Risks as Liquidity Providers

Providing liquidity on protocols doesn’t come without risks. First we will discuss the types of risk and then we will discuss the level of risk.

Some notes: This was made for an erc-20 token with basic functions, there are additional risks for NFTs and complex erc-20 tokens. The assumption is made that there is no rush or reason to need to remove liquidity quickly.

Risk Definitions

I will be using the chart below as metrics for risk:

Type of Risks

1. Technical Risk

Technical risks are very much present using decentralized exchanges and lending platforms. It is important to note which protocols have been audited and by whom. There is an Audit Section below that covers this in more detail. Most consider these protocols to be “battle tested copies of each other” and most issues do not concern the liquidity provider or the partner on a lending platform. *Note: the risks for users are not listed here

Current Technical Risks that Apply to Lenders

Part 1: Decentralized Exchanges and Lending Platforms
Providing liquidity on these protocols pose three risks which are all considered ‘rare’ in likelihood:

1. Protocol Shutdown: If the platform is fully decentralized, there is only minimal risk as there are ways (complicated but possible) to remove liquidity from the pools manually without the website.
   Consequence: Team time in recovering tokens
   Risk: Low: Paying a recovery team may be necessary to recover.
2. Hacks: in a way that released liquidity pools to the wrong recipients. This is a rare case and no major protocol has had this type of failure to date. This would be the largest risk, both token and monetary.
   Consequence: Total loss of funds and tokens.
   Risk: Low.
3. Exit Scam: Some users call this a ‘Rug Pull’ but essentially a DeFi Protocol will shut down, their website closes and they shut their doors. Usually in an exit scam the protocol will have some way of emptying users funds. Audits have also proved ineffective in catching these ahead of time.
   Consequence: Total Loss of Liquidity
   Risk: Low if dealing with top 3 DEX, High if the protocol is new.
4. The final risk is with complex erc-20 tokens and erc-777 tokens that allow for hook functions [not a focus of this article].
   Consequence: Total loss of funds and tokens.
   Risk: None. Normal tokens do not function in this way… token types like NFTs, this could come into play.

B. Lending Platforms have an additional risk:
The additional risk is liquidity risk. When the total amount borrowed approaches the total liquidity there becomes a lack of liquidity. This situation can be problematic if depositors wish to withdraw their liquidity, but no funds are available. This means if you are the only source of liquidity for loans you will struggle to withdraw all funds if there are borrowers. The platform adjusts the loan cost to push people to repay and thus add liquidity.

Important: The main source of this issue comes when the rewards generated from holding a token outweigh the loan cost. Injection of alternate liquidity from aggregators (1list, balancer) can help in this situation but should not be relied upon.

Internal Risk Wrap-Up:

1. Decentralized Exchanges: Nexus Mutual considers all the risks given above and classes Uniswap as ‘Medium’ in terms of Technical Risk. Using the model above to apply to more protocols than Uniswap: I would put the Likelihood as ‘Unlikely to Rare’ and the Consequence as ‘Major to Severe’ as a Medium Risk if the protocol has proper audits and High Risk if the audits are unknown or non-existent.
2. Lending Platforms: Normal ERC-20 tokens would not have any additional technical risks on Lending Platforms over decentralized exchanges but any token can run into ‘max borrowing’ issues if their return is higher than the cost of loans.

2. External Risk

Decentralized Exchanges like Uniswap are special because their smart contracts have no oracles, no administrative rights and no governance. They are entirely self contained, being one of the few instances of a widely used smart contract having this feature.

Current Technical Risks that Apply to LPs

Decentralized Exchanges

1. The first risk is the management of the DAO. There are some decentralized exchanges that utilize a DAO with additional privileges. Here is Curve Finance:

Curve is fully decentralized with the launch of Curve DAO. There’s an Emergency DAO which is able to pause the pools during the first 2 months in existence and Curve DAO can unpause them at any time.

