Ethereum is the leading platform for decentralized applications and is unmatched in ecosystem, community, and tooling. Despite some bumps in the road, the whole ecosystem along with its users are responding to the problems and maturing in multiple ways not known until this year.
A young, budding DeFi
Last year, I published a post about how the Ethereum ecosystem and DeFi (Decentralized Finance) were blossoming and experiencing the first waves of rapid growth, along with discovering their product-market fit as an open financial ecosystem.
Now in 2020, we are witnessing the ecosystem mature along with its users and applications. Even with the occasional food project and large hack, the activity that is occurring on Ethereum solidifies its position as the leading platform.
The building blocks on Ethereum are intrinsic to DeFi. Every additional application increases the organic usage and reliance on the established foundation. Each application built on Ethereum has immediate access to every single application on the network, and this is where DeFi found its beginnings. With MakerDAO/DAI, Uniswap and Compound serving as the initial building blocks, the framework for future applications was founded.
We now have dozens of applications built on Ethereum that can serve as a foundation to be built upon. A lot of this composability can be seen in the yearn.finance vaults.
The yearn vaults are a complex suite of smart contracts that each serve different functions to achieve the goal of compounding farm returns for the user. The user deposits an asset to earn returns and that asset is transformed and farmed with. After it gathers the reward from farming, they are sold on Uniswap, and compounded back into the farm to increase future earnings. If you’re not familiar with farming (also called “yield farming”), you can read more here.
This (now inactive) ETH vault in particular is built by Yearn, and uses MakerDAO, Curve, and Uniswap in multiple ways. On top of providing returns for its users, the staked funds are also providing liquidity on Curve’s stable-asset specialized DEX. This is why Curve distributes their CRV tokens, to incentivize users to provide liquidity on their platform, and it clearly works. Note: Yearn is working on their V2 vaults now 😄.
Maturity in a financial ecosystem
Now, the Ethereum network not only contains of a great amount of value, but its applications are also entirely comprised of code. Some of this code holds custody of a LOT (almost $20,000,000,000) of said value. Things can go wrong, hackers are very smart, sometimes smarter than the developers writing the code. There have been several attacks just this quarter, summing up to well over $100,000,000 of users funds lost since the start of the year.
DeFi is growing. Maybe even a bit too fast. Ever since flash loans have been released, the space hasn’t been the same. Users are scared, audits aren’t viewed as reliable as they once were, and price oracles have been ruthlessly abused as of late.
But there is some silver lining in all of the recent incidents: Ethereum is maturing as an open financial ecosystem. It’s absolutely phenomenal that DeFi has thrived despite the existence of flash loans. Flash loans are extremely powerful tools (for mainly the wrong reasons) and there is a purpose to their existence. Without a full ecosystem to interact with, they’d be entirely useless.
Note: Flash loans now have a standard interface to implement. Read the EIP for details on flash loans.
However, given that flash loans exist, DeFi applications have to adapt in various ways to protect their users and stay relevant. Other smart contract platforms don’t have these types of problems, simply because there isn’t enough built on them to actually cause problems. The attack vectors that flash loans use have always been there, flash loans just make them more accessible to exploit, forcing every service in DeFi to design solutions around their existence.
The Time-Weighted Average Price (TWAP) oracle used by Uniswap to protect their price oracle against flash loan manipulation is a great example of such solutions. The TWAP uses the average price of an asset calculated over any chosen interval to provide a hard-to-manipulate and decentralized price oracle for any trading pair on Uniswap. Woohoo for innovation!!
And soon (early next year to keep the holidays calm), we will be seeing flash mints launch for DAI. While the attack methods of flash mints aren’t vastly different from the ones of flash loans, they will be challenging smart contracts that either don’t have overflow safety, or don’t handle stable interest rates properly.
Responsibilities as a DeFi user
With every application built, more integrations are made between different moving parts of the Ethereum network. The applications built a year ago were much simpler than what is being built now, and with more power comes more responsibility.
Even with the “test in prod” mentality and after “unaudited” code getting millions in TVL during DeFi summer, audits are still valuable and extremely important, but users need to remember they’re not a guarantee of safety. The applications on Ethereum can be very complex and have multiple risks.
