In brief
- The Federal Reserve Bank of St. Louis published a report titled “Decentralized Finance: On Blockchain- and Smart Contract-Based Financial Markets.”
- The report notes that DeFi has the benefits of accessibility, composability, efficiency, and transparency.
- But it also states that smart contracts, dependencies, and operational security are key risks to address.
The Federal Reserve Bank of St. Louis is keeping a close eye on Ethereum-based decentralized finance (DeFi).
A February 5 report titled “Decentralized Finance: On Blockchain- and Smart Contract-Based Financial Markets” comes with warnings about smart contract security, scalability and other risk factors, but is otherwise bullish about the innovation.
“DeFi offers exciting opportunities and has the potential to create a truly open, transparent, and immutable financial infrastructure,” wrote Fabian Schär, a University of Basel professor who specializes in distributed ledger technologies such as blockchain.
DeFi refers to financial services offered without a traditional financial middleman such as a bank or lender. DeFi apps, for instance, enable their users to borrow, lend, or trade digital assets on a peer to peer basis. Ethereum is the blockchain upon which most decentralized finance applications are built.
DeFi took off in a big way in 2020. At the beginning of last year, there was less than $1 billion of value locked into DeFi protocols and platforms. As of today, there’s over $38 billion, according to DeFi Pulse. The growth was spurred by major events, like the airdrop of the UNI governance token to users of the decentralized exchange Uniswap.
Writing for the St. Louis Fed—one of 12 regional banks that makes up the US central banking system—Schär noted four ways in which the DeFi ecosystem may benefit financial infrastructure: accessibility, composability, efficiency, and transparency.
In terms of accessibility, Schär believes that DeFi can level the playing field for access to financial services given that “the infrastructure requirements are relatively low and the risk of discrimination is almost inexistent due to the lack of identities.”
Second, the technology allows the quick transfer of tokens using smart contracts, a game changer for efficiency, when most bank transfers take days to settle.
Third, as an economist, Schär is enthralled with the statistical transparency of the platforms. He noted, “The availability of historical (and current) data is a vast improvement over traditional financial systems, where much of the information is scattered across a large number of proprietary databases or not available at all.” That can help cut off potential financial disasters before they occur.
Last, he found that composability—the ability to create multiple products and fuse them to create something new—“allows for an ever-expanding range of possibilities and unprecedented interest in open financial engineering.”
That last opportunity, however, is also a risk. Composability, he wrote, also leads to increased dependencies. As more products interact and integrate, they become increasingly exposed to other products’ vulnerabilities.
So, for example, when someone locks ETH into MakerDAO to receive Dai stablecoins, then lends those assets out on another platform, where they’re put into a liquidity pool that allows another token to be withdrawn, things start to get murky. “These ‘token on top of a token on top of a token’ scenarios, which create wrapper tokens, can entangle projects in such a way that theoretical transparency does not correspond to actual transparency,” he stated.
There’s also the issue of operational security, with many so-called “decentralized” projects providing admin keys to the creators. These keys are not always securely stored; even if they are, they can be used to siphon funds out of a project. That was the concern back in August 2020 when liquidity protocol Ren revealed that $100 million in assets were held in a single wallet—though the team maintained that the private key details remained hidden.
Smart contracts, too, though an innovation, are themselves security risks. “If there are coding errors, these errors may potentially create vulnerabilities that allow an attacker to drain the smart contract’s funds, cause chaos, or render the protocol unusable,” Schär claimed, without citing any of the dozens of smart contract vulnerabilities that have been exploited in the last year.
A November 2020 report from blockchain tracking company CipherTrace found that hackers were causing $10 million in DeFi protocol losses per month thanks to smart contract exploits. For example, Harvest Finance said goodbye to $34 million in a flash loan attack. That’s a type of attack that allows users to borrow money, drive down an asset price, grab an asset for less than normal, then pay back the loan—in an instantaneous series of convoluted transactions.
Overall, however, these are problems to be addressed, not insurmountable barriers. “If these issues can be solved, DeFi may lead to a paradigm shift in the financial industry and potentially contribute toward a more robust, open, and transparent financial infrastructure,” said Schär.