On the brink of a second financial system: modelling and mitigating risk in decentralised finance
File(s)
Author(s)
Gudgeon, Lewis
Type
Thesis or dissertation
Abstract
This thesis focuses on risk and fragility within Decentralised Finance (DeFi). This thesis
presents new evidence on the interconnected and fragile nature of DeFi protocols and develops
an approach to mitigate risk in DeFi that relies upon redundancy. Within this context, our
contributions are threefold.
Firstly, we focus on a subset of DeFi protocols: Protocols for Loanable Funds (PLFs). PLFs
use smart contract code to facilitate the intermediation of loanable funds and, in doing so, allow
agents to borrow and save programmatically. Within these protocols, interest rate mechanisms
seek to equilibrate the supply and demand for funds. After reviewing methodologies used
to set interest rates in PLFs and examining how these interest rate rules have changed in
response to changes in liquidity, our main contribution is to model the market efficiency and
inter-connectedness between protocols.
Second, we make two contributions by focusing on one particular DeFi protocol, MakerDAO’s
DAI. The first is to examine how governance system design weaknesses could enable an attacker
to take complete control of the protocol. We present a novel strategy utilising flash loans that
enables the execution of a governance attack in just two transactions without locking any assets.
Second, we develop a stress-testing framework for a stylised DeFi lending protocol, focusing on
the impact of a drying-up of liquidity on protocol solvency.
Our third contribution is to develop an approach to minimising the frequency and severity of
exploits in DeFi attacks. The idea is to implement a program logic more than once, ideally
using different programming languages. Then, for each implementation, the results should
match before allowing the state of the blockchain to change. We provide a novel algorithm for
implementing dissimilar redundancy for smart contracts.
Taking these contributions together, this thesis presents new methods for modelling and mea-
suring financial risk in DeFi, and — focussing on smart contract risk alone — develops an
approach to mitigating it.
presents new evidence on the interconnected and fragile nature of DeFi protocols and develops
an approach to mitigate risk in DeFi that relies upon redundancy. Within this context, our
contributions are threefold.
Firstly, we focus on a subset of DeFi protocols: Protocols for Loanable Funds (PLFs). PLFs
use smart contract code to facilitate the intermediation of loanable funds and, in doing so, allow
agents to borrow and save programmatically. Within these protocols, interest rate mechanisms
seek to equilibrate the supply and demand for funds. After reviewing methodologies used
to set interest rates in PLFs and examining how these interest rate rules have changed in
response to changes in liquidity, our main contribution is to model the market efficiency and
inter-connectedness between protocols.
Second, we make two contributions by focusing on one particular DeFi protocol, MakerDAO’s
DAI. The first is to examine how governance system design weaknesses could enable an attacker
to take complete control of the protocol. We present a novel strategy utilising flash loans that
enables the execution of a governance attack in just two transactions without locking any assets.
Second, we develop a stress-testing framework for a stylised DeFi lending protocol, focusing on
the impact of a drying-up of liquidity on protocol solvency.
Our third contribution is to develop an approach to minimising the frequency and severity of
exploits in DeFi attacks. The idea is to implement a program logic more than once, ideally
using different programming languages. Then, for each implementation, the results should
match before allowing the state of the blockchain to change. We provide a novel algorithm for
implementing dissimilar redundancy for smart contracts.
Taking these contributions together, this thesis presents new methods for modelling and mea-
suring financial risk in DeFi, and — focussing on smart contract risk alone — develops an
approach to mitigating it.
Version
Open Access
Date Issued
2023-04
Date Awarded
2023-08
Copyright Statement
Creative Commons Attribution NonCommercial Licence
Advisor
Knottenbelt, William
Sponsor
Engineering and Physical Sciences Research Council
Grant Number
EP/R513052/1
Publisher Department
Computing
Publisher Institution
Imperial College London
Qualification Level
Doctoral
Qualification Name
Doctor of Philosophy (PhD)