DeFi Risks To Be Aware of And How To Manage Them

What are the risks of DeFi?

People began using DeFi without comprehending the risks. Here’s what you ought to know about imperfect technology: It is essential to understand that investing in DeFi is highly risky. That’s it; keep it in mind.

I’m Maya, — a DeFi analyst at Algoo Strategies

This post reflects my personal opinion, and I’ve been known to be wrong at times. If you find any mistakes, let me know in the comments below.

1. Crypto risks

• Solidity. The bugs in the Solidity language that ETH and other projects use to write code for a smart contract Of course, language updates are necessary, but it is not guaranteed that bugs will not appear again. Check another article about it
• Stablecoins legal attacks. The disclosure of unconfirmed and unsecured USDT by real money and assets can cause both a negative and the appearance of a black swan for the market. Check out this article: Is Tether a black swan?
• Oracle issues. Oracle can erroneously display the price of a token for landing protocols, for which assets are often pledged and for which you take out a loan. The wrong display of the price for Oracle => incorrect display of liquidation threshold metric => liquidation of a position by assets => -% of liquidation of your assets.

2. Risks in DeFi markets

• Gas fees. There may be situations when you send LP tokens to the liquidity pool and spend $15 on gas in order to withdraw. After the market grows and the number of transactions increases, you will need about $250. This happened this year when I spent $240 on gas in the 1inch project to withdraw tokens from the liquidity pool. Check the gas price here
• New sh*t projects. It often happens that you notice a new protocol that everyone is talking about and add liquidity without doing any research, and the protocol turns out to be crappy or even a scam. This happens very often in the DeFi market. Be careful! Another Deriswap scam caught it at the moment of creating a Uniswap pair. Don’t get hooked by scammers there. A rug pull transaction from the contract creator.
• Liquidity problems. These happen when you try to put assets into the liquidity pool, but before that, you need to mint your tokens and create new ones. Only after that can you use them in a pool. But the problem is that when you try to remint tokens, there are not enough real tokens. Thus, you cannot return the original tokens due to lack of liquidity, and you cannot sell minted tokens since there is no market for them.

3. DeFi project risks

• Website. Here, the main problem may be a non-working site or exploits. An example is Pancakeswap, where the DNS was changed for six hours to the site, a DNS hijacking.
• Rug pull. It describes a very disastrous situation that occurs when the CEO or a team leaves an investor with extreme losses. In other words, they scam you. So, be careful who you give your money to! The Turkish Bitcoin exchange made a rug pull. One estimate put the locked-up funds at between $2–10 billion.
• Impermanent loss. Users face impermanent losses when the price of a token changes after they have added two assets to a pool. The only way to avoid IL is not to use farming but to choose stablecoins or the 3 version of Uniswap (in version 3, there is an option to minimize IL)
• The price of a token. When you see 2000% of the API in the liquidity pool, this may be a sign that the capitalization of the token is still being formed. This usually happens when you go into a project and see such a large APY that you buy a project token and stake with a stablecoin, but after a day the price of the token drops sharply, and the interest does not save you, since the % drop will be more than the % on payments.
• Leverage problems. This is a very insidious thing that can both make you a millionaire and deprive you of all your money. If you don’t want to devote all your time to this, it is better not to use it. You can be liquidated with a large leverage and lose all the money you earned. Do it carefully, if you know what you’re doing.
• Governance token attack. An attacker can use a 51% attack at that moment when the tokens bought by a user allow him or her to approve or reject any proposal in the protocol through the governance token. This study described a governance attack on Maker Dao.
• A few numbers of validators. On the one hand, a small number of validators in the network is superb since it allows the network to scale, but on the other hand, it makes the network non-decentralized, which depends on a small number of validators. Example: Binance Smart Chain (21 validators) and Matic (8 multisigs for ETH).

4. Protocol risks

• Bugs. An audit is not a guarantee that a protocol cannot be hacked. The site Rekt.News proves that hackers find holes in the protocols even with an audit and use exploits to withdraw large amounts of money. The Pickle.Finance was hacked due to controller bug #4. Twitter thread.
• Slippage. Slippage occurs when a trader makes an exchange at a price different from the one he initially requested. Due to the price movement, you can get a smaller number of other assets. The investment company lost $542k due to the 7x slippage, transferring the usdt-usdc liquidity to the Alpha Homora project. Twitter drama. A detailed transaction.
• 100% withdrawal fee. Some developers, having great powers and a penchant for bad things, can prescribe a team in the contract so that the withdrawal fee from the liquidity pool can reach 100%. This seems to hint that all your money remains with the contact. Sorry!
• Flash loans. This allows you to take out an unsecured loan with the obligation to return it in the same transaction. This opens up space for fraudulent manipulations with the contract through a large loan in order to withdraw some of the liquidity from the contract. WARP.FINANCE lost 7.8 mln DAI due to manipulation of prices on Uniswap using Flashloan. A detailed transaction.

If you choose to invest in DeFi, the first step is to make sure the protocols you’re considering are well-audited and secure. You won’t be able to avoid all the risks, so it is worth approaching this as consciously as possible.

This seems to be a long-term bullish sign for DeFi. DeFi has a lot of inefficiencies, and a lot of developers are already working on it. There may be even more risks with the contract and the protocol, and I have covered only the main points on which it is worth focusing your attention.

Be vigilant, do DYOR, and distribute your funds wisely!

Have you already read this article: AMMs, Liquidity pools, Yield farming, Impermanent loss