JR crypto research

TL;DR:

• DeFi protocols protect customer funds primarily through smart contract transparency. But customer funds remain exposed to the risk of smart contract exploits, and protocols rarely have mechanisms to cushion these losses. CeFi firms have imploded at record speed. DeFi clients are left to use smart contracts at their own risk. Meanwhile, lawmakers increasingly express interest in regulatory intervention to protect crypto investors. 

• In TradFi, bank regulations protect client deposits in part by requiring banks to maintain sufficient capital buffers to cover losses in stress scenarios. 

• Similarly, a DeFi protocol could protect its users against smart contract risk by tapping a dedicated credit market to create a subordinated capital buffer that would absorb losses in the event of an exploit. Credit investors would take on this risk in exchange for yield. 

The “investor protection” meme has taken hold post-FTX

In the wake of the recent implosions of centralized crypto exchanges and lenders, including FTX, BlockFi, Genesis, Celsius, Voyager and others, “investor protection” has become a powerful meme among lawmakers inclined to intervene in crypto. Lawmakers and regulators note that crypto firms often fail to comply with or are not subject to the laws designed to protect investors and clients when they transact in TradFi markets. 

Participants in the space are quick to point out that DeFi protocols offering many of the same functions as their defunct centralized peers – e.g., trading, borrowing and lending – have continued to operate as designed even as CeFi firms go bust and their retail clients stack huge losses. One reason regulators don’t need to intervene in DeFi, the argument goes, is that DeFi is safer than centralized firms, which can more easily fall victim to fraud and incompetence. In addition to distinguishing DeFi from a regulatory perspective, these baseline advantages would suggest a significant growth opportunity for DeFi when the market recovers.  

Two broadly acknowledged impediments to capitalizing on this opportunity are UX friction in DeFi (including challenges related to self-custody) and user anxiety over depositing funds into smart contracts subject to exploits. This post focuses on the latter problem. It briefly outlines the problem of DeFi smart contract exploits, examines the role of capital buffers in protecting similarly situated TradFi depositors and suggests an analogous solution to protect DeFi investors. The solution uses available and widely understood DeFi building blocks, particularly on-chain borrow/lend markets, drawing an analogy to the traditional banking concept of regulatory capital and specifically to the role subordinated debt plays in a bank’s capital stack to cushion customer losses. 

Retail losses from smart contract exploits impede DeFi growth

While DeFi systems’ transparency and predictability help protect users, users still lose funds deposited in smart contracts when those contracts are exploited by malicious actors. On a cumulative basis, according to recent data from The Block, over $2.5 billion has been drained from DeFi protocols due to smart contract exploits, which is about 6.3% of the roughly $40 billion in value currently locked in defi protocols (down from an all-time high of about $160 billion in late 2021). 

Although this magnitude of loss may not seem catastrophic, and although some of these losses have later been recovered, the stories of people losing their money in individual exploits weigh heavily on the psyches of current and prospective DeFi users. Large retail losses from DeFi exploits also capture the attention of regulators charged with investor protection. For these reasons, improving the safety of user funds deposited in smart contracts will likely prove important both to DeFi’s growth and to its ability to avoid regulatory intervention.

Insurance isn’t the only “insurance”

Because DeFi exploits feel like the type of real-world catastrophe that individuals and businesses take out insurance policies to protect against, several attempts have been made to solve this problem by creating DeFi insurance products. Perhaps one of these projects will eventually offer a workable solution for DeFi exploits at scale, but so far none has done so. It may simply prove difficult to scale in a capital efficient manner an insurance policy to meet the potentially explosive growth of a DeFi protocol. Indeed, the deposit insurance schemes that dominate TradFi are run by governments that can socialize losses via national treasuries. 

If the traditional private insurance model isn’t quite right, nor is it the only model available. Another useful framework is the subordinated debt markets that banks use to meet their regulatory capital requirements. To stick with the insurance analogy, regulatory capital is like the government mandating that a traditional bank access financial markets to bolster its capital stack. This additional capital acts as an insurance policy for the bank’s clients against its own incompetence or bad luck. 

The subordinated bank debt market is designed to help reduce risk of loss by clients when something unexpected happens that puts stress on a bank – and to do so without compromising the bank’s overall capital efficiency. It’s worth taking a closer look at this concept to understand how a similar one could work in DeFi. 

Regulatory capital is a form of insurance for clients in the traditional banking sector 

The complex capital stack of a traditional bank serves a straightforward purpose. In essence, it’s designed to protect clients by shielding deposits from losses through subordinated capital, while seeking to preserve the bank’s overall capital efficiency.  Risk – and potential return – increase as one travels down the stack. A simplified bank capital stack might look something like this:

	Depositors
	Senior Debt
(regulatory capital)	Subordinated Debt
(regulatory capital)	Equity

Regulators require that banks maintain sufficient regulatory capital, roughly defined as “capital at the bottom of the stack,” to continue offering consumer products like bank accounts. Because equity holders value capital efficiency and avoid dilution, they often prefer not to fund 100% of regulatory capital via equity issuance. Subordinated creditors, who sit directly above the equity in the stack, provide additional capital without diluting the equity. If it’s structured correctly, the credit they provide is deemed by regulators sufficiently like equity that it counts toward the bank’s regulatory capital requirements. Subordinated creditors receive a rate of return priced by the market based on its view of the likelihood the bank will fail. 

