The crypto winter is upon us again. The prices of the primary DeFi building blocks, Bitcoin and Ethereum, have dropped by 70% and 78% respectively since their highs in November of 2021.
Moreover, we’ve witnessed the spectacular implosion of Luna - a ‘stable’ coin that was pegged to the US Dollar via financial and algorithmic trickery. While much of the rise in 2020 and subsequent fall in crypto prices track with the massive cash injections into the world economy, crypto has shown little resilience in the face of the downward pressure.
Investors in crypto/DeFi startups are realizing that crypto still has three fundamental problems that make it unattractive. Until these problems are solved, the crypto winter will continue.
The first core problem in DeFi is that of the security and the correctness of the contract code. The leaderboard on Rekt News shows that hackers have drained over 2.5B worth of assets in DeFi smart contracts. In the early days of these contracts, Solidity, the language of Ethereum, had many behaviors that led to many foot gun moments.
Common production bugs included overrunning fixed integer lengths; arithmetic precision errors; and falling for insane defaults around function visibility and unexpected payments. The first famous hack occurred when a hacker exploited simple, but unexpected mechanics around payments on a decentralized investment fund called the DAO. The Dao suffered a reentrancy bug. These are subtle and easy to miss.
More details here on those subtleties.
That led to Ethereum’s developers having to make a hard fork to prevent massive cash out and probably the failure of the Ethereum network.
Early attacks on Ethereum smart contracts were often carried out due to their developers failing to be aware of and reason around the dangers of the Solidity language. To their credit, Ethereum reduced the number of dangerous behaviors as well as introduced a safer language, Vyper, for smart contracts.
While these changes have significantly reduced the attack surface of Ethereum; developers continue to build more and more complex DeFi solutions. Increasing contract complexity increases the attack surface of those contracts and that larger attack surface makes hackers‘ jobs easier. As an example, the Poly Network lost $611M USD of crypto due to a permission and ownership mistake on their cross-chain logic.
How can the security of these DeFi solutions be increased? There are two areas that seem promising. First, more sane defaults and better programming building blocks will reduce the number of logic errors. Solutions based on Ethereum’s Vyper instead of Solidity have already shown more sane defaults and sane logic enables developers to write better code.
Similarly, contracts written with the OpenZeppelin’s Contracts library have had more primitives that are resistant to data type overflows. These building blocks are similar to how in traditional computing, programmers are much less likely to create a buffer overflow in Rust than they are in C since Rust contains many more checks and protections to avoid the situation in the first place.
Second, fundamental research into code correctness for blockchain/distributed contract code will help significantly. Many traditional developers are familiar with Test Driven Development (TDD), where unit tests are written prior to writing code, and static typing in which variables in function calls have their data types explicitly called out. There are additional formal methods that could help in DeFi contract development.
Perhaps the most promising is Design by Contract. One of the major pioneers of Design by Contract is the Eiffel Language Design by Contract takes static typing further and ensures that additional assertions on functional calls are obeyed.
Certora, Microsoft, and others are already brought contract methods to Ethereum’s EVM. While formal methods are often cumbersome to program with, the added overhead is certainly worth the additional security.
There is still much more work to be done in managing cross-chain contracts and contracts not built on Ethereum via contracts. So further developments in the development language and formal methods will help reduce the number of security breaches of smart contracts.
Bitcoin brought together a novel algorithm - the blockchain - and a distributed consensus algorithm - proof of work (PoW) - to kick off the crypto revolution. Proof of work establishes consensus by requiring miners to solve complex, one-way mathematics problems when committing a block of transactions.
Bitcoin uses a cryptographic PoW algorithm called Hashcash. PoW has strong theoretical and practical results to prevent double-spending and other nefarious transactions. The problem is solving complex math problems leads to lots of power-hungry computations. As a result, the energy consumption for mining Bitcoin alone uses more power than a small country.
In a world becoming more aware of the downsides of energy usage such as environmental destruction and global warming; many people point to crypto currencies’ massive power bills with justifiable horror.
