Ethereum and DeFi is Maturing
Kiwi
0x08D8
July 27th, 2022

Written: Dec 13, 2020, DeFi summer had flourished and more complex protocols were being developed soon after. Flash loans had been a threatening force, several DeFi hacks (Audited and not audited) occurred every week with millions of users funds taken. People were genuinely scared of the safety of DeFi due to the existence of flash loans and I had written this piece to explain why they were an important development to Ethereum.

Ethereum is the leading platform for decentralized applications and is unmatched in ecosystem, community, and tooling. Despite some bumps in the road, the whole ecosystem along with its users are responding to the problems and maturing in multiple ways not known until this year.

A young, budding DeFi

Last year, I published a post about how the Ethereum ecosystem and DeFi (Decentralized Finance) were blossoming and experiencing the first waves of rapid growth, along with discovering their product-market fit as an open financial ecosystem. Now in 2020, we are witnessing the ecosystem mature along with its users and applications. Even with the occasional food project and large hack, the activity that is occurring on Ethereum solidifies its position as the leading platform.

The building blocks on Ethereum are intrinsic to DeFi. Every additional application increases the organic usage and reliance on the established foundation. Each application built on Ethereum has immediate access to every single application on the network, and this is where DeFi found its beginnings. With MakerDAO/DAI, Uniswap and Compound serving as the initial building blocks, the framework for future applications was founded.

TVL in DeFi is approaching $20,000,000,000. (from DeFiLlama)
TVL in DeFi is approaching $20,000,000,000. (from DeFiLlama)

We now have dozens of applications built on Ethereum that can serve as a foundation to be built upon. A lot of this composability can be seen in the yearn.finance vaults. The yearn vaults are a complex suite of smart contracts that each serve different functions to achieve the goal of compounding farm returns for the user. The user deposits an asset to earn returns and that asset is transformed and farmed with. After it gathers the reward from farming, they are sold on Uniswap, and compounded back into the farm to increase future earnings. If you’re not familiar with farming (also called “yield farming”), you can read more here.

A diagram showing how the (now inactive) ETH vault worked.
A diagram showing how the (now inactive) ETH vault worked.

This (now inactive) ETH vault in particular is built by Yearn (credit to finematics for the graphic), and uses MakerDAO, Curve, and Uniswap in multiple ways. On top of providing returns for its users, the staked funds are also providing liquidity on Curve’s stable-asset specialized DEX. This is why Curve distributes their CRV tokens, to incentivize users to provide liquidity on their platform, and it clearly works. Note: Yearn is working on their V2 vaults now 😄

Maturity in a financial ecosystem

Now, the Ethereum network not only contains of a great amount of value, but its applications are also entirely comprised of code. Some of this code holds custody of a LOT (almost $20,000,000,000) of said value. Things can go wrong, hackers are very smart, sometimes smarter than the developers writing the code. There have been several attacks just this quarter, summing up to well over $100,000,000 of users funds lost since the start of the year.

DeFi is growing. Maybe even a bit too fast. Ever since flash loans have been released, the space hasn’t been the same. Users are scared, audits aren’t viewed as reliable as they once were, and price oracles have been ruthlessly abused as of late.

But there is some silver lining in all of the recent incidents: Ethereum is maturing as an open financial ecosystem. It’s absolutely phenomenal that DeFi has thrived despite the existence of flash loans. Flash loans are extremely powerful tools (for mainly the wrong reasons) and there is a purpose to their existence. Without a full ecosystem to interact with, they’d be entirely useless.
Note: Flash loans now have a standard interface to implement. Read the EIP for details on flash loans.

However, given that flash loans exist, DeFi applications have to adapt in various ways to protect their users and stay relevant. Other smart contract platforms don’t have these types of problems, simply because there isn’t enough built on them to actually cause problems. The attack vectors that flash loans use have always been there, flash loans just make them more accessible to exploit, forcing every service in DeFi to design solutions around their existence. The Time-Weighted Average Price (TWAP) oracle used by Uniswap to protect their price oracle against flash loan manipulation is a great example of such solutions. The TWAP uses the average price of an asset calculated over any chosen interval to provide a hard-to-manipulate and decentralized price oracle for any trading pair on Uniswap. Woohoo for innovation!!

