Introducing the DeFi Score — an open-source methodology to evaluate code and financial risk in DeFi lending
There’s more to DeFi lending than APRs.
It’s been a big year for DeFi with triple-digit growth and over half a billion dollars locked across various lending platforms. We’re constantly inspired by the sheer amount of experimentation and disintermediation in the sector, all while continuing the slow march toward truly decentralized financial services. Unfortunately, public awareness in DeFi often focuses on the potential for outsized returns while eschewing the new types of risk that accompany smart contract lending platforms. Some of the most common lending and borrowing platforms include Compound, DyDx, Fulcrum, and Nuo.
Experienced users of these protocols may recognize common concerns:
How can I trust that a protocol’s smart contracts don’t contain bugs or vulnerabilities that put my funds at risk?
Is the product really decentralized? Can any individual or group impact my investment by manipulating oracles, administrative controls, or emergency measures?
Is there a scenario in which I won’t be able to withdraw my funds at will?
How will price volatility impact my position? What types of collateral are supporting the entire system?
Is the DeFi community evaluating lending opportunities with risk in mind, or are we simply chasing the best rate of return?
A Holistic Approach to Risk in DeFi
ConsenSys Codefi is excited to release the DeFi Score Methodology to promote transparency and understanding around the technical and financial risks impacting DeFi lending markets. The initial methodology is open sourced on GitHub, with a sample implementation to follow. Our goal is for the DeFi and Ethereum developer communities to expand, test, and use the methodology as DeFi matures.
Below is a visual example of how the DeFi Score could be implemented in a consumer application that evaluates a specific lending market.
The model outputs an easy to understand 0–10 score that can be presented to users or integrated into other systems. This example also includes a summary of the attributes that contribute to the score: strong technical properties, poor liquidity, and high regulatory risk.
Risk Model & Data Inputs
There are two broad categories that capture the crypto market’s risk attributes: smart contract and financial risk.
Smart Contract Risk
Lending platforms tend to share the same smart contracts across all of their markets, therefore smart contract risk will be the most relevant factor when comparing platforms. Answering important questions about a platform or protocol’s smart contracts can help determine the risk associated with their smart contracts. For instance, what portion of the code has been audited by reputable firms? Has formal verification been performed? Is the code open source? Is a bug bounty offered?
Financial risk focuses on liquidity and collateralization issues within individual markets and will change with market conditions. For example, if a market has low liquidity compared to its peers then the score would suffer.
Borrowers are overcollateralized to ensure repayment, however, the volatile nature of crypto assets means that high collateral factors can be insufficient. The composition of collateral backing today’s DeFi platforms has a high level of variation, with some being made up of much more liquid, stable assets than others. On-chain data about a market’s collateral ratio and collateral portfolio also impact the DeFi score.
Insurance and regulatory risk are two areas where we are starting to see divergence. Some platforms are contributing to insurance funds to protect against black swan events, however, the pools are generally deemed inadequate. Some platforms acknowledge regulatory concerns while others take stronger anti-regulatory positions. As lending platforms mature we expect to see these domains carrying more weight in the DeFi Score.
Given the nascent state of DeFi and the limited historical track record, it is important to understand that this is not a validated statistical model that has undergone regression testing. It is an opinion-based framework to start a conversation for estimating and communicating risk in these emerging markets. The weights have been designed to maximize the value of a 10 point scoring spectrum and are initially tuned for Compound, dYdX, Nuo, and Fulcrum.
We’re actively looking at new data points and methods to improve the utility of the score:
Address additional risk factors including centralization (governance) risks, oracle risks, and market liquidity risk via liquidation policies
Break out score subcomponents into individual scores
Decentralized methods for validating market metadata
Adapt the model for DeFi products beyond lending
DAO-ify the management of this scoring algorithm
We encourage the community to provide feedback on the methodology and get in touch!