As a user there are several risks you need to be careful of:
- Admin key risk: if a private key exists that has any custodial or administrative control over the smart contracts, you are trusting the developers with your funds. Is there a timelock? A multisig? What can they change?
- Smart contract risk: there could be flaws in the code that very smart hackers can discover and abuse. Audits usually revolve around coding best practices and “hard” exploits in the code. Economic exploits like flash loan oracle manipulation are still very recent developments.
- Fork risk: DeFi applications are very complicated. If a developer forks an existing application it may mean they possibly lack a full understanding of the code or are trying to ride on the hype of an existing protocol. Be very careful when engaging with forks.
- Retirement risk: if any funds can be stolen by the keyholders but shouldn’t be, how much money does it take to change a persons mind?
- Asshole risk: when you interact with the developers, do they seem like assholes that don’t care about their users? If so, why would they care about their users security?
DeFi is certainly risky, and it’s important for users to hedge their risks and protect themselves. The events of this year have inspired the emergence of many protocols focusing on protecting users from hacks and other major losses of funds, similar to insurance. Nexus Mutual launched in May 2019 and they have served as the main example of decentralized risk protection. However, their service is KYC’d, which closes the doors to most Ethereum users.
But as of late, several new DeFi coverage protocols are emerging: Umbrella, Insurace, Nsure, and Cover Protocol, just to name a few. Cover Protocol (Note: I’m a technical advisor for them) in particular is a project that has recently launched on the Ethereum mainnet, and offers a decentralized, peer-to-peer DeFi coverage marketplace. And already within the first week of their launch they have performed their first payout for the Pickle Finance hack! Go decentralized DeFi coverage!!!
With the launch of such coverage protocols, the DeFi space provides their users with a choice of solutions to protect themselves from the “move fast and break things” mentality that the Ethereum community leans towards. It might make DeFi more expensive, but if you can get protection for <10% APY on your 100% APY farm, maybe its a good idea to eliminate the risk!
So to every DeFi user out there, if you’re losing sleep over your latest ape (all-in) into a DeFi application, stay protected and get coverage! DeFi’s safety will never be guaranteed. There are too many attack vectors and too many genius hackers with too much money to make! Maybe even learn Solidity to understand Ethereum better as a whole. Now that there are ways to hedge your risk when using DeFi, take advantage of them!
A major indicator that Ethereum and its ecosystem is maturing is the growing demand for services like decentralized risk protection. DeFi summer has made many users very familiar to using Ethereum and its applications, so now they just want to make sure their money is protected! Ethereum’s growth has always been organic, and its very uplifting to see the space trend towards protection of user funds, making the Ethereum network safer as a whole.
Thank you for reading!
Who am I?
I’m Ivan Martinez, a software engineer for Prysmatic Labs and a technical advisor for Cover Protocol. At Prysm we work on a production-quality implementation of Ethereum 2.0! If you’d like to try running a validator or help out with the effort, feel free to join our Discord server and reach out!
Follow me or my team on Twitter if you enjoyed reading this!
Interested in Cover Protocol?
- Uniswap API — How to get Uniswap data?
- The Best Crypto Trading Bot
- Deribit Review | Options, Fees, APIs and Testnet
- FTX Crypto Exchange Review
- Bybit Exchange Review
- The Best Bitcoin Hardware wallet
- Crypto Copy Trading Platforms
- Bitsgap vs 3Commas vs Quadency
- The Best Crypto Tax Software
- Best Crypto Trading Platforms
- Best Crypto Lending Platforms
- Ledger Nano S vs Trezor one vs Trezor T vs Ledger Nano X
- BlockFi vs Celsius vs Hodlnaut
- Bitsgap review — A Crypto Trading Bot That Makes Easy Money
- Quadency Review- A Crypto Trading Bot Made For Professionals
- PrimeXBT Review | Leverage Trading, Fee and Covesting
- Altrady review
- Ellipal Titan Review
- SecuX Stone Review
- BlockFi Review | Earn up to 8.6% interests on your Crypto
- Best Crypto APIs for Developers
- Best Blockchain Analysis Tools
- Crypto arbitrage guide: How to make money as a beginner
- Top Bitcoin Node Providers
- Best Crypto Charting Tool
- What are the best books to learn about Bitcoin?