Looking to 2023

As I look forward to 2023, cause I don’t want to look back, I know what I want to see. I know it is feasible. I want to see a DeFi industry that people can trust. Where people can understand what trust means.

For people to understand what trust means, we must make it simple. This requires developing and meeting standards. Standards are simple for people to understand. If a protocol meets standard X then I should trust it. This is something understandable and easy to communicate. DYOR is not.

The DeFi industry must create the standards. Only we understand our industry. We must enforce the standards and validate them. We should show the world we are trying to improve ourselves.

If we don’t create our own standards, they will be imposed upon us. It is already happening. The Ethereum Enterprise Alliance DRAMA working group is developing standards for DeFi funds and protocols. There is no DeFi protocol participation. Primary participants are the big 3 auditors. Please protocols, step up.

One example of a released standard is the C4 CCSS. It is a standard for anyone using crypto, most importantly exchanges. It covers key seed generation, wallet creation, key usage, proof of reserves amongst others. All exchanges should meet this standard. Presently only 1 does (Fireblocks). It’s tweet did not light up crypto twitter. This has to change for crypto to thrive. We as an industry should demand that every exchange meet CCSS Level 1. Tell everyone that if that certification does not exist, don’t trust it. We can do this now. No need for regulators. No need to wait.

DeFi protocols also need to up their game. If you look for a job in DeFi in the job categories of “risk manager” and “quality manager” there are few jobs. The jobs that exist are for CeFi organisations, not DeFi. A quality manager needs a written process, which is the first step.

I have only found one person in DeFi who has a title of Risk Manager. She is at AAVE. Risk management involves writing down the risks a protocol has and proposing mitigations, alerts and processes. Without a written set of risk processes, you have no formal risk management. DeFi manages other people’s money. Every protocol should show they take risk management seriously. Formal risk management will reduce the number of exploits because it will force us to implement fixes from previous exploits. DeFiSafety can help improve this.

None of this is difficult or expensive. No new tech is required. We can do it. We must do it. It is a requirement of a robust DeFi industry.

This won’t solve all of DeFi’s problems. We know that. But it fixes some big ones.