Sep 19, 2022 09:08 AM 0 Answers
Member Since Sep 2022
Subscribed Subscribe Not subscribe

DeFi protocols are software applications that run on the internet, generally with very little human oversight, and often with millions or billions of dollars flowing through them. Like all software, DeFi protocols have two main software risks – coding errors, "bugs," that may cause the software to malfunction, and security vulnerabilities that allow thieves, "hackers," to break in and steal funds from the protocol.

For example, a bug in the Alchemix lending protocol allowed borrowers to reclaim loan collateral worth over $6M… without repaying their loans. Software security vulnerabilities can also destroy your DeFi investments. Many relatively reputable DeFi protocols, including Yearn Finance and Pickle Finance, have been victimized by hackers exploiting security vulnerabilities in their software to steal investors' funds. Thorchain was robbed twice in one week.

While Yearn, Pickle and Thorchain all elected to repay the victims of their thefts, they were not required to do so, and the repayments were not all instantaneous. You should assume that if you invest in a DeFi protocol and hackers steal your investment funds, your money will be gone.

There is no guaranteed method to avoid Software Risk in a DeFi investment, but there are ways to reduce it. You may notice that brand new DeFi protocols offer extremely high rates of return on investments, sometimes 1,000% or 2,000%. While those numbers are enticing, remember that the higher the investment return, the higher the risk.

In general, DeFi protocols with higher deposits and longer track records may have less Software Risk than newer or smaller DeFi protocols. This is because a new piece of software is like a new car model – it takes time for the engineers to work out the kinks.

Longer running DeFi protocols have had more time to discover and repair problems with their software. And larger protocols are more likely to attract negative attention from hackers than smaller protocols. You can assume that larger protocols face frequent, if not constant, attacks on their security. If they have operated for months without suffering a security failure, it may suggest that their software security is reasonably sound.

So, it is fair to say that a DeFi protocol that has operated for over a year and has over $1B of total value locked in the protocol probably has less software risk than a DeFi protocol that launched two months ago and has $100M of total value locked in the protocol.

Before you invest in a DeFi protocol, make sure you know how long it has been operating and the size of its total deposits. You can also check its website to see if it has taken reasonable steps to minimize its Software Risk, such as conducting code audits (paying independent security companies to review its software) and offering bug bounties (reward payments to anyone who identifies a bug in the protocol's software). You can also search the internet for news stories about the protocol being hacked.

If the protocol has been hacked, then find out when it happened, how the protocol's operators responded to it, and what steps they took to prevent it from happening again. That information can help you determine whether to trust the protocol with your money.

To be clear, there is no DeFi investment with zero Software Risk. But these considerations can help you evaluate how significant the Software Risk might be for a given DeFi protocol.

Submit Answer
Please login to submit answer.
0 Answers
Sort By: