The Architecture of DeFi
DeFi has grown exponentially over the last 18 months, with the total value locked (TVL) in all DeFi protocols rocketing from $600 million in January 2020 to over $90 billion today.
As any architect (or smart contract developer) will tell you, a solid structure must be built on strong foundations. This applies to individual projects, like Aave, which ranks first for TVL and comes in a close second on the Security Leaderboard. Exploits are devastating to a project’s reputation, and Aave’s proven track record of security dating back to 2017 (when it was called ETHLend) is one of the reasons it today represents more than 15% of the entire DeFi market.
The need for strong foundations also applies to the DeFi industry more generally. Decentralized finance can be seen as the infrastructure that facilitates trading under certain conditions. To continue the building metaphor, DeFi is like a trading floor where market participants can come together and transact without needing to know their counterparty’s identity or even to trust them to follow through on their end of the deal. Adherence to the rules is built into the system; smart contract logic is deterministic and non-discriminatory.
In this article, we’re going to look at the foundational pillars of DeFi. This is the infrastructure that keeps your money safe in the pools and farms where you put it to work.
Blockchain
We’ve just touched on the deterministic and non-discriminatory nature of the smart contract code that underpins all transactions. Smart contracts run on blockchains, which enable the global, trustless transfer of all kinds of digital (or digitalizable) value. If you need a refresher on what blockchains are and how they work, there are plenty of great guides just a click away.
Blockchain developers face a so-called trilemma. Speed, security, and decentralization are the three most important features of a blockchain, though in reality two often come at the cost of the third. Bitcoin and Ethereum developers have made a number of design choices that prioritize security and decentralization over speed or scalability, while some newer projects aim to increase throughput (measured in transactions per second) at the expense of some security and/or decentralization.
Limited block space leads to high transaction fees at times of network congestion, as users bid for their transaction to be included in the next block by raising the fee they’re willing to pay — and there are arguments to be made about transaction costs and the gatekeeping effect this creates for less-resourced users. Ultimately, however, if you value maintaining control over your own funds, you value trustlessness and decentralization.
Decentralized finance is meaningless without a decentralized blockchain. It hardly matters that your counterparty is unable to revert a transaction or seize your funds if a miner or validator can do exactly that.
Building on a secure, decentralized blockchain is the first order of business for developers who want to ensure the long-term viability of their project.
Auditing
Code is the blueprint of a working protocol. In January 2009, Satoshi Nakamoto released the Bitcoin code in its entirety and kickstarted the network by mining the first ever block. Open-source code is freely available for anyone to use, inspect, and distribute.
Anyone with sufficient technical expertise can audit open-source code for themselves to ensure that it actually does what it’s intended to do. As Bitcoin development moves at a relatively slow pace, auditing its code is less of an arduous process than auditing the code of the dozens of DeFi applications that spring up every day.
For this reason, a number of firms specialize in applying their teams’ knowledge and experience to the ongoing task of smart contract code auditing. Auditors inspect these blueprints, meticulously checking for errors that would endanger the security of the project.
This is an indispensable first step, but it’s also just that: a first step. Once code is deployed on-chain, it lives in an unpredictable environment.
Smart contracts interact continuously with other contracts, and failures in one protocol’s security can affect others a long way down the (block)chain.
DeFi apps are subjected to attacks by actors seeking to exploit any vulnerability for their own financial gain.
Finally, many DeFi platforms require off-chain data (such as fiat currency or equity valuations) to be brought on-chain. This bridge between the two systems can be brought down by insufficient market coverage or centralization opening up the possibility of manipulation.
Auditing protects smart contracts before they’re deployed, while oracles protect them in action. Let’s take a look at the role of secure oracles in DeFi.
Oracles
Oracles perform two main functions. The first is to bring off-chain — or real-world — data on-chain, most commonly in the form of price feeds.
Price Feeds
Oracle price feeds provide consistent reports of asset values. This can be for non-blockchain based assets, such as the feed that powers Synthetix’s sTESLA market. They can also be for on-chain assets and markets, such as ETH/USD or BTC/USDT, or even proof-of-reserves for stablecoin or wrapped asset issuers.
Decentralized price feeds ensure accurate pricing across different DeFi platforms and blockchains. Broad market coverage is essential to avoid arbitration or flash loan attacks.
