Decentralized Finance (DeFi): Potential and Risks
October 18, 2022
Decentralized Finance (DeFi): Potential and Risks
In a 2008 paper by Satoshi Nakamoto, Bitcoin was proposed as a method of making electronic payments using a blockchain without the need to go through a financial institution. In a relatively short period of time, the basic idea laid out by Nakamoto has grown into a crypto finance world that at its recent peak in November 2021 was valued by Coinmarketcap as being worth almost $3 trillion. However, contrary to Nakamoto’s original vision, financial intermediaries have provided many of the financial services needed for the crypto finance world to grow to this level. Thus, it’s not surprising to see the rise of an alternative method of providing many services not reliant on institutions. This method replaces centralized finance (or CeFi), which is delivered through institutions, with decentralized finance, or DeFi, which uses smart contracts (computer code) running on a blockchain.
DeFi had shown considerable growth starting in late 2020 through late 2021 (for more discussion of this growth, see here ). The standard measures of size, total value locked—saw DeFis reaching a peak of more than $180 billion in December 2021, according to one relatively broad measure (such as DeFiLlama, a total value locked data aggregator). Although these numbers may sound large, they are still a rather small part of the global financial system. For example, four US banks have total assets greater than $1.5 trillion. Moreover, the total value locked in DeFi has dropped dramatically since the start of the “crypto winter” earlier this year, reaching values below $55 billion in September 2022. Whether DeFi can become a major provider of financial services will likely depend upon the extent to which crypto finance either integrates with the existing financial system or evolves to become a parallel system for providing a wide range of financial services—or both.
Along with coauthors Francesca Carapella, Edward Dumas, Jacob Gerszten, and Nathan Swem, I recently posted an article on DeFi titled “Decentralized Finance (DeFi): Transformative Potential and Associated Risks” as part of the Atlanta Fed’s Policy Hub series. (It is also available in the Board of Governors FEDS working paper series and as a working paper out of the Boston Fed’s Supervisory Research and Analysis Unit.) This Policy Hub: Macroblog post summarizes some key ideas in our article.
To understand developments in DeFi, it is helpful to understand the how and why of widely accessible (public, permissionless) blockchains. A blockchain is a database where the data are entered in time-stamped blocks and the blocks are cryptographically chained together so that any change in a prior record can easily be detected. Bitcoin facilitates the avoidance of financial intermediaries by using a public, permissionless blockchain, meaning that anyone can obtain a copy of the database, read the database, and potentially write to the database. The problem that such an open database can create is that of “double spending.” An example of double spending would be Joe first making a payment to Jane and then trying to make a payment to Mary using the same funds. This circumstance could happen if Joe has ability to rewrite blocks that had been previously written. That is, he could rewrite the block he had used to pay Jane so that it no longer contains that payment and—using the funds he took back—make the payment to Mary.
Nakamoto’s solution to double spending is to make it very costly to try to rewrite existing blocks. The person who gets to add a new block to a blockchain must win a computationally intensive contest called proof-of-work (participants in this contest are said to be “mining” Bitcoin). As this mining process is mandatory for adding each block, attempting to rewrite a previously written block requires the miner to rewrite every block thereafter to the present, solving the computationally difficult problem for each replacement block—a very costly process. The result is that the Bitcoin blockchain is highly resistant to tampering (often spurring exaggerated claims that blockchains are “immutable”). However, Bitcoin’s protocol also takes a relatively long time to ensure that a transaction has been processed.
In practice, DeFi is a relatively small part of Bitcoin because Bitcoin was not designed for sophisticated programming. The Ethereum blockchain stepped into this gap and added the ability to run programs as part of creating new blocks. Consider a simple example of such a program: one for delivery versus payment (a crypto asset is delivered from agent A to agent B, if and only if B simultaneously pays A). These programs are referred to as dapps (distributed applications). One type of dapp is the smart contract, which automates the execution of financial transactions among different parties. Although some other blockchains have since followed Ethereum in allowing dapps, Ethereum has emerged as the most important blockchain for DeFi as measured by total value locked, according to DeFiLlama’s blockchain page.
Ethereum originally adopted a version of Nakamoto’s proof-of-work protocol to deal with the double-spending problem. However, on September 15, Ethereum replaced proof-of-work with proof-of-stake, in which the party who gets to add the next block is randomly chosen from a group who have locked up (or staked) the blockchain’s native cryptocurrency (called Ether). The winner of this contest is called a validator. The switch to proof-of-stake is part of a long-term project to allow Ethereum to process more transactions in a given period.