Alternatives to proof of work have been tried with proof of stake (PoS) being the most popular alternative. Proof of stake drives consensus by looking at the amount of capital at risk as opposed to solving a power-hungry math problem. Proof of stake has previously been considered less secure and more challenging to prove the correctness of its implementation.
Many investors have pointed to crypto based on PoS as so-called shit coins. That viewpoint is starting to change. Ethereum is planning a massive switch from proof of stake to proof of work. This process has required theoretical work on the underpinnings of PoS as well as significant testing to ensure rigor.
The switchover - called The Merge - is scheduled for the 2nd half of 2022. If The Merge is successful, PoS will become the norm for consensus algorithms for any new significant cryptocurrencies; and there will be a solid direction in solving crypto’s power issues. If the Merge is not successful, besides Ethereum’s existence being threatened, then more fundamental research will need to be done in a consensus protocol to replace PoW.
The third fundamental issue with crypto and DeFi is the correctness of their economic guarantees. In the traditional economy, firms operate with a regulatory environment built for some degree of safety and stability. Most DeFi investment vehicles do not abide by that environment.
Consider the recent downfall of the Terra blockchain and its currency TerraUSD (UST). TerraUSD was a ‘stable coin’ where its exchange rate was pegged at 1:1 to the US Dollar. UST maintained its peg without using reserves and instead used arbitrage with the second coin, Luna, and a yield scheme, Anchor, which paid 20% on any Luna coins.
When Terra did a one-time withdrawal of UST and another unknown entity also sold large holdings of UST, both UST and Luna fell into a death spiral and became practically worthless. The Securities and Exchange Commission (SEC) would not tolerate such a flimsy investment vehicle.
There are two responses to this challenge. The first is for crypto and DeFi firms to submit themselves to traditional regulations faced by those in TradFi. One of the major differentiators and draws of CoinBase is its compliance with the US regulatory system and its easier-to-use platform. That has enabled more traditional-minded investors to invest in crypto assets.
Similarly, the largest stablecoin Tether (USDT) has in the past used traditional audits by large accounting firms to verify its reserve holdings to counteract persistent rumors about USDT’s lack of reserves. The trouble with this approach is that many cryptos and DeFi investors are trying to avoid regulators and regulations - not get in bed with them. So many crypto investors do not like this approach.
The second response seen is similar to that taken by Terra - making complex contracts and fiscal machinations that will supposedly guarantee their economic promises. Sophisticated TradFi investment tools top out at Options for retail investors; while only the most sophisticated investors can touch more complex TradFi vehicles.
Those SEC rules protect retail investors from investing in vehicles that they are not able to accurately model the investment outcomes and risks of. In DeFi, there is no regulation preventing the unwary investor from touching complex contracts.
That means the average investor must now model the investment outcomes of complex contracts themselves. Not surprisingly, many people lost their life savings when Terra failed due to an unproven investment profile.
Solving this problem will not be easy. Designers of novel DeFi instruments need to consider not only the sunny side of their vehicles but also how those vehicles will perform in a down environment or in a very volatile environment.
Furthermore, investors and creators of DeFi contracts need to be able to clearly value their instruments. In TradFi, the Black-Scholes model using risk-neutral pricing started a revolution in pricing derivatives such as Options and Futures.
Investors became much more confident in valuing derivatives which led to them becoming mainstream financial tools. The challenge with DeFi contract code is there are many styles of contracts and almost all of them lack a proper valuation model.
Unfortunately, there isn’t a silver bullet to modeling these contracts at the moment. If the author were to speculate, a combination of quantitative tools from TradFi - such as risk-free arguments, Monte Carlo methods, and portfolio theory - as well as game theory and computing may have enough tools to accurately value some contracts popular in DeFi circles.
Having these investments properly modeled and valued will enable investors to understand the possible returns and risks of DeFi investments.
The Crypto Winter has started and the era of easy money in crypto is over. For crypto and DeFi to continue to be viable investment options beyond just a poor currency for drug smugglers, fundamental advances in contract correctness, power usage, and economic valuation have to occur. Otherwise, DeFi will continue to be the space of inefficient contracts that blow up and lose all value every six months.
Also published here.