Curve Crisis Shows Pitfalls of Decentralized Risk Management

When decentralized finance, or DeFi, took off in 2020, it was pitched as an antidote to the failings of legacy finance.

Decentralized lending was supposed to be DeFi’s killer app – a way for people to borrow and lend digital assets instantaneously on blockchains, without banks or credit scores. As centralized crypto lenders like FTX crumbled last year as a result of bad actors and financial mismanagement, DeFi lending “blue chips” like the Aave protocol – the largest decentralized lender – kept on ticking, bolstering DeFi’s pitch as an improvement to traditional finance.

Crypto markets are slumping, but Aave continues to boast $4.6 billion worth of user deposits, according to DefiLlama – money pooled by people around the world to help facilitate bankless borrowing on Ethereum and other blockchains.

But a few weeks ago, a $70 million hack on Curve, one of the largest decentralized crypto exchanges, revealed cracks in the DeFi promise. The hack set off a Rube Goldberg-esque series of events that pushed DeFi lending to its limits – threatening to send the price of a key DeFi asset into a downward “death spiral,” and raising critical questions about whether community-driven financial platforms are equipped to manage risk.

DeFi is powered by smart contracts – blockchain-based computer programs that allow people to directly transact with one another. The reliance on code is supposed to make things quick, cheap, and broadly accessible, allowing people to lend, borrow and swap tokens without banks.

The money loaned out by DeFi lending platforms like Aave, Frax and Abracadabra is pooled from a “decentralized” community of individual depositors, each of whom earns a cut of the interest paid by borrowers. The risk of big positions is also spread between these people; if a borrower can’t pay off their debt, these lenders are the ones left holding the bag.

DeFi lenders have fewer tools than banks do to judge creditworthiness, so they tend to have strict over-collateralization requirements – meaning borrowers must put up more value in collateral than they take out as loans.

Recent events have shown the limits of high collateral for staving off risk.

Over several months in 2023, Curve exchange founder Michael Egorov borrowed around $100 million across several different decentralized lending platforms. As collateral, he put up over $200 million worth of CRV, Curve’s native token.

DeFi lenders are programmed to automatically liquidate a borrower’s collateral if it falls to a certain price – meaning they sell it off to the open market. Egorov’s lenders thought they had enough CRV collateral to cover themselves in the event of a potential default.

However, when a hack siphoned $70 million from Curve last month – dragging the price of CRV down 20%, closer to prices where Egorov’s collateral would have been auto-liquidated – the exchange founder’s DeFi lenders realized they might soon be saddled with millions of dollars in bad debt.

Read more: Curve Founder’s $168M Stash Is Under Stress, Creating a Risk for DeFi as a Whole

In granting Egorov’s loans, lending smart contracts had apparently failed to account for Egorov’s full collateral position, which was stashed across several disparate lending protocols, and therefore difficult to account for programmatically. Altogether, Egorov had put up a hefty one-third of all circulating CRV as collateral. If a lender liquidated even a fraction of this amount, the whole market for CRV – a relatively illiquid but systemically important DeFi asset – would have collapsed.

“When a founder of a project wants to lend a huge portion of a token’s supply, you're never going to be able to liquidate very rapidly,” said Sacha Ghebali, a data analyst at crypto analytics firm TheTie. “You need to have limits there.”

Briefly, a sort of Mexican standoff ensued between some of Egorov’s biggest leaders as they weighed liquidating the Curve founder early in an effort to avoid being the last ones stuck with worthless CRV.

Egorov wasn’t ultimately liquidated; he managed to pay down some of his loans with the help of big-money “whales,” like Tron founder Justin Sun, who had a vested interest in keeping DeFi afloat.

Even still, the Egorov situation “put a chink in the armor of DeFi protocols in showing that you can have bad debt, you can have credit losses in over-collateralized loans – provided that the collateral is not liquid enough,” said Sid Powell, the CEO of Maple Finance, an institution-focused DeFi lending company.

