Stablecoins 2.0: Economic Foundations for DeFi
Incentive security and economic stability in DeFi: stablecoins, governance (e.g., COMP), DEXs, cross-chain assets, and more; a “manual” for open DeFi problems and models
Ariah Klages-Mundt, Dominik Harz, Lewis Gudgeon, Jun-You Liu, Andreea Minca
TL;DR The new focus on DeFi governance yield farming and recent memory of Black Thursday amplifies concerns about the poorly understood structure of risks in DeFi. We provide a new foundation for characterizing and modeling these risks; this is developed in the context of stablecoins, but is more widely applicable to many crypto-economic systems, including cross-chain protocols, collateralized lending, and decentralized exchanges. Our framework focuses on measures of incentive security, meaning that participation is mutually profitable for all parties after accounting for attack surfaces, and economic stability, which poses the question of whether incentives actually lead to stable outcomes. We identify an important sustainability concern: in some DeFi systems designed with broad governance powers and without societal recourse, the equilibrium participation of rational agents may be zero. This is because the cost to align incentives in these systems may be prohibitively high (an analogy is requiring a bank to have a long-term P/E ratio of 1000 to be secure against the theft of depositor funds). Our framework provides a means to model these systems and yields an array of unanswered research questions that will be critical for DeFi going forward.
Based on our new paper here.
The news of the week is Compound’s COMP token distribution, which has turned into a circus of leveraged risk with users jumping through crazy hoops of leverage to try to game the reward mechanics.
You can watch live on Ethereum while traders farm COMP profits by balancing complex layers of positions: e.g., deposit ETH and USDC, borrow a high amount of BAT, re-deposit that BAT in a new Compound account, then borrow ZRX against that BAT and re-deposit in the initial account, and then borrow more BAT against the ZRX, etc. If you’re not doing this and think “wish I’d thought of that”, we feel obligated to stress: the risks in those layers of leverage, especially in thin markets like BAT and ZRX, are worthy of their own post (but briefly recall cascading liquidations on Black Thursday and the fact that thin markets are easily manipulated, opening an attack vector to trigger and profit from such liquidations).
If aiming to optimize the spectacle, then the COMP distribution is undeniably a wild success. More prosaically, it addresses the chicken/egg problem of platform usage by temporarily boosting liquidity returns. More cynically, it sets the platform up for a massive exercise in stress testing.
Less discussed, is the initial aim: to foster “an increasingly large ecosystem […] will be incentivized to collectively steward the protocol into the future with good governance”. In essence, the token distribution tries to achieve wider governance distribution among users of the platform, who can steward their own security. We provide a new perspective on this point based on a framework of incentive security in our new paper.
Incentive alignment is a wider issue across crypto-economic systems. We develop a framework for quantifying this issue in the context of stablecoins, though it is widely applicable to crypto-economic systems. We propose a fundamental question of incentive security in a system:
[Incentive Security] Is there mutually profitable continued participation across all required parties, after accounting for attack surfaces?
If not, then the system cannot work as equilibrium participation is zero. For instance, if incentives lead to profitable attacks, then rational agents will price in this risk in deciding a level of participation. Only after this question is answered can we then make sense of the question of economic stability:
[Economic Stability] Do the incentives actually lead to stable outcomes?
Incentive sustainability, or impossibility?
From the models we construct in the paper, sustaining incentive security against governance attacks becomes a critical issue as the system scales. A governance attack is profitable if the rewards from the attack outweigh the costs of that attack. The rewards are proportional to asset value locked in the system (AUM): governance with very broad powers could directly steal collateral (as well as emptying related liquidity pools on DEXs); governance with less broad power may still do so indirectly by manipulating parameters and coordinating the prevention of exits, even under governance time delays. The costs include the governance token value, which has a fundamental value for ‘honest’ governors (i.e., who don’t attack) based on future fee accrual to governance, and any institutional liability (e.g., legal recourse).
