De-Risking DeFi: Analyzing Systemic Risk in Decentralized Systems

There is no one-size-fits-all approach to avoiding financial catastrophes. 

Systemic risk can only be partially handled in an unpredictable society. Economic conditions, technology, and human behavior all vary over time, therefore methods to combat systemic risk must remain alterable as well. This development does not necessarily lead to a more effective and stable state, as it is continually influenced by innovation, regulatory action, changing mental models and behavior among people who participate in financial markets. This is true in both traditional and decentralized finance. 

We define systemic risk to be: risk in a network of interconnected agents, where distress caused to one or more agents is transmissible to several other agents in the network, generating widespread crisis. Systemic risk is traditionally associated with institutional failure, where defaults can lead to a catalytic increase in the cost of capital. Bank runs are one example. This forces banks into bankruptcy. Since banks often lend to one another, defaults can cause a domino effect.

There are 3 generally agreed upon notions of systemic risk and their causes;

  • Informational contagion – depositors expectations on the possibility of crisis lead to bank runs. 
  • Direct contagion – transmitted via financial links like debt/credit relationships generated on interbank levels and systems, or by other exposure like inter-firm credit chains. 
  • Common exposure – drops in value of assets, risk is with agents who hold the same, or correlated assets.

Contagion Graph Theory

Let’s analyze the effect of default contagion from a graph theory perspective. A network will become more robust, in terms of ability to withstand contagion, if extra links help distribute the flows of losses among the nodes in the network proportionate to their absorbing capacity. The favorable effect of connectedness is only guaranteed for minor idiosyncratic shocks under the very strict requirements that:

 1) loss flows unfold over network N, along directed trees, and

2) all nodes have the same absorption capacity and outdegree. 

In the graph above, Idiosyncratic shocks hit the starting node of the dotted line. The addition of the link directs some damage to a portion of the network previously untouched. Therefore, the burden of losses is taken on by a larger number of nodes, reducing the impact of the flow on each single node. However, if the impact is too large, then the increased connectivity causes cascading failures. 

In closed paths and cycles, the network generates uneven allocation of losses.

closed path

The dotted line connecting B to E creates a closed path, leaving E bearing losses, while diminishing the flow that could’ve gone to C and D. If C, D, and E had the same absorptive capacity, the action of the dotted line makes the system better equipped to handle contagion. 

The same reason applies to cycles. In the below graph, the dotted line creates a cycle of A => B => D => A and losses are reduced to E. 


So, networks with low degrees of connectivity are more likely to be tree networks, while networks with high degree of connectivity are more likely to be cycles and closed paths. Higher degrees of connectivity leads to higher diversification of lending and borrowing behaviors. Adding links to networks with a high degree of connectivity increases the number of cycles and closed paths, and therefore reduces the benefit of decentralized diversity. So, when connectivity of a network is at a peak, the benefits of diversification are also maximized.

So based on this we can propose a theory: 

Increased connectivity takes place in a network with a low ratio of the number of directed links to the number of nodes. The network structure that is most resilient to contagion is the one with the highest possible connectivity.

Shows the effect that higher order networks have on maximum shock experienced by a bank, source

To show the relationship between higher ordered networks and min/max shock experienced, we used a traditional bank network to simulate a market shock and contagion event, inspired by Stuart Gordon Reid. We created a model of an interbanking network, with approximately 50 banks. We then  uniformly generated a random number between 50 and 2500 to represent the number of connections in the network (nodes are selected at random). When the number of connections equal to 50, each bank is connected to only one other bank. When the number of connections equal to 2500, all banks are interconnected, in theory. 

After the network is created, shock to the system is simulated and contagion spread is observed. The effect of the shock decreases proportionately to the number of neighbors connected to each bank, as the shock travels through the network. 

These graphs help visualize the trends and have been smoothed. From this rudimentary experiment, we can see that increased network sizes have a positive correlation with the overall increase in the stability of the network, but after a certain point, the stability deteriorates. This is rather intuitive, as a fully connected network is most privy to systemic risk contagion. This is some regard, can be translated to crypto networks as well, with each validator node representing each bank node, though this model is quite trivial. 

Shows the effect that higher order networks have on minimum shock experienced by a bank, source

Systemic Risk in Blockchain Environments 

So far, we’ve only discussed systemic risk for a network of generalized nodes, which could be attributed to various networks, macro and micro alike. But, systemic risk only increases as the system gets more complex. Blockchain technology has already radically revamped the market structure for derivatives. Comparatively, central counterparties create risk by creating large entities subject to failure. Blockchains decentralizing clearing functions could reduce the risks posed by excessive centralization. The ideal blockchain based system decentralizes clearing functions and distributes those tasks amongst the members of the network without unequal strain. 

Let’s consider a decentralized clearing system that mitigates systemic risk via default contagion. The main challenge of in-practice clearing functions is the combination of determining the funds available and resolving disagreements over seniority of payment. In a blockchain clearing mechanism, these two issues are resolved automatically, rather than through an intermediary, which reduces friction. Therefore, blockchain systems both increase the recovery rate on defaulted assets and increase bank accountability for risky transactions. 