Every lending platform has rules baked into its code meant to protect against systemic-risk scenarios like the CRV fiasco. Broadly, the rules govern what assets can be borrowed, and in exchange for what kinds of collateral. Requiring over-collateralization is a primary method for managing risk, but not the only one.

In an emailed comment to CoinDesk, an Aave spokesperson took pains to specify that Egorov’s $60 million Aave lending position was made in Aave V2, an older version of the platform, and wouldn’t have been possible in the newer Aave V3 protocol, which “has risk parameters which limit this exact scenario to the point where bad debt is extremely unlikely.”

Banks hire professional managers to set these kinds of risk parameters. Aave and other DeFi lenders kick this responsibility to their investors.

Aave’s risk parameters are set by the Aave DAO, or decentralized autonomous organization – people who hold the platform’s AAVE token. The setup is pitched as a way for Aave’s stakeholders to democratically govern how their money is borrowed.

While an Aave spokesperson told CoinDesk that “the Aave DAO is known for conservative management,” some experts say the Curve crisis showed that risk management is too complicated to be handled by a DAO.

“More than 500 different parameters are talking to each other on the Aave protocol – it could be collateral factors, liquidation sensors, oracles, interest rates,” said Paul Frambot, CEO of the DeFi lending protocol Morpho. “You have votes to change those risk parameters constantly.”

“The Aave paradigm is not built to scale with such an amount of complexity,” said Frambot, who has worked to introduce new kinds of risk management systems with Morpho. In addition to DAOs being slow to make decisions, “you have to have a Ph.D. in risk management to really understand these things.”

If the Curve situation illustrated anything, said Frambot, it’s that DeFi lending protocols should not be viewed as autonomous pieces of computer code, but as systems that rely heavily on human decisions. ”The Aave protocol is in fact more of an on-chain fund with decentralized and open rails,” said the Morpho founder. “What they're doing is letting users deposit money, and then they manage the risk of this position.”

According to Aave’s spokesperson, “The DAO has various risk-mitigation, third-party services” to make risk “assessments and recommendations, but it is ultimately up to the DAO to decide how to respond to potential risks.”

Frambot says risk management is too tedious and complex for a DAO to handle, meaning power naturally concentrates into the hands of large “delegates” and risk management firms.

Firms like Gauntlet and Chaos, two of Aave DAO’s main risk management partners, have proprietary tools to measure risk and propose parameter changes. “Literally every day, risk managers are pushing risk parameters that are completely trusted and opaque – like we have no idea how they're calculated,” said Frambot. “Yet you know the DAO is going to greenlight it” because it comes from a trusted brand.

Of the 303 proposals since December 2020 that have made it to a formal Aave DAO governance vote – typically these follow a “snapshot” community poll in the Aave forums – only 8% have been outright rejected. Of the 262 proposals that have been approved and executed by the Aave DAO, 233 passed with unanimous approval. The bulk of them involved risk parameter changes.

Aave DAO decisions also tend to be driven by just a handful of “delegates” – individuals and organizations that are given permission to vote on behalf of other AAVE-holders. In each of the past five Aave DAO votes, more than half of the final vote tally came from the three largest delegates.

“There's a bit of demagoguery to being a delegate,” remarked Dean Tribble, CEO of Agoric, a company building a DeFi-focused blockchain. “People are rewarded for voting along with the majority, and that's why you get these big swings – 100% vote kinds of things. Or, a loud minority can have an outsized impact.”

The Curve fiasco demonstrated the capriciousness that can result from this kind of system.

In June – more than a month before the Curve exchange was hacked – Gauntlet proposed freezing CRV in Aave V2, arguing Egorov’s massive CRV collateral risked becoming bad debt. Aave’s community voted unanimously against the proposal, which would have prevented Egorov from increasing the size of his CRV position.

When Gauntlet reintroduced its CRV freeze proposal in July, days after the Curve hack, the community voted 100% in favor.