Soft Collateral

designing credit models for the metaverse

Published in

Union Finance

8 min readOct 7, 2021

Who you are doesn’t matter

Long gone are the days of the friendly town banker who knows you, deciding if you’re worth underwriting based on their personal experience with who you are (or perceived you to be).

Instead, whether and how much credit you get is determined based on a mathematical model that’s guessing what the odds are a person “like you” will default.

If the model says people with certain behaviors and demographics have a certain percent chance of defaulting, they’ll lend to borrowers within that category of traits, charging enough to cover that predicted default risk + a bit more to make some profit.

If you lend to one person, it’s unpredictable but if you lend to a large number of similar people, you get predictability. And predictable risk can be priced.

Things like court systems, and the ability to ding a person’s credit score after the fact help keep default rates down as a psychological stick, but if the person you lent to defaulted your model has already failed. Post-default actions are like hiring a guy to chase after your horses after they’ve left the barn.

What I’m proposing in this essay is that knowing real identity is not a requirement for underwriting at scale and that it is possible to develop profitable underwriting models consisting entirely of on-chain target(s) to ensure some approximation of uniqueness and predicted default behavior.

An approximation of “you” aka Uniqueness does matter.

The real reason consumer credit is possible at scale is statistics.

If you lend $1000 to 10 unique people each with a 50% chance of default each year, that has a lower probability of total loss than if those 10 people are really one person with a 50% chance of default.

Predicting Total Loss in a given year:

Scenario 1: 10 Unique people = 0.5¹⁰ = 0.0976% likelihood of 100% loss
Scenario 2: 10 Sybil accounts = 0.5¹ = 50% likelihood of 100% loss

Note: this is a grossly oversimplified example, but it’s important for showing that directionally it’s the heterogeneity of risk that is king.

Scenario #2 would be true even if the 10 borrowers are different people but not sufficiently unique e.g. if they all work the same job. And Scenario #1 would hold even if the 10 Borrowers are really 1 person behaving distinctly 10 different ways, ie Bob the Builder & his 10 different LLC’s.

As a lender, it’s less important that you know “who” the borrower is as having the ability to identify unique categories of behavior, and to bucket and allocate capital to that risk at the correct price.

This is why Sybil attacks, where a single person creates multiple pseudonyms pretending to be multiple people, are such a threat to lenders.

One method of defending against Sybil attacks is to require identity verification. Some projects have been working to bring “Real Identity” on-chain using oracles, 3rd party attestation systems or by building proof-of-humanity systems. While it does seem to be missing the plot to build permissioned identity schemes on a global permission-less ledger, especially if they exclude crypto native structures like DAO’s, Protocols, and Smart Contracts.

The more damning critique is that such an identity system isn’t necessary nor sufficient to underwrite credit.

This is cause Sybil resistance is not a solved problem in traditional consumer lending. When it happens to a bank it’s just called identity theft or synthetic identity fraud.

It’s very likely any on-chain lender relying on a “real identity” system in any meaningful way would be a very tempting honey pot for identity thieves.

Uniqueness vs Identity

I say all this to highlight that the problem of building underwriting models at scale is not primarily one of identity verification, rather its data validity and depth of attributes.

A bank lending to a synthetic identity is simply missing the data point to classify that borrower correctly.

Now, a pseudonymous environment like DeFi does create a more adversarial environment because you can spin up a million accounts with fake history on Ethereum, and it does make any flaws easier to exploit programmatically. But the sad truth is it’s not that expensive to buy a stolen identity (<$8 for an American SSN, Name, DOB, more). Which is a lot cheaper than spending the gas to replicate multiple realistic on-chain actions.

And unlike Social Security Numbers in a web2 form, a web3 lender can be certain that the public key requesting the loan is the owner of that private key[2].

So, in order to build a functioning, profitable credit provider using on-chain data, it seems necessary to identify inventory items[1] one could use to begin building up a model that can provide credit to such a public key without:

falling prey to Sybil attacks, and
without having everyone default on you.

Easy peasy! 😅

If your loan isn’t fully collateralized it’s a donation

I have a simple view for quantifying trust, what is the amount of money it would take for a person to burn the bridge. Building an automated lender means that the cost to burn an address as trustworthy needs to be higher than what is lent.

It’s pretty straightforward to accomplish that via over-collateralization of an asset with a market price. Deposit $150K worth of ETH to get $100K worth of DAI.

