In this blog post, we describe Trading Strategy's vault technical risk framework to classify the risk of different DeFi vaults. The purpose of this is to assist investors and automated strategies in making informed decisions when allocating capital across the various vaults.
Preface
Investing in decentralised finance is high risk, high reward. A significant amount of risk is due to the industry's immaturity - DeFi can be considered to be four years old at the time of writing this. Due to DeFi's transparency and self-custodial nature, risk assessment in decentralised finance can be easier, more accurate, and more real-time than in traditional banking-based finance. Because of this, we believe that decentralised finance investing will eventually replace more conventional, opaque investment opportunities, as the price of risk can be lowered because it can be more accurately assessed.
But we are not yet there today. The paradox of efficient markets is that you first need to have inefficient markets so that someone can make them efficient. As Trading Strategy has started publishing DeFi vault benchmark reports, the number one request for us has been to include the vault risk level in these reports. We have now done this and include a technical risk metric for vaults.
What is a technical risk score?
The technical risk refers to the likelihood of losing money invested in a DeFi vault due to poor technical execution. The Vault Technical Risk Framework offers a straightforward tool for categorising DeFi vaults into higher- and lower-risk categories.
Cybersecurity incidents or "hacking" are the number one risk for decentralised finance by a far margin. Some famous DeFi hack incidents include, e.g. Balancer, Bunny, and Euler. The second-highest risk is unreliable and incorrect data, or a lack of transparency, which can lead to incorrect assumptions about potential failure modes (Stream xUSD).
Our technical risk score includes
- The quality of the software
- Transparency
The counterparty of technical risk is "market risk" or "volatility risk" or simply "bad trades". Our Vault Technical Risk does not account for the market risk. If Donald Trump announces new tariffs and Bitcoin's value drops to zero as a result, the risk score cannot account for this. The risk score, however, reflects the transparency. With the best risk-scored vaults, you and others can assess how market volatility may impact vault performance, considering trading position factors such as loan health ratios, liquidation risk, cascading liquidations, auto-deleverage and more.
There are also other common risk aspects to consider when investing in DeFi vaults. Discretionary management actions, such as lockup periods and whitelists, fall more into the market risk. Financial contagion, for example, occurs when vaults have indirect exposure to other vaults or DeFi protocols, as seen in the case of Stream xUSD, and is also a market risk.
Vault Technical Risk Framework beta
This is a beta version of the framework, and we are collecting community feedback about it.
This is the first version of our vault technical risk framework. The goals are to make the risk scoring:
- Simple
- Objective
All DeFi users should understand what the score reflects and how it is derived.
We factor in five different aspects of a DeFi protocol, with a primary focus on vaults. All factors are equally weighted. Based on this, we assign a numbered score to the vault, and then this score is translated into an English label.
Risk categories are: Negligible, Minimal, Low, High, Severe, Dangerous, Blacklisted and Unknown.
Unknown means that the protocol is not yet labelled. Contact us on our Discord to get your protocol properly labelled. You can find the labelling source code here.
Blacklisted score means that the vault smart contract deployment has abnormalities, i.e. we believe the vault smart contract itself does not work. For example, we cannot properly read its Total Value Locked (TVL).
We label some factors as more critical than others ("core" vs. "extra"), but this distinction is not currently reflected in the score. This is an informal note to users on what to look for when dealing with DeFi protocols. For example, if the protocol does not verify all its smart contracts on a blockchain explorer, a third party can't assess any risk associated with the protocol, making it potentially "dangerous".
DeFi Vault dashboard
The technical risk column is now available on our DeFi vault dashboard ("Top Vaults").
How can new protocols be added?
We manually curate the protocol list. Each protocol is assessed from its
- Deployed smart contracts are verified and available on public repositories like Sourcify
- Software development transparency on GitHub or a similar software development community platform
- Public documentation
- Third-party audits
If there is no transparency, i.e. there is no publicly available development activity on GitHub, the protocol gets a zero score for this factor.
Do you need an API?
If you are a software developer, we are providing a public JSON endpoint for you to use this information in your application.