DeFi Money Markets: Introduction, Challenges, and a Wishlist

19 Jun, 2023

In this blogpost, we offer an accessible overview of Decentralized Finance (DeFi) Money Markets (MMs), while also highlighting that prevalent architectures encounter issues warranting immediate attention. The post is loosely based on this talk.

Money Markets Allow to Lend and Borrow Tokens

In the world of DeFi, MMs hold an important spot among the many types of other DeFi applications - like decentralized exchanges (DEXes), stablecoins, prediction markets, and synthetic assets. Despite bearing names like Lending Market, Lending Protocol, Loan Protocol, Borrowing Platform, or Liquidity Protocol, they all practically do the same thing. The main functionality of these noncustodial smart contracts (SCs) is that users depositing a specific token (Token A) as collateral can then borrow another token (Token B) directly from a SC with no intermediaries as shown in the figure below.

DeFi Is Straightforward and Transparent

As noted by Warren Buffett, not typically an advocate of DeFi, the complexities of the traditional financial system (TradFi) often perplex the public and lawmakers alike. The recent memories of several bank collapses further illustrate this, which arguably occurred due to high-risk maneuvers by the banks' management despite close scrutiny from various regulators and oversight bodies.

In contrast, DeFi offers a more intuitively comprehensible approach. The system's attributes underscore this notion: DeFi is decentralised, with the code acting as the unique intermediary. It is noncustodial, empowering participants with full control over their funds. It's also permissionless, providing universal access, and transparent, with its open-source code available for inspection. Further, it's composable, permitting services to be built on top of each other, while the building blocks themselves remain elementary. In essence, DeFi's transparency and simplicity offer a refreshing contrast to the Byzantine structures of TradFi.

Unpacking the Mechanics of Money Markets

In alignment with the DeFi philosophy, the typical design of a MM is utterly understandable. Since SCs are generally passive and rely on external interactions, MMs are usually assisted by a suite of auxiliary components.

A key requirement for a MM SC is the ability to evaluate if loans are appropriately collateralized. This requires knowledge of the prices of both collateral tokens and the tokens that have been loaned out. Price oracles cater to this need: they are specialized SCs that store various data including token prices on-chain. Nevertheless, price oracles themselves are incapable of autonomously fetching up-to-date price information. Instead, data providers, occasionally referred to as reporters, are responsible for pushing this information onto the price oracles. They gather this data from an array of sources, such as DEXes.

Moreover, in scenarios where a loan becomes under-collateralized, also known as a bad loan, a liquidator intervenes. By submitting a transaction, the liquidator initiates the liquidation of the collateral, thereby closing the problematic loan. Both data providers and liquidators are off-chain components, that is, either people or software outside the blockchain. These components and their interactions are further illustrated in the accompanying figure below.

Easy to Understand = Secure?

One might assume that being easy to comprehend implies a system that is straightforward to analyze and troubleshoot. Regrettably, in the context of DeFi MMs, this is far from the truth. Every accessory SC encircling the MM SC is potentially susceptible to hostile takeovers by attackers keen on profiteering from the MM SC. Furthermore, necessary transactions bridging these components could be subject to censorship, frontrunning, or other attacks. Thus, despite the general scheme being relatively comprehensible, current MM architecture is far from impervious.

To elucidate this point further, let's consider a prevalent exploit, known as spot price oracle manipulation. Within a system where a SC accepts Token A as collateral to lend Token B, a potential vulnerability can be exploited in the following way:

1. an attacker artificially inflates the price of Token A,
2. uses the inflated Token A as collateral, and then
3. borrows Token B while the price of Token A is artificially high. Subsequently, the attacker runs off with Token B, leaving behind an unpaid loan.

Under Siege

This form of attack isn't merely theoretical but has been seen in practice. For instance, major protocols like Mango Markets, Venus Protocol, Cream Finance, and Rari Capital, some of those managing total value locked (TVL) in the range of billions USD, have all fallen prey to exploits. Numerous incidents have been documented, spotlighting the lack of security. A developer has even created a repository on GitHub, tracking information on oracle manipulation.

The issue has been well known in the DeFi community for quite some time. Rari Capital, in a tweet, acknowledged that irrespective if the core protocol is sound, the interaction of oracles and other features could compromise security, especially in low liquidity environments. Similarly, a tweet from @0xmev underlined the susceptibility of even 'big' protocols to manipulation and bad debt, thereby raising calls for bolstering DeFi's underlying structures. Recently, this topic has been gaining increasingly more attention.

Debt and Fragility

Nassim Taleb, a philosopher, has put forward an idea that debt, especially when amplified by leverage, often serves as a catalyst for economic instability. This fragility, as we've observed, is not exclusive to TradFi but has made its presence felt in the realm of DeFi. So, does this inherent fragility imply that MMs are invariably insecure with no means of circumvention?

As often is the case, there are trade-offs that can be employed to mitigate risk. One such strategy involves restricting collateral to tokens that enjoy high liquidity and consequently display low volatility. The stakeholders and infrastructure associated with these tokens tend to be more mature, placing significant emphasis on preventing security infringements. This is the path trodden by currently most prominent MM protocols. However, the trade-off here is that among thousands of tokens available, only a limited selection gets approved as acceptable collateral.

Building a Different Money Market: a Wishlist

Reflecting on the current limitations of Money Markets and the evolving trajectory of DeFi, it becomes evident that certain attributes could significantly enhance the security and efficiency of Money Markets:

1. No on-chain dependencies
2. No off-chain dependencies​
3. No collateral cross-contamination
4. No contract upgrades (immutable SCs)
5. No loss of lender funds including passive lenders

Both on-chain and off-chain dependencies increase the attack surface of a protocol, often becoming prime targets for potential attackers. By eliminating these, one is likely to create a system with a more robust risk profile.

An ideal MM should accommodate any token as collateral, even including exotic niche tokens and tokens determined by upgradable SCs. However, ensuring the safety of interactions such as transferring these tokens or using them in liquidations, is not a simple task. One approach to managing risks in this scenario involves isolating assets to avert cross-contamination. This is the rationale behind some DeFi products adopting a factory model.

Upgradability, while promoting agility and innovation, can inadvertently increase risk. While SC upgrades enable the incorporation of new features, they also often imply that not all changes are audited equally. Even protocols with industry-leading teams have unintentionally introduced vulnerabilities during upgrades, leading to exploits.

Lastly, as the DeFi MM landscape continues to expand and mature, the desires and requirements of users become increasingly clear. One emerging trend seems to be a preference for minimizing the risk profile for lenders. Specifically, even passive lenders should be shielded from losses stemming from loan defaults.

Bold New Horizons

Users are increasingly entrusting significant capital to DeFi Money Markets, signaling a firm belief in their potential value. Understanding how these markets operate is achievable; however, their innate susceptibility to malicious exploits raises pressing concerns. The weaknesses and limits of the most popular MM architecture have clearly been shown. The future of DeFi calls for innovation and resilience.