DeFi's Greatest Vulnerability

DeFi's Greatest Vulnerability

DeFi was created with the intention of allowing individuals to access loans, earn interest, and lend funds without requiring the permission of a centralized authority. While I am an ardent advocate of decentralization and a huge fan of DeFi, the events of the last few days have unfortunately convinced me that Decentralized Finance isn't as decentralized as I once believed it to be. While we have seen great progress towards decentralization in many areas, I believe that the reliance on centralized stablecoins presents the greatest risk to DeFi's decentralized future. 

Technical Details

Unfortunately, this article will have to be a bit technical, but it's necessary to be detailed in order to understand why stablecoin centralization presents a serious vulnerability to the decentralized nature of DeFi. Just as with traditional banks, DeFi has a lending side and a borrowing side. Lenders deposit crypto into the protocol and earn interest. Borrowers receive loans and pay interest. That interest is then paid back to the lenders as an incentive for lending money. Whereas traditional banks rely on borrowing, lending, and repaying interest in a fiat currency, the vast majority of lending and borrowing in DeFi is conducted with stablecoins.  

Although it is true that some individuals deposit, lend, and borrow non-stablecoins such as BAT or Wrapped BTC, Stablecoins are the central component of DeFi. The COMP token is distributed by Compound Finance based on the borrowing demand for each asset. Therefore, it is possible to determine the relative demand for stablecoins vs non-stablecoins by comparing the distribution of COMP tokens. As demonstrated by the graph, the stablecoins listed in green have greater than 97% of the distributed COMP and, by extension, stablecoins represent over 97% of the borrowing demand on Compound. 


Intuitively, this makes sense. Very few people would want to take out a loan denominated in a non-stable crypto. Imagine taking out 1 BTC loan on April 15th for $6,700 and then paying back $9,300 on May 15th. You are still paying back the same 1 BTC, but the dollar value of your loan is almost $3,000 different. With stablecoins, that isn't a problem. If I take out a $300 USDC loan, I will have to pay back more or less $300 (discounting interest of course), and the dollar value of my loan vs principal repayment will remain quite consistent. Given the disproportionately large role that stablecoins play in the DeFi ecosystem, I believe its fair to say that they are essential to the DeFi system and that without stablecoins, we wouldn't have a viable DeFi ecosystem. 

Stablecoin Risk

Given that the DeFi ecosystem relies heavily on stablecoins, it should come as great concern that the vast majority of the leading stable coins have already demonstrated their willingness to freeze funds. Publish0x author Brennan recently published an article detailing how Circle had frozen $100,000 worth of USDC by blacklisting certain addresses. Circle isn't alone in its ability to blacklist wallets and freeze funds. Just a few days ago, Tether also demonstrated that it has the ability to freeze funds by blacklisting 39 Ethereum addresses worth about $46 million. Paxos has this capability as well. 

Ok, so far we know that we need stablecoins, and we know that the leading stablecoins are centralized and can be frozen, but how does this threaten DeFi? As demonstrated in this diagram, DeFi is essentially an exchange of value between borrowers and lenders that is facilitated by lending protocols. Stablecoins are the main value transfer mechanism that drives this exchange of value. Non-stable coins such as BTC, ETH, BAT, etc do have a critical role in collateralizing loans, but the main flow of value is facilitated by stablecoins. Because stablecoins are the carriers of value and because a centralized authority can shut down the flow of stablecoins, this means that a centralized authority can thereby shut down the primary flow of value in the DeFi ecosystem.


A DeFi lending protocol is just like a chain. If any link is broken, the rest of the chain will suffer. Under normal circumstances, a centralized stablecoin issuer isn't likely to blacklist all the crypto in a DeFi protocol, and I want to point out that DeFi is still censorship resistant. If a company were to blacklist some of the funds for what they believe is a legitimate reason, DeFi protocols could adapt and bounce back. For example, let's suppose that a borrower has acquired some USDC and wants to repay his loan. For whatever reason, Circle determines that the USDC was previously used in a forbidden transaction. Not only will our borrower have instantly lost the ability to use those funds, but our lender will also suffer because they won't receive their interest payment. As long as the blacklisted amount is relatively small, the protocol can adapt. DeFi loans are over collateralized, and this loss would simply be absorbed by a lower interest rate being paid to the lenders. 

While it is possible that a company could shutdown a DeFi protocol by blacklisting all the funds assigned to its address, I don't think this is likely at all. This would destroy the trust in the token and would be just as bad for the company as it would be for the DeFi protocol. I think the more likely vulnerability is that even if the actual DeFi protocol itself is entirely decentralized, the companies issuing the stablecoins could exert significant influence over the users of the protocol. While DeFi does remove the ability of a centralized bank to freeze funds, the stablecoin companies could still freeze funds by simply bypassing the DeFi protocol entirely and directly freezing the funds associated with specific addresses. 