Credit however is tricky because you aren’t collateralizing the loan on Hard Assets (re: title of this essay) but rather that person’s ability and desire to repay. If there is no cost to defect, the logical strategy is to take the money and run.

So all of this is predicated on the assumption that pseudonymous identities persist, aren’t universally used as throwaways, and act as gravity wells of value and data.

The key to this being viable is building a system that is iterative, where the cost to default isn’t just the moral twang of guilt, but the ongoing loss of opportunity cost. Framed a different way; we need persistent pseudonymous relationships.

Finding Intangible Value On-chain

In starting to think about how to select the inventory of data points we’d include in a credit model it seems like the general framework of such a model would have a few steps or guiding principles.

Step 1: identify independent indicators an address will repay.
Step 2: discount the credit limit by the likelihood it’s Sybil account
Step 3: create an ecosystem that provides ongoing value if the account doesn’t defect (make it a repeated game, a bridge someone needs to cross daily has more value)

All with a strong warning from Dame Strathern: When a measure becomes a target, it ceases to be a good measure.

In listing out a lot of potential data points I’ve found most things boil down to the following categories:

Actions: these are transactions an address has performed
Assets: these are NFTs or other tokens an account holds
Associations: groups and related accounts

Actions

What are the past actions that could be gleaned from an address’s event history to predict good behavior and that it’s not a sock puppet?

Donation to public goods: is charitable behavior indicative of non-delinquency?
Gas used over time: perhaps a quadratic scoring of gas use.
Voted in a DAO: Do delinquents vote?
Tried to keep a digital Tamagotchi alive
Borrow/Repay: This is probably the most obvious indicator, but I’m actually not convinced collateralized lending behavior is a good one. Liquidations might be a counter-signal though.

Assets

What assets imply that an address isn’t a Sybil? What role does transferability play here?

ENS: age and name. This can be an interesting one because some ENS domains do have some amount of market value, but your name has value specific to you. So you could create an underwriter that takes ownership leaving the user the controller e.g monetsupply.eth doesn’t have much market value, but how much does monetsupply value it?
POAPs: unique in that they require physical presence over time to claim. Matt tokens are another interesting example here. Having POAPs from 5 years’ worth of EthGlobal events is pretty Sybil resistant.
PFPs: If ENS is lending against your name, this is essentially underwriting backed by your online face e.g. imagine if you built up a following as punk6529 how much above market value is punk6529 worth to you?
Deposits: It costs time and money to withdraw and redeposit on a new account.

Associations

If you’re trying to predict my behavior, is seeing how my nearest neighbors behave a good start?

Token Curated Registries (TCRs) like write race create reputation graphs
DAO membership: This is likely twofold both as an indicator a la it’d cost effort to change which keys, and if the underwriter is the DAO, defaulting on the DAO likely has a social cost beyond defaulting on a random underwriter e.g. no more FWB parties.
Delegations: If 100 people have delegated to you, asking all of them to change keys is a lot of friction.

What are attributes you’d include in training your credit model?

TrustFall Experiment #1

To test some of the many assumptions we’ve made we will be running a number of real money experiments.

In this first one we will be providing 100 DAI vouches for accounts that have satisfied any of the below conditions on MainNet.

Association: All Write race participants
Assets: 3+ POAPs
Actions: Donors to mintfund

We have deployed three vouching contracts(list below) on Polygon that each have an array of qualified addresses they will vouch for if pinged (note: you can ping all 3 if your address qualifies for all 3).

0x18aD78140DB5cB318732d9ea53f402eeC3e37d36 — mint donation
0xbABB11a492D44a92B6D4AD2c9D75A4efbf17Ac08 — poap
0x48D5a63614F84Eb84Ef0439438248222d41ea368 — write race

The first 100 qualified addresses to ping the vouching contracts by sending ‘0’ MATIC to the above contract addresses on Polygon will receive a 100 DAI vouch on the Union demo-net, enabling you to borrow 100 DAI without collateral. The only penalty if you don’t pay it back would be a record of default at that address and the inability to borrow in the future.

The Github repo for the voucher contracts is: https://github.com/unioncredit/bulk-voucher/

If you have any questions or would like to talk credit, you can find me in the Union Discord or on twitter @jacobshiach.

[1] If you’re interested in Web3 Identity I’d highly recommend “Inventories not identities” by Kei Kreutler.

[2]the risk of stolen or leaked private keys does exist, but i’d wager you could get a probability of ‘key leak’ for a given key. And then just use that as discount.