Stablecoins, synthetic assets, cross-chain assets
For non-custodial stablecoins (as well as synthetic assets and cross-chain assets from BTC, which use similar mechanisms), a secure governance value needs to be some multiple of locked assets. The scaling issue manifests when considering a long-term equilibrium with moderate future growth expectations, in which case discounted future fees (even if an unrealistically high percentage of AUM) won’t reasonably reach the level of multiples of AUM. In that case, the security of a decentralized governance system will rely on system participants holding governance tokens to big up governance market value. This will feedback into participation incentives of these other parties; there is no guarantee that equilibrium participation exists. To illustrate, stablecoin holders may need to hold significant positions in a risky governance asset in order to secure their stable positions, which may defeat their purpose in holding the stablecoin. This leads us to an informal impossibility conjecture (and an important direction for future research!):
[Conjecture] In many DeFi systems designed with broad governance powers and without societal recourse, equilibrium participation of rational agents may be zero.
In essence, the cost to participants to align incentives in these systems may be prohibitively high. A concrete analogy is a bank: if incentive security requires the bank’s equity market value to be worth multiples of total deposits, then it simply won’t be worth it for depositors to participate. Put another way, the bank’s long-run P/E ratio would need to be ~1000 (and propped up by depositors) to secure the bank from the theft of depositor funds.
Currently implemented solutions essentially centralize governance. This solution relies on a form of institutional liability, representable within our models. This is not necessarily a problem. Indeed, many traditional financial systems operate in this way. This is why banks do not need to be worth multiples of total deposits. However, we should openly recognize that this trust line exists and may be vital. Solving these problems in a fully decentralized way remains an open problem.
Decentralized Exchanges (DEXs)
These incentive models are also relevant for some DEXs. For instance, when a DEX operates its own (governance controlled) chain, governors have the ability to restrict the exit of liquidity participants under an attack, even under governance delays. In DEXs, fee accrual (‘honest’ governance profitability) is proportional to a fraction of total volume over time, which can be many times the value of the instantaneous AUM on the exchange, while incentive security is still related to AUM. A key modeling component will be a behavioral factor of volume relative to deposits. For Uniswap,annualized volume can be ~100x deposits. In comparison, a collateralized stablecoin accrues fees on borrowed assets, which can be ~1/4 of supply deposits. While equilibrium fees accruing to governance may be much small in DEXs than stablecoins, this ~400x factor makes the feasible region for incentive security against governance attacks potentially larger in DEXs. This leads us to the following informal conjecture, comparing feasibility of different types of DeFi applications:
[Conjecture] It is fundamentally easier to economically secure DEXs against governance attacks than stablecoins.
These possibilities reinforce the importance of studying mutual incentives in choosing the right DeFi design for a given application, as well as the problems that yet need solving (DeFi researchers take note).
Lending Protocols
In light of this discussion, we return to the initial consideration of collateralized lending protocols, like Compound. These share a similar structure to non-custodial stablecoins. They’re slightly simpler, however, in that borrowed assets are largely exogenous. As a result of this exogeneity, participants may more readily exit the system before a governance attack is realized (i.e., during the governance time delay). For example, consider that the borrowed asset is USDC; in this case, a vault can always create new stablecoins at par through the issuer to deleverage and exit (in particular, they don’t rely on Dai holders selling them back Dai when they want to exit). In essence, governance time delays are a more powerful preventive tool in this setting — with a likely exception of more complex price feed and/or miner extractable value attacks.
This said, some of the smaller cap assets in Compound may start to diverge from the exogenous case. BAT and ZRX markets are largely over-utilized as they are currently favored for yield farming. For instance, BAT utilization is currently 91%, and the current notional value of BAT deposited is $234m, whereas the total market cap of BAT is $377m (though some amount of this BAT would net out as it comes from layers of borrowing and re-depositing the same initially deposited BAT). In light of this structure, a large unwinding of BAT positions could see similar deleveraging effects to stablecoins, as discussed further below.
