What are the risks with DeFi and how can investors mitigate those risks? The biggest risk in DeFi is the so-called rug pull, which can be generalized to any action by the project team that is unexpected and harmful to investors, but often immensely profitable to the project team.
To some extent DeFi allows more opportunities for such actions, because the space is new, quick-moving, and investors are hungry for new opportunities and projects to invest in. This is why they often skip doing detailed due diligence.
Furthermore, due to the complex nature of smart contracts and DeFi composability, it’s often possible for a big risk to be hiding in plain sight, and unless you’re experienced in reading Solidity and actually put in the time to do due diligence, you won’t spot it.
For example, when Sushiswap vampire-attacked Uniswap, they had a so-called migrator contract as part of the design. The contract owner could set this migrator contract to a malicious address and withdraw all LP tokens.
While this didn’t happen in Sushiswap, many of it’s forks exploited this to steal all the liquidity staked, even if a migration was never on their roadmap. One way to protect yourself from such risks is to check if a project has been audited by a reputable security firm, but a significantly better way is to be able to read the code and understand the contracts yourself.
This will allow you to understand “intended behavior” that would pass an audit but allows the project team to “rug pull”, such as the one given in the example. If you’re unable to, just trusting your intuition in terms of whether something seems shady or too good to be true goes a long way.
Over time, DeFi will actually become more resistant to this – because of its open nature, anyone being able to read code can actually feel safer putting their funds in a DeFi project rather than a centralized exchange or platform.
As the industry matures and more people learn how to analyze these projects, DeFi’s strength of being fully transparent and auditable will shine.
This article is an extract from the 80+ page Scaling Report: Does the Future of Decentralized Finance Still Belong to Ethereum? co-published by the Crypto Research Report and Cointelegraph Consulting, written by ten authors and supported by Arcana, Brave, ANote Music, Radix, Fuse, Cryptix, Casper Labs, Coinfinity, Ambire, BitPanda and CakeDEFI.