More than $78 billion worth of digital assets had been lost as a result of various types of hacks, attacks, and exploits in web3. A big part of it comes from protocols in decentralized finance.
When analyzing DeFi as an investable universe, it’s important to be aware of the types of risks associated with it.
In this article, I aim to summarize all the most important DeFi risks with examples and steps on how to potentially identify them.
The risks are grouped into 3 major categories:
- Protocol Risks — risks related to DeFi platforms with which you interact.
- Asset Risks — risks related to assets in a portfolio.
- Yield Pool / Strategy Risks — risks related to specific pools or strategies available on DeFi protocols.
This research is brought to you by One Click Crypto — Your Gateway to DeFi.
1. Protocol Risks
1.1 Smart Contract Risk
Smart contract risk is the most common DeFi risk, yet is quite atypical to traditional finance.
DeFi relies on smart contracts, which are self-executing contracts with the terms of the agreement directly written into code. There is a risk that these contracts contain bugs or vulnerabilities that can be exploited, leading to loss of funds.
For instance, the hack on The DAO in 2016, which resulted in a loss of 3.6m ETH, occurred because of a vulnerability in its smart contract.
The way to prevent hacks is through exhaustive and diligent technical audits performed by world-class reputable auditing firms.
Questions to ask when analyzing smart contract risk:
- When was the last audit of the smart contract performed?
- Who performed the audit and what were the findings?
- Is there a bug bounty program in place and what’s its maximum payout?
- Have there been any security incidents in the past? If so, how were they handled?