Decentralized Finance Risks are an impediment for the growth of the protocol. Decentralized finance (DeFi) investment, savings, and borrowing protocols have become ultra-popular in a rock-bottom interest environment. Their popularity, however, is a double-edged sword. Since 2012, the blockchain arena has had close to 600 hacking incidents.

DeFi users lost over $10.5 billion in 2021’s record-breaking 169 platform hacking events. The most significant event occurred on August 10, when a hacker drained over $611 million worth of crypto assets from the Poly Network’s smart contract calls.

The second-largest DeFi exploits took place on March 23, 2022, on the Axie Infinity network. Its Ronin sidechain lost $552 million worth of crypto assets via a “hacked private key” exploit. These heists have given the blockchain space bad press, with skeptics warning that blockchain technology is not secure.

Blockchain networks such as Ethereum and Bitcoin remain secure and have not fallen prey to hackers. But blockchain native tools such as smart contracts and liquidity pools are Turing complete.

Like any other programmable code, they have an attack surface that savvy hackers can exploit. Smart contracts, however, are not the only source of risk in DeFi. Other risks may arise from token volatility and project risks. Below are some of the most common DeFi investment risks.

Decentralized Finance Risks

Software and smart contract risks

In January 2022, Wormhole, a Solana bridge, lost $320 million worth of Wrapped Ethereum (wETH) to hackers. This hacker found a vulnerability around Wormhole’s wETH minting smart contracts and created millions worth of wETH without locking up ETH via Wormhole.

While the Jump Trading Group, a prominent Wormhole and Solana backer, replenished the lost ETH to Wormhole’s coffers, the event hurt the Solana network’s SOL token price. Its token values tanked by 13.5%.

Due to this attack, Solana-based lending protocols such as Solend did not have sufficient ETH liquidity to back circulating wETH on ETH collateralized loans. Vitalik Buterin, the Ethereum co-founder, is skeptical of cross-chain bridges and has voiced concerns about their security flaws.

A blockchain network is secure because it offers full settlement on all transactions. For this reason, blockchain transactions are safe from 51% attacks. Bridges between two blockchain networks, on the other hand, do not offer a simultaneous final settlement of transactions between different blockchain networks.

Hackers could initiate trades and reverse them after the confirmation of one blockchain. Vitalik warns that interdependencies between these bridges create a “systemic contagion” that could bring down the DeFi ecosystem due to the interdependencies between dApps and blockchain networks.

Smart contract security vulnerabilities could lead to asset theft from a DeFi protocol. In addition, developer errors in smart contract coding could cause intrinsic protocol risks. For example, the Compound protocol’s faulty smart contract code led to the disbursement of liquidity mining rewards worth over $66 million in October 2021.

Counterparty risks

Counterparty risk occurs when a party participating in a contract defaults on its obligations. Bitcoin eliminates counterparty risks from the digital currency payment system by dropping intermediaries from the transaction equation. Decentralized finance is, however, reliant on third parties such as oracles.

Consequently, DeFi oracles are a source of counterparty risks. Oracles are codes that provide the DeFi platform with secure access to external world data, such as the price of crypto assets. Inaccurate oracle data or manipulative oracle operators can manipulate an asset’s on-chain price

Therefore, price oracle manipulation is a huge concern for the nascent space since oracles support most DeFi functions.

Flash loan attacks

Flash loans are unsecured loans. Their code relies on smart contracts eliminating counterparty risks. However, flash loans require that borrowers repay the lent amount in the preset timing. If the borrower cannot pay back the loan on time, a lender can roll back the transaction.

However, malicious actors could use flash loans for market manipulation exploiting lending protocols for their interest using black-hat techniques. For example, a flash loan attack occurred on Cream Finance in early 2021. The attacker drained Cream’s coffers by borrowing DAI from MakerDAO and then stole $130 million worth of crypto assets using a flash loan attack.

Volatility risks

The automated market maker exchange’s liquidity pool is a key feature of many DeFi protocols. Liquidity pools open doors to liquidity mining, yield farming, staking, and lending opportunities. You could lose your crypto assets in AMM pools whose asset pair prices diverge dramatically at short intervals. For this reason, most liquidity pools use stablecoin assets in their token pairing.

Also, sudden asset price crashes may significantly remove liquidity from a pool, causing massive slippage levels and impermanent loss. DeFi lenders lock their assets in liquidity pools. These pools must maintain a specific ratio of two digital assets in the pool.

For instance, a liquidity pool could have ETH and LINK tokens, and a token balancing ratio is 1:50. Therefore, if you want to add liquidity to the pool, you must deposit ETH and LINK into the pool in this ratio.

When the price of one token increases while the other remains stable, the DEX’s protocols will alter the value of the tokens in the liquidity pool, hence impermanent loss. The tokens in the pool will be of less worth than those on the open market. Liquidity providers can offset the impermanent loss through liquidity provider rewards.

Project risks

Most decentralized finance protocols are not fully decentralized. Their control is in the hands of their project teams or a centralized group of staking nodes. These teams could manipulate protocols such as a project’s liquidity composition or collateralization ratios.

A decentralized platform should embrace protocols such as token governance voting, DAOs, delegated voting, and protocol grant programs. A major risk that centralized DeFi projects pose is a rug-pull scheme.

The project team will, for instance, design a new token and pair it with notable cryptocurrencies such as ETH in their liquidity pools. The creators will then promote the new token and encourage people to deposit it in the pool.

They will sell and then empty the ETH pool, leaving investors with worthless tokens. For instance, the Squid Game token values rose by 45,000% on their release on October 29, 2021, following the success of the Netflix show by the same title.

However, its buyers found out too late that they were part of a rug pull event when they could not sell  SQUID due to an  “anti-dump” feature set on its code, which facilitated the rug pull.

Decentralized Finance Risks

An in-depth review of a project’s team credentials, history and experience, white paper, code audit, social media, support channels, responsiveness metrics, and general investor sentiment can help pinpoint most DeFi platform risks. A project’s roadmap, adherence to release timelines, and partnerships will also give clues about project longevity and authenticity.