With traditional finance, individuals deposit assets into a bank account. The bank then issues the individual a claim on those assets. Since the bank has physical control of the assets, it can easily seize those assets by simply refusing to honor the owner's claim and refusing to release those assets back to the owner. As originally envisioned, crypto was intended to be a permissionless exchange of value where individuals had complete control over their assets. As long as an individual has their public and private key combo, they can send and receive funds without a centralized authority being able to interfere. By contrast, the smart contract code of many of these stablecoins allows the issuing company to override the "my keys, my coins" concept and block other network participants from sending funds to or receiving funds from a blacklisted address. True, the user would still have the coins in their wallet; they just wouldn't be able to do anything with them, so they would be effectually worthless. 


Whereas a traditional bank can freeze assets in their vault, centralized stablecoin issuers can freeze funds in your crypto wallet. Whether your funds are locked in a bank's vault or immobilized in your crypto wallet, the location where the funds are frozen doesn't matter. You still can't use your funds. Shakespeare famously told us that "a rose by any other name would smell as sweet" and my concern is that the over-reliance on centralized stablecoins essentially recreates many of the flaws of the existing financial system under a new name. 

But What About Dai?

As originally incarnated, Dai was intended to be a truly decentralized stablecoin, and I'd argue that it did so quite well. Old Dai (Sai), was produced when users locked ETH into a Collateralized Debt Position. In other words, Dai (Sai) derived its value from the underlying ETH. Because the underlying ETH collateral was decentralized, it was possible for the Dai, which ran on top of ETH's value to be decentralized as well. 

Recently, Dai updated to a new system in which different forms of collateral can be used to generate Dai. Now, Dai's value depends on a combination of coins. Some of these are decentralized and some are not. The inclusion of centralized cryptos as collateral makes Dai more censorship prone than it was before the update. To see why this is the case, we have to understand how stablecoins derive their value. Using the example of USDC, USDC isn't valuable because it is USDC. It is valuable because it is redeemable for $1 USD. In other words, the value of USDC is dependent upon it being able to be exchanged for $1 USD. If I were to deposit USDC into Compound, I would receive cUSDC which is an interest earning token that I can later return to Compound in exchange for my deposited USDC and interest. cUSDC in and of itself is valuable because it can be exchanged for USDC which can then be exchanged for USD. As we move up the chain from USD to USDC we see that each asset's value is dependent on the ability to convert to the underlying asset. If we remove the ability to convert USDC into USD by freezing USDC, we not only destroy the value of that USDC, we also make the cUSDC that runs on top of that USDC irrelevant as well. 


Now that Maker allows USDC, WBTC, and other centralized cryptos to be used as collateral, Dai is at least partially dependent on central assets to maintain its value. Just as cUSDC becomes worthless if the underlying USDC is blacklisted, Dai becomes worthless if its collateral becomes worthless.  Things become a bit murky because Dai doesn't rely on just one form of collateral. ETH can't be frozen, so Dai created from ETH would retain its link to the underlying ETH and resist freezing. To use the chain analogy, it is clear that USDC relies on a single chain (redeemability for fiat) to hold value, and severing that link would destroy the USDC value as well. By contrast, Dai is currently supported by many chains. If one of those chains were to be severed, I don't know whether the other remaining chains would be sufficient to maintain the value of Dai.


One one hand, USDC and WBTC are centralized, and Dai created from those assets could loose its link to the underlying collateral, but the vast majority of Dai is still collateralized by ETH (decentralized) so I really don't know what would happen to Dai if some forms of collateral were frozen and others weren't. Would that Dai become worthless since the collateral is frozen? Would Maker recollateralize the position and accept it as a cost of doing business? I doubt that the position would be able to be liquidated in the traditional manner since the collateral would be frozen all at once, so I really don't know. For now, it appears that the vast amount of collateral used to create Dai is still ETH, so I would argue that Dai is at least more decentralized than its competitors, but it is no longer a pure decentralized coin, and the inclusion of centralized coins has essentially imported a certain degree of vulnerability (unsure how much) into a previously decentralized system. 


I am passionate about DeFi, and I believe in its promise of revolutionizing finance and empowering individuals. Recently, we have seen Compound turn over governance of the protocol to the community and we have seen the rise of liquidity farming. DeFi continues to innovate and empower, and there are many reasons to be optimistic. At the same time, we have to realize that it only takes one leak to sink a ship and a chain always breaks at its weakest link.  My goal is to further the adoption, security, robustness, and decentralization of the DeFi ecosystem, and I believe that reducing the reliance on centralized stablecoins would contribute significantly to this goal. 


Image Credit 


The Part Time Economist
The Part Time Economist

Hi everyone. I'm just a simple man trying to make my way in the universe. I am passionate about cryptocurrency and hope that I can make at least some small contribution towards promoting wider crypto adoption and understanding.

The Part Time Economist
The Part Time Economist

Hi everyone. This is just a place for me to post some of my thoughts and analysis. I hope that someone finds them useful.

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.