DeFi lending platform, it is crucial to consider the types of assets accepted as collateral. Understanding the underlying risk of these assets can be challenging, as they may have varying economic designs and technical features. To assess the risk of an asset, it is important to consider factors such as the asset's utility or purpose, on-chain liquidity in relation to deposited collateral, decentralization, and concentration of holders.
Long-tail assets, which have low liquidity and volume, are generally more susceptible to manipulation. For example, Aave V2 on Ethereum allowed thinly traded tokens such as ENJ, MANA, BAT, and YFI, as collateral. Such assets increase the risk profile of the whole protocol because positions on those assets can be quickly liquidated at a loss. Subsequently, Aave governance froze new borrowing activity on 17 markets considered risky after the fact. We also view the acceptance of a protocol's native token as collateral as risky, as this has been a common attack vector in past exploits (e.g. Venus and Mango Markets). This is particularly evident in cross-collateral markets, where the risk of the entire protocol is determined by the risk of its weakest link, as just one attack can result in the accumulation of bad debt.

Limits to control risky borrowing

It is important to evaluate the different safety measures in place to prevent risky borrowers from impacting the stability of the lending platform. Some important considerations include 1) are there borrow factors for each asset, which can help limit the amount of debt taken on for a particular asset and limit the overall risk to the platform (e.g. Euler uses both collateral and borrow factors to estimate the risks of borrowing any token relative to any given collateral); 2) are there any restrictions on supplying or borrowing, which can prevent over-leveraging and ensure that the platform has adequate liquidity to handle any potential defaults; and 3) can the protocol isolate high-risk assets, which can prevent a single problem asset from dragging down the entire platform. By assessing these factors, users can better understand a lending platform's overall risk and make more informed decisions about where to lend or borrow funds.
An example of the dangers of inadequate safety mechanisms is the recent exploit on Aave V2. The protocol allowed borrowers to take a loan on USDC collateral at 85% loan-to-value, regardless of their borrowing asset. This lack of risk adjustment on the borrowing side resulted in a lack of controls to limit borrowing positions. The maximum amount borrowed was not in line with available on-chain liquidity for that asset. This led to issues when thinly traded assets were liquidated, resulting in large price slippage and bad debt for lenders.

Robustness of oracles

Oracles play a critical role in the functioning of DeFi money markets by providing a secure and reliable way to access external data. They are responsible for bringing real-world information, such as asset prices and exchange rates, onto the blockchain, allowing smart contracts to make decisions based on that data. The oracle's perceived price is also the source of truth for a protocol's liquidation process.
One of the key issues with the Compound exploit was that the protocol only relied on a single exchange for its price feed, making it vulnerable to manipulation. To mitigate this, many platforms have adopted decentralized oracle solutions like Chainlink. Chainlink uses multiple sources of information and tracks prices on all exchanges, both centralized and decentralized. It then uses a Volume Weighted Average Price (VWAP) to deliver accurate prices, regardless of market volatility. It's worth noting that oracle attacks did not cause the Venus and Mango exploits. In fact, Venus was using Chainlink price feeds at the time of the exploit. The main issue was the acceptance of thinly traded assets with low on-chain liquidity.
Uniswap's Time Weighted Average Price (TWAP) oracle is an alternative to Chainlink price feeds. However, TWAP oracles are considered less robust than Chainlink as they are a lagging indicator that can become out of sync with broader market prices during periods of high volatility. Additionally, TWAP oracles only rely on prices from a single exchange (Uniswap).

Liquidation mechanisms and incentives

The liquidation process of a money market is another important aspect of its overall safety. Each money market has its unique liquidation process, which can include delays, fees, bonuses, and restrictions. For instance, Aave V2 does not permit "soft liquidations," where loans are liquidated only enough to bring the position back to a safe level. Instead, it may sell up to 50% of the collateral. This lack of a soft liquidation feature can put lenders at risk, as it increases the potential for slippage and the likelihood of bad debt accumulation.
The Aave V2 exploit highlights the potential consequences of insufficient liquidation mechanisms. Had the exploiter been successful, the protocol would have been forced to liquidate a whale's position, with 180 million CRV (27% of the circulating supply) deposited as collateral to borrow USDC. Such a liquidation would have resulted in a significant drop in the value of CRV, potentially even causing it to hit $0.

Reserve accrual and safety module

The primary defense for any money market should be through its own reserves. Top-performing protocols also implement a built-in safety module. Aave was one of the first protocols to introduce this concept by using its native AAVE token to protect the platform against bad debt. AAVE token holders can stake their tokens on the platform to earn protocol incentives. By staking, users protect the platform against any unexpected losses, as their collateral may be slashed up to 30% in a shortfall event.
In addition to insurance, many money markets also accumulate reserves. These reserves are often accrued over time through a percentage of the borrowing rate (reserve factor) and stored-in-kind. Some protocols also accumulate reserves from liquidations. The larger the reserve relative to the total amount borrowed, the more likely the protocol can handle any negative market impacts.

Protocol Ranking

(not exhaustive list)
notion image

Key takeaways

DeFi is a new economic frontier with incredible potential, but not without its own risks. The industry was designed to enable a permissionless environment so anyone could participate in lending and borrowing. Like many new technologies, great power comes with great responsibility. At Exponential, we aim to make DeFi as accessible as possible by offering investors the information, products, and support they need to make smart investment decisions. Our exploration of past money market exploits showed that lending risks go beyond just oracles. These risks can be averted by ensuring a sound economic design and careful development of lending protocols. We hope to promote a brighter and safer future for this rapidly evolving space by provoking more thoughtful debates on these types of risks. When individuals benefit more than banks, everyone wins.

In this series