Alas, we find ourselves repeating the old adage: all that glitters isn’t gold. Blockchain systems have only an illusion of decentralization, as a result of the inescapable need for centralized forms of governance and the tendency for consensus mechanisms to have concreted power. DeFi in particular demonstrates many vulnerabilities as a result of high leverage and liquidity mismatching. In some applications, the built-in interconnectedness results in a high potential for cascading failures, should there be a shock. 

The key difference between DeFi and CeFi within crypto, is whether financial services are automated via smart contracts or handled by centralized intermediaries and the handling of stablecoin design.

Systemic Risk Mitigation

Oracle systems, the mouthpiece of smart contracts, are often cited as a critical point of failure. A case study to best examine this claim can be found in the popular decentralized oracle service Chainlink. If you’re unfamiliar with Chainlink, check out this primer

Chainlink applies our theory on risk-efficient decentralized systems effectively via their three-pronged approach of:

  1. Distributed data sources
  2. Distributed oracles
  3. Use of trusted hardware.

We will now look more closely at how distributed oracles help make this a contagion risk-tolerant system.  

Chainlink built a modular, rather than monolithic, system to ensure risk is not concentrated amongst one oracle. This creates a collection of n different oracle nodes {O1, O2, …, On}, with each oracle contacting its own distinct data set source. 

One of the best ways Chainlink prevents cascading failures is by preventing oracles from copying each other. Imagine an oracle Oz observes the response of another oracle Oi and copies it. This can lead to weakened security through reduced diversity of data sources, resulting in the entire system producing faulty responses. Chainlink avoids this through a commit/reveal algorithm. The Algorithm below shows a protocol that guarantees availability, given 3f + 1 nodes. Oracle responses are recommitted, and exposed to a potential copying, only after all commitments have been made. This excludes a cheating oracle from copying another oracle’s responses. 

Given a total of 3f + 1 nodes, at most f will be defective, implying that at least 2f + 1 will send commitments in Step 4. At most, f of those promises originate from problematic nodes, so at least f + 1 come from trustworthy nodes. Since at least one of the f + 1 commitments on the single value A must originate from an honest node, it is clear that A, or the aggregate response, will be accurate as a result of the algorithm.

The difficulty of reaching consensus on a value A, while recognizing the potential for faulty nodes, is analogous to the Byzantine General’s problem.

A Lack of Consensus is a Systemic Risk

The Byzantine fault tolerance (BFT) consensus protocol is a solution to the Byzantine

general’s problem, proposed by Lamport, Shostak and Pease in 1982. The problem states that there is an army spread around the city, consisting of one general and n-1 lieutenants. The army is preparing to assault a common foe, but it has yet to decide when it will strike. The attack will only succeed if the entire army charges at the same time. By sending signals back and forth, the general and his lieutenants must achieve an agreement on the optimum timing to strike. Some lieutenants, however, are traitors, which means they can lie about their decision. 

The Byzantine general’s problem is similar to the blockchain problem in that a network (the general and his lieutenants) must agree on a broadcasted transaction (the time to assault), even if some nodes are unreliable (traitorous lieutenants). Byzantine fault tolerance is a property of a system that allows a given number of failures from the Byzantine general’s issue to be tolerated, decreasing the risk of communication fault. 

Traditional financial systems are not BFT systems. TradFi still falls prey to dishonest or faulty information entering, and, as a result, calamity ensues. This issue is so prevalent that a single crack in the wall could end up escalating to the destruction of the whole house, so to speak. 

Securing the Future

Improving the underlying infrastructure of DeFi will require extensive effort from both the public regulators and private sector participants. In the past, regulation has tended to combine the two, with periods of more comprehensive government regulation stemming from systemic crises, or the private sector’s failure to enforce self-imposed standards.

 In general, the more effective self-regulation is at limiting crises and safeguarding customers, the more difficult it is for state regulation to get political support. The overall DeFi regulatory framework will therefore be substantially influenced through the type and efficacy of the private sector’s self-regulatory initiatives. Risk insurers, DeFi service providers, and end users all stand to gain from improved levels of systemic safety, which creates a lot of incentive alignment. Insurance providers already contribute in directing smart contract security best-practice however, there is certainly room for a more deliberate attempt to map out systemic risk, develop insurance products to widely protect against that risk, and develop standards and techniques to reduce the likelihood of catastrophic events and their collateral damage.

In closing, higher degrees of digitalization, transparency, automation, and Byzantine Fault Tolerance are the primary technological benefits of DeFi for systemic risk mitigation, compared to traditional finance. Decentralizing clearing functions and distributing those chores among network members in a proportionate manner (i.e.: directed links ≤ nodes) is the ideal risk-mitigated blockchain-based solution. The more open source code and publicly verifiable ledgers are used in DeFi, the easier it will be to build up automated risk simulation, stress testing, monitoring, early warning signals, circuit breakers, insurance coverage, claims processing, reporting, and other integrated forms of risk management. These mechanisms should, in theory, reduce the likelihood and collateral damage without jeopardizing end user privacy or impeding DeFi’s growth potential. 

This report is not investment or trading advice. Please conduct your own research before making any investment decisions. Past performance of an asset is not indicative of future results. The Author may be holding the cryptocurrencies or using the strategies mentioned in this report.

Stay up to date with our research

Sign up to receive an email when we release a new post