Curve Emergency DAO has 9 members and 59.999% support and 51% quorum Curve Emergency DAO can act when there’s a danger of loss of funds and call the kill_me function of Curve Pool contracts which disables all functionality except for withdrawals. Curve pools can be reenabled back by either Emergency DAO or Curve DAO The Emergency DAO is controlled by Curve DAO which can add or remove Emergency members

Curve finance in this case could provide better risk protection with their DAO. Other protocols might have a DAO with the ability to stop withdrawals which would pose a higher Consequence Risk. The big note is to make sure you take a look at who is running the DAO and how they are managing it. The more control the DAO has the bigger concern it is to understand the committee.

2. The second risk is permanent loss of peg. If one of the stablecoins in the pool goes significantly down below the peg of 1.0 and never returns to the peg, it’ll effectively mean that pool liquidity providers hold almost all their liquidity in that currency.

B. Lending Platforms have additional external risks:

Two main types of attacks:

1. Oracle manipulation attacks: These attacks require a lot of upfront capital. This attack takes a loan of eth, uses it to buy stablecoins above price (thus raising price), takes a second loan out of with the same collateral (but receives more eth because the stablecoin appears to be worth more) and pays back the loans. The 2nd loan gets shorted when the stable coin price fixes itself.
2. Flash Loans: This is where loans are taken out and paid back in the same transaction. DeFi requires batching of transactions. The first transaction in the batch is to take the loan, the middle transactions are manipulation and the last transaction is to pay back the loan. Loopholes make it so these flash loans can be for 10M+ which is then used for oracle manipulation attacks before being paid off in the same batch.

External Risk Wrap-Up:

1. Decentralized Exchanges: Decentralized Exchanges with DAOs are usually set up to protect liquidity providers and have a rare likelihood and low consequence if reviewed appropriately ahead of time. Permanent loss of peg has rare likelihood but a major to severe consequence as a stablecoin drops in price everyone will sell it for the token pegged to it thus making the liquidity pool 100% now worthless stablecoin. Due to the rare nature of the peg loss the overall external risk for DEX is Low.
2. Lending Platforms: Flash loans are a very real thing. When a hacker only pays back half of the loan amount due to an oracle error there is a loss of funds. Two ways this can play out:

If: The Lending Platform has Insurance: The likelihood of attack is Probable and the consequence is Not Significant making the risk factor Low.

If: The Lending Platform has no Insurance: The likelihood of attack is Probable and the consequence is Minor to Medium making the risk factor Medium to High (medium if strong oracles, high if weak oracles).

3. Economic Incentive Failure Risk

Decentralized exchanges and lending platforms incentivize with trading fees and interest rates. This is to encourage liquidity providers to place their funds in the liquidity pools so that traders can make use of the protocol. If this fee turns out to be too high or too low then it might change the level of funds in each pool and consequently the returns for liquidity providers, but it has no bearing on a liquidity provider’s capital. Therefore I can argue there is actually no economic incentive failure risk in this case.

4. Impermanent Loss

Impermanent loss is a term that was coined by one of the DeFi platforms, Bancor. This term is used to describe your loss in total value when a coin is changing value quickly and the asset pool becomes dominant in the coin not gaining value. It is called impermanent loss because it is not permanent.

If the token never recovers in price or never stabilizes there can be a long term impermanent loss. When the price stabilizes again the pool will even out and so will the value of the pool. If the token you are providing liquidity for has decent volume elsewhere, the likelihood of this loss is None to Minor (in the case that liquidity must be removed quickly). The likelihood of this form of loss is Rare to Unlikely and the consequence is Not Significant to Minor, making the risk factor Low.

Mitigating Risk

Insurance

Protocols with insurance are more valuable and carry much less risk than those without. Checking the status of the insurance on each protocol is extremely important for both risk and user attraction. Insurance can be used to cover yourself or a contract. The prices are variable and some DeFi Protocols come with insurance built into the asset pool. This is very much a growing space.

Audits

With all the hacks in crypto and the use of locked tokens (in huge amounts) it is critical for DeFi protocols to undergo audits. Some of these protocols have been audited and then subsequently hacked. Of course audits to not guarantee anything but bring protocol attractiveness to both the end user and the liquidity provider. Check to see if the protocol you are interested in has been audited and if the company has had a failed audit.

Professional Opinion

Nexus Capital gives Uniswap a final result using the same risk chart in the beginning of this document: