Risk management is unsustainable

Risk management is an impossible problem in DeFi. This is because, unlike other execution environments, EVM code is used to program money and risk. While secure money programming is possible to some extent, secure risk programming is, from my experience, virtually impossible.

It makes no sense for devs to be tasked with the role of risk assessors and managers, despite having little to no knowledge of risk management. For example, the decision to set the Ether collateral ratio at 75% on Maker or Compound is arbitrary and lacks any real basis in probability or modeling.

Was this magic number decided because the probability of Ether price going down by over 25% before the next oracle update was somehow modeled to be near-0? Does that model factor in the possibility of cascading liquidations causing a significant market price impact? What about external traders opening shorts on CEXs in anticipation for the forced-selling? Or AMM LPs exiting in anticipation for volatility? Interest rate spikes due to utilization curve changes? Gas cost fluctuations due to liquidations opening up MEV opportunities? Is every permutation between 0 to 2 ²⁵⁶ simultaneously open positions at any given moment each with a different debt size, collateral asset and unique user behavior, not only on your own protocol but on every other lending protocol, factored into this model?

The idea of quantifying risk in DeFi is simply an impossible task. In both DeFi and TradFi, “industry experts” have no idea what they are doing and often rely on arbitrary parameters and precedent from other clueless people who seem to know what they’re doing.

This problem becomes worse when decentralized decision-making is involved. When a DAO is in charge of risk management, the priority gradually shifts away from managing risk and towards accruing value for token holders (same in TradFi, arguably). This is unsustainable and ultimately results in disaster.

But even protocols like Liquity, which have no DAO or active risk management, are not immune to risk. Ironically, the issue with Liquity is the lack of active risk management. Because the risk params were incorrectly set before launch and were then frozen forever, the protocol is stuck in an invalid state in perpetuity causing a LUSD positive depeg. This is because risk is not constant. It is constantly changing. Even hyperstructures can’t defeat risk.

The mere presence of risk in DeFi protocols is unsustainable, regardless of how, and whether or not, it is managed.