Composability must be included in risk assessment

[EthWarrior]

Tokenisation and smart contract interaction provides opportunities to create new interactions on top of existing smart contract protocols programatically. By such one is able to create a financial protocols or derivatives that utilises existing DeFi protocols such as utilising lending, exchanges, derivatives and insurance-like products.

As an example, lending protocol such as Aave and Compound utilises MakerDAO stablecoin protocol and the liquidation networks use Kyber Network or Uniswap for means to liquidate collateral called positions for securing the network from insolvency.

In such case, these lending protocols are exposed to the systemic risk inherited within the underlying protocols that the they are de facto relying upon. In the above, case Aave and Compound are exposed to MakerDAO, Kyber and Uniswap (directly or indirectly).

The rabbit hole goes deeper when derivative protocols are build as 3rd (and beyond) layers on top of the DeFi infrastructure, whereas these protocols would be exposed to risk in multiple layers, similarly the underlying protocols (level 1 etc.) would be exposed similarly to the risk of these higher level protocols as they provide and consumer liquidity.

On the other hand, composability could work as risk mitigation as well. For example, instead of running an oracle network by own, one could join a network that is well functioning and more decentralized. Similarly, 3rd layer protocols could rely on multiple 1-2 layer protocols for diversification purposes and mitigate the risk through composability.

In traditional finance such risk assessment is handled by the amount of trust each counter-party can sustain with the risk/reward capture. However, as trust-based system are based on credit between all counter-parties, a black swan event usually causes a large domino effect as everyone is exposed to everyone in the market.

To improve the risk assessment, I recommend to take into account the composability within the scoring system as a protocol might include inheritable risk from other protocols. The suggestion would highlight protocol builders to rely on protocols that are mitigating risk.

[KyleJKistner]

I think in general risk flows one way with composability. The more things you build on top of, the more at risk you are. But you aren't at much more risk if many things build on top of you. bZx is built on Kyber, and if Kyber fails, it could be a serious risk for us. However, if we fail there is little risk for Kyber.