A remaining question is: does the COMP distribution process help to increase long-term incentive alignment? That is, does it help to decrease the costs to users to secure the system against governance attacks? At first glance, this looks promising. Users are awarded governance shares through participating and so don’t have to consciously bid up the governance market value to secure the system — they just need to not sell the shares they are awarded. This last point illustrates the lack of guarantee here: once users are gifted the shares, it is a part of their portfolio, and they choose whether to maintain that risky position. While the COMP distribution no doubt draws lots of new users into Compound today, it’s still an open question whether the COMP distribution mechanism (or indeed any other distribution mechanism) helps to get us to a more stable governance equilibrium.
Stablecoins: Designs, Models and Risks
We now dig into more details from the paper on a universal functional characterization of all stablecoin designs and models, from which we derive the insights above. Here, we diverge from the typical breakdown of stablecoins to characterize dimensions of risk and trade-offs in different functional components. The first distinction is straightforward: between custodial stablecoins, which rely on some sort of trust in a third party, and non-custodial stablecoins, which aim not to.
Custodial Stablecoins
On the custodial side, there are three different types of stablecoin, all of which maintain a peg by the work of arbitrageurs to the extent that they can create/redeem stablecoins for the underlying. A Reserve Fund stablecoin maintains a 100% reserve ratio, and are like ETFs for dollars on the blockchain. Examples include TUSD, USDC, and a later iteration of Libra.
A second type, including Tether, resembles a bank or money market fund, and holds Fractional Reserves. This sort of stablecoin faces bank-run-like depegging risks, as materialized in Tether in Oct. 2018. When its partner exchange Bitfinex suspended fiat convertibility, a Tether crisis ensued with the currency breaking its peg as capital flowed out of Tether into assets with less perceived credit risk while arbitrageurs were unable to re-peg. We note that compared to traditional banks, these ‘banks’ may be less regulated and audited, and may not be government-insured against bank runs.
The third type is a stablecoin issued directly by a central bank. Whereas currently central bank reserve deposits are only available to commercial banks, CBDC would aim to provide consumer facing deposits at the central bank, possibly in a tokenized form.
These custodial stablecoins face similar risks to traditional financial systems. These primarily stem from counterparty risks, such as the risk the custodian defaults on its obligations to honor the pegged value. A related risk is censorship risk, where the custodian selectively chooses which claims to honor.
Non-custodial Stablecoins
Non-custodial stablecoins aim to be independent of the societal institutions that custodial designs rely on. In place of these societal institutions, economic structures — implemented in smart contracts — are established between participants.
Non-custodial stablecoins structurally resemble dynamic versions of risk transfer instruments, such as collateralized debt obligations (CDO). CDOs are backed by a pool of collateral assets and sliced intro tranches. Any losses are absorbed first by the junior tranche; a senior tranche only absorbs losses if the junior tranche is wiped out.
In the paper, we provide a universal decomposition all non-custodial stablecoin designs into the following functional components. Figure 2 plots how several stablecoin designs are inter-related through the form of some of the components.
Primary value. The economic structure of the basis of value in the stablecoin, primarily derived from market expectations in some system. There are three types
a) Exogenous collateral: collateral that has a use outside of the stablecoin system, e.g., ETH with Maker.
b) Endogenous collateral: collateral which is created with the purpose of being collateral for a stablecoin.
c) Implicit collateral: where rather than using explicit collateral, market mechanisms are used to dynamically adjust supply to stabilize price. This resembles endogenous collateral with important differences around the obligation to absorb losses.
Risk absorbers. On some level, some speculators absorb financial risk seeking to profit. (Similar to the junior tranche of a CDO). This can be individual agents deciding to participate with collateral, a separate equity-like position in the network, or miners (or validators) in the network as a condition of their role.
Stablecoin holders. Agents making up the demand side of the stablecoin market. (Similar to the senior tranche holders of a CDO).