And soon (early next year to keep the holidays calm), we will be seeing flash mints launch for DAI. While the attack methods of flash mints aren’t vastly different from the ones of flash loans, they will be challenging smart contracts that either don’t have overflow safety, or don’t handle stable interest rates properly.

An example attack vector using flash mints for lending platforms. Go follow Marc (@lemiscate)
An example attack vector using flash mints for lending platforms. Go follow Marc (@lemiscate)

Responsibilities as a DeFi user

With every application built, more integrations are made between different moving parts of the Ethereum network. The applications built a year ago were much simpler than what is being built now, and with more power comes more responsibility.

Even with the “test in prod” mentality and after “unaudited” code getting millions in TVL during DeFi summer, audits are still valuable and extremely important, but users need to remember they’re not a guarantee of safety. The applications on Ethereum can be very complex and have multiple risks.

As a user there are several risks you need to be careful of:

  • Smart contract risk: there could be flaws in the code that very smart hackers can discover and abuse. Audits usually revolve around coding best practices and “hard” exploits in the code. Economic exploits like flash loan oracle manipulation are still very recent developments.
  • Admin key risk: if a private key exists that has any custodial or administrative control over the smart contracts, you are trusting the developers with your funds. Is there a timelock? A multisig? What can they change?
  • Fork risk: DeFi applications are very complicated. If a developer forks an existing application it may mean they possibly lack a full understanding of the code or are trying to ride on the hype of an existing protocol. Be very careful when engaging with forks.
  • Asshole risk: when you interact with the developers, do they seem like assholes that don’t care about their users? If so, why would they care about their users security?

DeFi is certainly risky, and it’s important for users to hedge their risks and protect themselves. The events of this year have inspired the emergence of many protocols focusing on protecting users from hacks and other major losses of funds, similar to insurance. Nexus Mutual launched in May 2019 and they have served as the main example of decentralized risk protection. However, their service is KYC’d, which closes the doors to most Ethereum users.

But as of late, several new DeFi coverage protocols are emerging: Umbrella, Insurace, Nsure and Cozy Finance. With the launch of such coverage protocols, the DeFi space provides their users with a choice of solutions to protect themselves from the “move fast and break things” mentality that the Ethereum community leans towards.

A major indicator that Ethereum and its ecosystem is maturing is the growing demand for services like decentralized risk protection. DeFi summer has made many users very familiar to using Ethereum and its applications, so now they just want to make sure their money is protected! Ethereum’s growth has always been organic, and its very uplifting to see the space trend towards protection of user funds, making the Ethereum network safer as a whole.

Thank you for reading!

Who am I?

I’m Kiwi, a software engineer for Prysmatic Labs. At Prysm we work on a production-quality implementation of Ethereum 2.0! If you’d like to try running a validator or help out with the effort, feel free to join our Discord server and reach out! Follow me or my team on Twitter if you enjoyed reading this!

ADDED - July 27, 2022

Hello!!! Thank you for reading this article from past Kiwi! It is nearly 3 years old at the time of me adding this to Mirror! Wow!

If you're curious what I do nowadays, I built the protocol for NFTX V2 a decentralized NFT marketplace, and I have co-founded 2 anime art NFT projects, uwucrew and Killer GF. On top of helping with Persona Lamps and Aiko Virtual! Nowadays I'm building products to help form communities around supporting NFT artists!

You can follow me on (@0xKiwi_) Twitter to keep up with what I do!

Thanks for reading!!!

Subscribe to Kiwi
Receive the latest updates directly to your inbox.
Verification
This entry has been permanently stored onchain and signed by its creator.
Arweave Transaction
GFKky-mMq9VvOIK…hPm92de1AEsllSo
Author Address
0x08D816526BdC9d0…FA49F58A5Ab8e48
Content Digest
TcrR4tAPnqVvPbi…3JcO-3cUFtAOYqw
More from Kiwi
View All

Skeleton

Skeleton

Skeleton