The DeFi Score is a framework for assessing risk in permissionless lending platforms. It's a single, consistently comparable value for measuring protocol risk, based on factors including smart contract risk, collateralization, and liquidity.
We encourage the Ethereum community to evolve the methodology, making it more effective and easier to use.
Table of Contents
We've provided a few example scores with a breakdown of each component. Although the underlying methodology is complex, it should be simple for a user to understand.
Want to run the numbers yourself? Check out the implementation instructions.
The DeFi Score methodology can be organized into Smart Contract Risk, Financial Risk, and Other Considerations.
I. Smart Contract Risk
Smart Contract Security (35%)
Errors, bugs and unexpected outcomes in smart contracts can cause real financial harm. These risks can be minimized by proactive code audits and formal verification from reputable security firms.
Our model assesses code security by looking at three pieces of off-chain but public data:
- Audited Code: Has the code been audited by a reputable security team?
- Formal Verification: Has the code been formally verified by a reputable security team?
- Bounty Program: Does the development team offers a public bug bounty program?
Smart Contract Openness (15%)
Part of the promise of DeFi is that the functionality of smart contracts is completely on-chain, which means they are verifiable and transparent. Developers of DeFi platforms still have the ability to obscure their code in various ways, such as not verifying the bytecode and using off chain oracles processes. Security through obscurity offers weak security guarantees at best, and at worst results in delays in finding critical bugs.
II. Financial Risk
While all of the current platforms use very conservative collateral factors, the highly volatile nature of crypto assets means that these high collateral factors may still be insufficient. Collateral Risk is assessed by looking at two pieces of data, both derivable from on-chain data. The first data point is the utilization rate. The second data point is an analysis of the collateral portfolio using the CVaR (Conditional Value at Risk) model, also known as the Expected Shortfall model.
The currently scoped platforms all attempt to incentive liquidity by using dynamic interest rate models which produce varying rates depending on the level of liquidity in each asset pool. However, incentivized liquidity does not mean guaranteed liquidity. THe absolute level of liquidity is used.
III. Other Considerations
While there are some promising innovations in the DeFi insurance space, none are widespread or mature enough yet. Also, none of these platforms’ development teams are actually decentralized yet and none have been approved by the United States or other nations’ banking/finance regulatory bodies yet. Insurance/Regulatory Risk (15%)
Join the DeFi Score community on Telegram.
This work is licensed under a Creative Commons Attribution-ShareAlike 2.0 Generic License.