Beginner’s Guide to DeFi Risk Management Part 1

Understanding Risk & Uncertainty

TL;DR:
The first part of this guide to managing risk in a decentralized finance (DeFi) context introduces risk frameworks in cryptocurrency protocols. Learn to differentiate between risk and uncertainty, focusing on systemic and non-systemic risks. Explore examples like marketing risk and smart contract risk, setting the stage for understanding and mitigating risks in crypto.

The latest installment in our Beginner’s Guide to DeFi revolves around risk frameworks as they relate to cryptocurrency protocols. It presents a methodical approach to evaluating risk, unraveling the intricacies through an investigation of potential benefits and risks.

Please note that this guide applies to all manner of tokens in the crypto space, including security, currency, and utility tokens.

A critical aspect involves differentiating between risk and uncertainty, focusing on effective mitigation strategies where possible. While risk cannot be completely eradicated, cultivating an awareness of the risk factors at play and assessing mitigation efforts is crucial to finding those diamonds in the rough.

💡

The information provided in this blog post is for informational purposes only and should not be taken as any form of investment or legal advice or any form of recommendation or endorsement of a project. We make no representations or warranties of any kind, whether express or implied, regarding any projects mentioned on this website. In no event shall we be liable for any claim, damages, or any other form of liability, whether in action or in tort, arising from or in connection with any project mentioned on this website. Conduct your own research and due diligence when engaging with any crypto project or service.

With a full understanding of risks and uncertainties, how can we measure these factors, if possible, and what actions should be taken when comprehending them? This sets the stage for a critical examination of a crypto project, encapsulated in a series of essential questions that unify the entire process within the framework.

What follows is not investment advice but rather a mental model applicable not only to crypto but to other areas in the broader world as well. The framework revolves around expected benefits versus expected costs and the ways we can quantify these concepts. So, without further ado, let’s embark on an insightful journey as we examine the complexities of risk assessment and mitigation in cryptocurrency.

Risk vs. Uncertainty

Although they’re often conflated, risk and uncertainty are two different concepts. Perhaps the easiest way to distinguish risk is that it can be calculated: it involves clear, well-defined probabilities. Risk can be thought of as the probability of potential loss relative to the expected return on a particular investment.

💡

A version of this article was first published on Medium and is based on the seventh session of the IOTA x Bankless DeFi education series. The session was presented on 27 October 2022 by Gruad and the summary, organization, and additional detail in the article are by DigitalSoul.x

So how does risk differ from uncertainty? Uncertainty pertains to those qualities that elude precise quantification. While we may acknowledge its presence, assigning a concrete number is impossible. This lack of certainty can manifest in different ways, such as the unknown probability of an event occurring or possibly unknown associated costs.

In essence, uncertainty can be thought of as ‘undefined risk’. Consider a scenario where an investment has already been made. What’s the probability of an unforeseen event, such as a meteor striking the company headquarters or the team lead encountering an unfortunate accident? Attempting to attach a number to such events is highly speculative and contingent on too many assumptions.

The actionable insight here lies in discerning between what is calculable and what is not. By identifying and segregating the aspects plagued by uncertainty, one can effectively set them aside for consideration later.

Types of Risk and Uncertainties

We’ve divided risk into systemic and non-systemic.

Systemic (or Market) Risk

Systemic risk, also known as Market Risk, describes risk that is inherent to the entire crypto space rather than an individual protocol or project. To understand systemic/market risk, imagine the macro implications of a severe reduction in the price of Bitcoin. It’s likely to have repercussions on all tokens on the market. For instance, if you hold a stablecoin, its dollar-based valuation may remain unaffected, but it would still likely appreciate relative to Bitcoin. Understanding these mechanisms and their susceptibility to market-wide events is crucial.

One example of systemic/market risk is political risk. The current crypto landscape is rife with regulatory uncertainties. And when a bombshell announcement regarding regulatory compliance is announced by influential jurisdictions, it can have a spillover effect on the entire market.

While it is difficult to predict the outcome of these risks, it’s imperative to consider their potential impact. One way to gain more insight is to draw on the expertise of the community. Individuals with expertise in their own region, such as in regional politics or recent legislation, can offer insights into the potential impact on the value of crypto platforms in those regions. Even though it’s called systemic or market risk, these threats can be difficult to quantify, so for our discussion, they fall under uncertainty.

An example of political risk is the U.S. Office of Foreign Assets Control (OFAC) sanction of Tornado Cash, which not only impacted the platform itself but had spill-over effects on others relying on Tornado Cash’s capabilities for funding, particularly in USDC.

Non-Systemic Risk

In addition to systemic risks, it’s imperative to consider non-systemic risks, which are dangers that apply to specific platforms or protocols. These include:

Smart Contract Risk: Vulnerabilities or bugs in smart contracts can lead to exploits, hacks, or loss of funds.
Marketing Risks: Poor marketing strategies can lead to a lack of adoption, decreased token value, or negative sentiment among investors.
Management Risks: Developers or project founders may engage in fraudulent activities such as rug pulls (sudden withdrawals of liquidity) or exit scams (abandoning the project after raising funds), resulting in investor losses.
Governance Risks: Weak governance structures or centralized control can result in governance attacks, voting manipulation, or conflicts of interest.
Economic Exploit Risks: Economic mechanisms within protocols can be exploited by malicious actors to manipulate token prices, drain liquidity pools, or destabilize decentralized finance (DeFi) platforms.
Regulatory Risks (these can also become systemic, as noted above): Legal and regulatory uncertainties can pose risks to projects, including regulatory crackdowns, compliance issues, or bans on specific tokens or activities in specific jurisdictions.
Oracle Risks: Decentralized applications (DApps) relying on oracles for external data inputs face risks such as oracle failures, data manipulation, or inaccurate data feeds, leading to incorrect outcomes or financial losses.
Tokenomics Risks: Poorly designed tokenomics, including excessive token inflation, lack of utility, or unfair token distribution, can erode investor confidence and undermine the long-term sustainability of a project.

But how can one navigate and comprehend these risks? We’ll explore how in the next part of this guide.