Flash loan attacks have received a lot of attention over the last year. They involve the manipulation of a price oracle in order to profit from the arbitrage opportunity this creates. Millions of dollars can be drained in this fashion. Insecure oracles are at fault here, not flash loans. Any well-capitalized actor could pull off the same attack; flash loans just make a large amount of capital available to anyone within the space of one block.
A DeFi application on Matic, Solana, BSC or even Ethereum that only draws price information from a single source on its own network is vulnerable to these kinds of attacks. It’s much easier to manipulate the price of an asset in a single market than it is to do the same across the entire market.
Yet even the largest markets are not immune. In November 2020, $89 million worth of collateral was liquidated on Compound after the price of DAI was artificially pumped 30% on Coinbase Pro: Compound’s single source of DAI’s price.
…the DAI price on Coinbase was driven up to a premium of around 30%. Compound’s oracle uses Coinbase for pricing data. This caused liquidations as the value of the loans exceeded collateralization-ratio thresholds. As far as I can tell, Compound worked exactly as it should. But questions will be asked about the oracle.
— Alex Svanevik, CEO of Nansen
While the Compound protocol may have worked exactly as designed, by using a single source of price data it failed to protect users against the possibility of a stablecoin being manipulated.
This event caught the eye of the World Economic Forum (WEF), which in June 2021 released the Decentralized Finance Policy-Maker Toolkit in collaboration with the Wharton Blockchain and Digital Asset Project. The toolkit concludes that the Compound event “illustrate[s] the risks inherent in the interconnection among DeFi and other blockchain-based financial systems — and that some elements of the ecosystem may not be as decentralized, and therefore more vulnerable, than it initially appears.”
The solution is a decentralized oracle network that is made up of multiple nodes, each of which draws price data from multiple markets across multiple blockchains.
Other Oracle Functions
Oracles serve as bridges between individual blockchains as well as between these chains and the outside world. In addition to providing price feeds, oracle networks can also package and deliver on-chain data that is otherwise unusable to other smart contracts.
One example of this is CertiK’s Security Oracle. The Security Oracle guards on-chain transactions and prevents DeFi projects from malicious attacks through real-time security checks.
CertiK’s Security Oracle allows developers to leverage real-time security scores provided by a decentralized network of nodes to ensure that their contract’s interactions with other smart contracts meet an acceptable level of security.
The raw data that is used to derive the security score is all available on-chain, but it does not exist in a form that is legible to smart contracts without the Security Oracle.
In this manner, the Security Oracle converts on-chain data into actionable metrics.
Oracles also perform a range of other functions that are crucial to the infrastructure of DeFi, such as verifiably-random number generation and off-chain computation.
Insurance Alternatives
Despite all the pre-deployment and on-chain security measures available, sometimes things still go wrong. In the event of a covered hack or theft of funds, there are decentralized protocols that can reimburse users who have purchased protection.
A couple of the biggest names in this space are Nexus Mutual and CertiKShield. They leverage risk-sharing pools to give protection to users and yield to liquidity providers.
Decentralized insurance alternatives function as the backstop for the curveballs that are almost guaranteed to come with DeFi. In combination with secure blockchains, meticulous auditing, and decentralized oracle networks, insurance alternatives provide an additional layer of security for the users who play an important role in pushing the whole space forward everyday.
The Future
DeFi, like nature, is an adversarial environment whose evolution is driven by the survival of the fittest. With the stakes climbing into the tens of billions of dollars, it’s up to DeFi protocols and users alike to take a proactive approach to security. A solid security foundation ensures developers can continue to build out the products that create value for everyone in DeFi.
Users can vote with their tokens, investing only in protocols that take security seriously. Decentralized insurance alternatives provide peace of mind to users, who know that they have recourse even when all else fails.
Secure blockchains are the solid foundation on which all else is built. Auditing ensures that the blueprints are sound before deployment. Oracles interface with the outside world, connecting digital smart contracts to a nearly infinite number of data sources. And decentralized insurance alternatives have your back in the event of disaster.
DeFi is evolving into a hugely impressive structure, but it’s still under construction. By ensuring that the foundations are strong and the architecture is harmonious, we can secure the future of DeFi as one of the world’s most important institutions.