Our article discusses some of the most important financial services that decentralized finance is providing. Currently, one of DeFi’s most important services is that of borrowing and lending. Decentralized lending platforms bring together borrowers and lenders. Borrowers incur fees (continuously accruing interest) from the time they take out the loan until its repayment. Lenders earn interest on the funds they lend.
Loans made through a DeFi are typically collateralized with other crypto assets. Participants in crypto finance are pseudonymous, meaning they are known only by their public address on the blockchain, which prevents lending based on reputation and the threat of resorting to bankruptcy courts. Moreover, because almost all the assets currently residing on blockchains are crypto assets, blockchain tokens representing off-chain assets such as equipment and real estate are generally not (yet, anyway) legally enforceable in law courts. As a result of the requirement for on-chain collateralization, borrowers take out many loans to finance off-chain consumption while retaining exposure to the crypto asset they are using as collateral—like a stock investor taking out a margin loan to buy a new car. (Another use of such loans is to increase leverage for those speculating on an increase in the value of a crypto asset—especially a cryptocurrency.)
A second important service type of DeFi service is decentralized exchanges (DEXs), which facilitate the trading of crypto assets with a centralized market maker or centralized order books. DEXs typically solicit investors to lock funds into so-called liquidity pools, rewarding these investors with fees (essentially, interest on their deposits). Users can exchange one cryptoasset for another by withdrawing a different cryptoasset than they deposited. A protocol called an “automated market maker” controls the rate at which one asset can be exchanged for another. If the price of one asset gets out of line with the views of investors or the prices on other exchanges, liquidity providers have an incentive to step in to close the price gap.
A third use of DeFi is the provision of derivatives, or claims whose value depends on (or is derived from) another asset. DeFi derivatives allow users to obtain price exposure to other assets, and this exposure is not limited to crypto assets but could include sovereign currencies, commodities, stocks, and indices. Like DEXs, DeFi derivatives connect buyers and sellers directly using collateral pools.
A fourth use of DeFi is to facilitate payments. One example discussed in our article is that of Flexa, which facilitates timely payments to merchants so that the transaction can be quickly completed despite delays inherent in the settlement of some cryptocurrencies. A second payments DeFi is the Lightning Network, which seeks to accelerate Bitcoin transactions by moving most of the work off the Bitcoin blockchain into what is called layer 2, with only the results recorded on the Bitcoin blockchain.
A third payments system our article discusses is Tornado Cash, a so-called “cryptocurrency tumbler,” which is a service that obscures the relationship between the sending and receiving addresses of a cryptocurrency payment. Tornado Cash receives cryptocurrency funds from various sources and then, with some delay, distributes the funds to the intended recipient(s). The commingling of funds from various sources makes it more difficult to trace payments from one address to the intended recipient at another addresses. Tornado Cash was developed because although most cryptocurrencies are pseudonymous, everyone can nevertheless see payments sent from one address to another even though the blockchain itself does not reveal the identity of either party. However, information linking some addresses to specific parties, and some other analysis, can lead to discovery of many participants’ identities. Thus, people who would prefer to send payments with reduced risk of revealing their identity might prefer to use a tumbler such as Tornado Cash. The problem is that in many cases the individuals seeking to hide their identity are engaged in illegal activities such as money laundering, ransomware schemes, and sanctions evasion. Thus, on August 8, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Tornado Cash. Among the consequences of this sanctioning is that Americans are prohibited from using Tornado Cash unless licensed by OFAC or the transaction has an exemption. This sanctioning has resulted in a sharp drop in the total value locked in Tornado Cash, according to Defi Llama (you can see a graph of historical values here).
The last type of DeFi service that we discuss in our article is asset management. Asset-management dapps are similar to mutual funds in that they pool investor funds so that they can be efficiently invested other assets. This ability to pool assets may be useful, for example, by facilitating investment in an index of cryptocurrency values.
As noted earlier, the value of all cryptoassets and cryptoassets locked in DeFi is relatively small, given the scale of the global financial system. As such, DeFi is not yet large enough to pose a systemic risk to the financial system or to be a significant mitigant of systemic risk. Nevertheless, DeFi’s potential risk implications merit careful review given its potential for growth.
In our article, we discuss how DeFi could reduce some risks but increase other risks in the financial system. Arguably the biggest potential for risk reduction is enhancing the ability of supervisors to track, in real time, major financial institutions’ transactions on the blockchain, both as individual institutions and in aggregate. Having this ability would allow supervisors to respond nearly in real time. The cost, however, is that the complete record of transactions is available to everyone, and pseudo-anonymity can be broken in many circumstances. Thus, users of cryptofinance, including DeFi, have no guarantee that their transactions will remain private. This potential lack of privacy poses problems not only for individuals but also for businesses that would rather not have their financial transactions disclosed to competitors.