DeFi capital efficiency comes at a cost  

A typical DeFi protocol’s capital structure looks quite different than that of a bank. Protocols have native tokens rather than traditional equity, and a protocol often maintains a large portion of its treasury in its own native token rather than a more stable reference asset like fiat stablecoins or ETH.

Unlike a bank’s equity, which makes up a substantial portion of its regulatory capital and is available to shield clients from losses, a DeFi protocol’s treasury is rarely set up to cushion user losses following a smart contract exploit or other stress scenario. Moreover, even if the treasury were designed to cushion losses, because an exploit at a protocol invariably affects its token price, a treasury containing primarily its own native token would immediately lose value in an exploit. This would significantly impair the treasury’s ability to cushion losses. 

In addition, unlike banks, of which most customers are not shareholders, there is often substantial overlap between a protocol’s users and holders of its native token, in part because the native token is frequently distributed to users as a reward for transacting with the protocol. 

One result of these differences is that DeFi protocols can be far more capital efficient than TradFi institutions, both due to the inherent dynamics of native tokens and – crucially – because they almost never dedicate capital to cushion user losses.

The protocol launches a smart contract, clients use it to transact and the protocol earns revenue. If the contract is exploited, it is client whose funds are typically stolen. The protocol is incentivized to avoid this and to recover funds because its survival and growth depend on clients trusting the protocol enough to use it. But users transact at their own risk.

Reasonable people can disagree about these tradeoffs. However, it is far from obvious that those DeFi protocols which eventually achieve breakout growth and onboard vast numbers of users – many of whom will be TradFi clients accustomed to the relative safety of the traditional banking system – will do so by requiring users to transact with smart contracts entirely at their own risk. 

DeFi protocols could cushion user losses through dedicated subordinated credit markets 

An on-chain subordinated credit market for DeFi protocols could allow protocols to cushion unexpected customer losses in much the same way that subordinated bank debt functions within regulatory capital frameworks. Protocols would borrow funds in this market, with these funds used exclusively to backstop client losses in the occurrence of defined events. Credit investors would buy these loans in the market at prices that clear based on the loan’s perceived risk and specific terms. 

Below is an example of how this system might work: 

• A DeFi protocol swaps a portion of its treasury into a reference asset like USDC or ETH. Ideally, the reference asset would be the primary unit of account used by its clients (i.e., the same asset they would use to quantify a loss). To avoid sell pressure on its native token, the protocol might prefer an OTC deal with an investor or might use investor funds it has raised in fiat.  

• The protocol deposits the reference asset in a client recovery wallet, where it serves as collateral. Withdrawals from this wallet can occur only (a) in the event of an exploit or other specified event within a defined set of smart contracts or (b) in the event the amount in the wallet exceeds a certain threshold determined by reference to contract’s TVL and perhaps other factors, in which case the excess could revert back to the protocol’s treasury.

• The protocol leverages in the subordinated credit market the collateral it deposited in the client recovery wallet. Lenders take on credit risk in exchange for yield, at a price that clears based on the market’s perception of the likelihood an exploit or other defined event will occur, together with the terms of the loan such as its duration and collateral ratio. In addition to reducing the interest rate, partially collateralizing the loan would better align the interests of the protocol and its creditors to avoid exploits. 

• If an exploit occurs, the funds in the recovery wallet would be used to pay back affected clients. If the protocol later recovers some of these funds, they would be used (1) to make clients whole, then (2) to pay back subordinated creditors, then (3) to replenish collateral.

• To increase capital efficiency, it would be possible to pay a portion of the yield owed to creditors in the protocol’s native token. However, participants in this market would need to remain mindful of the effect an exploit would have on the token’s price. 

• Loans that are sufficiently standardized could be pooled, increasing liquidity and allowing creditors to earn sustainable yield without concentrated exposure to a single protocol or smart contract. 

Many details would need to be worked out in this kind of system. Crucially, the smart contracts running it would themselves be subject to exploit and would need to undergo extensive security audits. 

A protocol would need to weigh its increased capital cost against the benefits it expects to realize in terms of potentially growing its customer base, reducing its customer acquisition cost, increasing its margin on a given product or, on a more macro level, avoiding regulatory intervention. Unlike traditional financial institutions, which have clear (if complex) minimum capital requirements, protocols and users would need to evaluate how much of a buffer is sufficient to protect against potential exploits. 

In lieu of regulatory intervention, best practices could emerge to guide protocols in making these decisions and to guide DeFi users in evaluating protocols’ relative safety. Alternatively, if one agrees with the thesis that regulators should focus on apps rather than protocols, regulators in a particular location could set capital requirements and restrict front-ends available to users in that location from accessing protocols that fail to meet them. In this scenario, one could imagine international norms emerging in much the same way that bank capitalization requirements have been standardized under international accords like Basel III.    

It’s worth experimenting with new mechanisms to increase trust in DeFi

None of this is an argument in favor of regulatory intervention in DeFi. On the contrary, if one’s objective is to avoid regulation, then proactively making DeFi safer for users should be a priority. It’s undeniable that bank regulations have contributed to the safety of the traditional banking system. Many people to feel their money is safest in a bank account. To instill a similar level of confidence in DeFi, it’s worth understanding the concepts used by the banking sector to accomplish this and exploring how they might be adapted to DeFi. Subordinated capital buffers are one such concept. 

DeFi’s current level of capital efficiency comes at a cost. Retail customers transact with smart contracts at their own risk, sometimes losing funds. Changing this paradigm to one in which protocols use lending markets to provide loss cushioning could go a long way to protecting investors, encouraging growth in DeFi and alleviating regulatory pressure.