Issuance. An agent or algorithm that determines stablecoin issuance. (Similar to how levered a CDO is). This may be decided directly by some agents in the system or algorithmic.
Governance. An agent or algorithm that manages protocol parameters. (Similar to an equity position when managing CDOs).
Data feed. Some function to import data on external assets into the blockchain.
Miners. Agents who decide on the inclusion and ordering of actions in the base blockchain layer.
We additionally discuss different types of composite stablecoins, which are composed of a basket of primary stablecoins through various structures, in the paper.
Such non-custodial stablecoins present novel risks, and so existing financial models cannot be used ‘out-of-the-box’. Here we discuss three of these novel risk types.
Deleveraging Risks
Firstly, there are deleveraging spirals, where the level of debt sustaining the stablecoin is reduced too fast, causing pegs to be broken. We’ve explored this previously here and here (and pointed out the possibility back in the 2018 crisis here).
This risk is material. For instance, over a 36-hour period between March 12 and 13, 2020 (‘Black Thursday’), coronavirus related market turmoil wiped 50% of the value from the crypto markets. On the ETH network, this resulted in network congestion and high gas prices, which in turn slowed transactions and caused transaction failures.
This caused severe issues for Maker’s Dai. Vaults struggled to deleverage, as they couldn’t add collateral or pay back their Dai debt. Keepers were either unable to access Dai liquidity quickly enough or were unable to participate in all the debt auctions. Two keeper bots even began to bid for ETH at 0 DAI, gaining about 8m USD of ETH for free.
We summarize notable non-custodial stablecoin deleveraging events below in Table 1.
Oracle Manipulation
Secondly, oracle data feeds — feeds of external data into blockchains — may too become inaccurate. This can happen either accidentally or as the result of an attack. Again, this risk is material, and has already occurred several times — we summarize notable events in Table 2 below.
For example, in June 2019, an error in the FX price feed made the KRW (Korean Won) price skyrocket on Synthetix. At 3am Sydney time, one of the price-feed APIs began to intermittently report a price 1000x higher than the current rate for Korean Won. Due to a set of unfortunate coincidences and despite defense mechanisms to discard outliers, the Oracle ended up actually using this vastly inflated price in its calculations. As a result, there were several trades with 1000x profits, resulting in over 1bn USD of profits in less than an hour.
Governance and Miner Attacks
We’ve already discussed governance attacks on protocols above. In addition, miners can get involved and can be interpreted as a second type of governance that decides transaction inclusion and ordering.
Smart-contract Risk
We also briefly mention smart contract risk. Since stablecoin systems execute algorithmically, without the oversight of any specific institutions, bugs in their specifications or implementations can have serious ramifications. From a modeling perspective, smart contract risk resembles counterparty risk (in this case, risk of a bug in the implementation).
The following image shows what happens when such bugs are exploited. Due to a re-entrancy bug, lending protocol dForce went from 25m USD to 19k USD in a matter of hours.
Towards risk-based economic foundations
In our paper, we propose a collection of models that can serve as the risk-based foundation for these risks.
One collection of models we propose draws on capital structure models. Drawing inspiration from models developed in the context of Initial Public Offerings (IPOs), we adapt these models to capture the incentives of holders of governance tokens, stablecoin holders, and risk-absorbers. See the paper for (a lot) more detail.
A second type of models are forking models. Whereas capital structure models consider only a single time-step: depending on the expectations of agents, they will choose to execute certain actions in the next round. In contrast, forking models are extensions where multiple rounds of agent decisions are considered.
A third type of models are price dynamic models, which model the interaction of agents in CDO-like structures that incorporate the feedback effects in stablecoin systems. Here, we build on our previous works (here, here, and here) on modeling deleveraging effects.
There are a lot of other juicy details in the paper that we couldn’t fit into this post. Check it out here.
Special thanks to Andrew Miller for providing valuable feedback.