In terms of risks created by DeFi, many of them are like the risks that have always been part of traditional finance, including excessive leverage, maturity and liquidity transformation, and so forth. However, important operational differences exist between traditional finance and DeFi that could have significant risk implications. Some of these issues might have solutions, such as whether a blockchain can be made secure and scalable while remaining decentralized. However, many other problems are inherent in blockchains, dapps, and cryptofinance.
At the most basic level is governance of the blockchain and the individual dapps. In theory, the governance of blockchains and dapps is decentralized, with no one party exercising control. In practice, we observe a wide spectrum of governance arrangements. Some governance arrangements are de facto centralized with a small group—typically, the founders—exercising effective control (see, for example, here). Such centralized control facilitates correcting mistakes in programming and adapting to environmental changes. However, such centralization also allows those in control to change the operation of the dapp in ways that benefit themselves. At an extreme, this behavior can take the form of a “rug pull,” in which the founders disappear with all the tokens locked in a smart contract. Conversely, as governance becomes more decentralized, making changes to the blockchain protocol or dapp might become more challenging, and the supervisors could have difficulty finding people to address regulatory concerns. Also, decentralization of governance does not guarantee against someone temporarily buying control to enact changes favorable to themselves, nor does it prevent a majority of the voters from taking actions that disadvantage a minority of the voters.
The process of creating new blocks introduces risks for DeFi users. New blocks typically contain multiple transactions with the miner (or validator) who “wins” the competition obtaining control over which transactions get entered in the block and in which order. One result is that the structure of blockchains allows something akin to front-running in traditional markets. The resulting profit accruing to miners (and validators) is called miner’s extractable value (as discussed in detail here).
Focusing more specifically on smart contracts, this computer code is subject to two problems. First, mistakes in the programming (bugs) are common in computer code. Of course, traditional financial intermediaries’ programs also have bugs. However, the resistance of blockchains to rewriting historical blocks makes reversing errors almost impossible unless the receiver of a payment agrees to reverse the transaction. Second, the code must state (explicitly or implicitly) what will happen in every possible circumstance. Yet as I have previously observed, traditional contracts are often intentionally left incomplete for a variety of good economic reasons.
A third issue related to risk is that of trust. Users of traditional financial intermediaries need to place considerable trust in their intermediary, its regulator, and the judicial system. On the other hand, cryptofinance is described as “trustless,” meaning that its user can verify all transactions on a blockchain and inspect the code being used by a dapp. In practice, though, very few people would have the technical skills (or the time) needed to carefully analyze a dapp to find any programming bugs, fully understand the dapp’s economic incentives, and understand how that dapp could interact with other dapps. Thus, as a practical matter, almost all users will need to trust third parties if DeFi is to become mainstream.
The issue of trust is exacerbated by something called “censorship resistance,” which is a property of public, permissionless blockchains. In principle, anyone can initiate any transaction on a blockchain as long as it complies with the blockchain’s protocol. This openness can have benefits, such as preventing governments from trying to financially cripple political opponents. However, it also means that the blockchain is open to every bad actor no matter where they are in the world. As a result, blockchains have been used to facilitate scams, theft, and money laundering. Although similar problems exist in traditional finance, the extent of such problems is reduced by financial intermediaries’ incentive to build customer trust, regulators’ ability to enforce regulations around financial conduct, and, in some cases, regulators and judicial authorities’ ability to enforce the reversal of improper transactions.
One unusual feature of dapps is their interoperability, a potential advantage in that smart contract composability allows for dapps to interoperate and thus provide services and products that are not available from any single dapp. However, such interoperability also creates the risk that if a financial or operational issue arises with one dapp, the problem could spread to other parts of the DeFi ecosystem.
Another risk we discuss in the article is DeFi’s interconnections with the traditional financial system. In part, this risk arises because traditional finance and DeFi simply have different mindsets and take different risk-mitigation approaches. Participants in DeFi might not appreciate the potential risks they are incurring from involvement with traditional finance, such as the risks that the investment portfolios of some stablecoins have taken. Similarly, traditional financial institutions might not fully appreciate their risks through DeFi when they interact with crypto finance. Moreover, traditional financial institutions could face greater exposure to legal risk as they—unlike almost all dapps—can be readily identified, and their deep pockets make them attractive targets.
DeFi is opening a new avenue for the provision of financial services and might provide significant benefits. However, alongside exposure to most of the risks incurred in traditional finance, DeFi introduces new risks that arise from its unique operational structure. While DeFi is still a relatively small part of the financial system, policymakers should try to get ahead of developments in this area and decide what regulatory controls would be appropriate.