SoK: Decentralized Finance (DeFi)

Abstract: Decentralized Finance (DeFi), a blockchain powered peer-to-peer financial system, is mushrooming. Two years ago the total value locked in DeFi systems was approximately 700m USD, now, as of April 2022, it stands at around 150bn USD. The frenetic evolution of the ecosystem has created challenges in understanding the basic principles of these systems and their security risks. In this Systematization of Knowledge (SoK) we delineate the DeFi ecosystem along the following axes: its primitives, its operational protocol types and its security. We provide a distinction between technical security, which has a healthy literature, and economic security, which is largely unexplored, connecting the latter with new models and thereby synthesizing insights from computer science, economics and finance. Finally, we outline the open research challenges in the ecosystem across these security types.

• The paper presents a comprehensive systematization of DeFi, detailing its non-custodial architecture, open auditability, and composability.
• The paper examines technical vulnerabilities such as flash loan exploits, reentrancy bugs, and transaction ordering risks that compromise protocol security.
• The paper highlights economic security issues including overcollateralization, MEV risks, and challenges in governance and privacy as open research directions.

A Systematization of Knowledge for Decentralized Finance (DeFi)

The paper "SoK: Decentralized Finance (DeFi)" (2101.08778) explores the burgeoning ecosystem of DeFi and provides a comprehensive examination of the fundamental principles, operational protocols, and security challenges inherent to these systems. The rapidly growing DeFi sector represents a paradigm shift in financial systems, transitioning towards decentralized, non-custodial, and permissionless architectures powered by blockchain technology.

DeFi Ecosystem and Constructs

DeFi optimistically presents a breakthrough in financial architecture by offering non-custodial transactions and new capital efficiencies. It draws inspiration from the foundational promise of Bitcoin, extending the innovation to more complex financial operations. However, the ecosystem faces critiques concerning regulatory oversight, potential for facilitating financial crime, and inherent risks.

A fundamental conceptualization of DeFi includes characteristics such as non-custodial control, permissionless access, open auditability, and composability which permits intricate assemblies of financial services. The rapid expansion of DeFi, exemplified by the explosion in Total Value Locked (TVL) from $700$ million USD to $150$ billion USD within two years, underscores the significant investment and interest in these platforms. The operational diversity of DeFi protocols spans primitives, protocol types, and security paradigms.

Figure 1: A conceptual overview of the different constructs within the DeFi ecosystem.

Technical Security and Vulnerabilities

Technical exploits in DeFi protocols arise from atomic transaction vulnerabilities, smart contract bugs, and manipulations of transaction order execution within blockchain blocks. These exploits are generally risk-free and manifest through single transaction attacks—such as governance manipulation via flash loans—or complex transaction ordering attacks like multi-transaction sandwich attacks, where malicious actors alter the deterministic price of Automated Market Makers (AMMs) prior to and after the victim's transactions.

Past exploits, such as the bZx protocol's logical bug and reentrancy attacks on the dForce and imBTC Uniswap pools, highlight the vulnerability of DeFi protocols to technical flaws. Recognizing these patterns is essential for mitigating risks, and current tools remain inadequate in addressing the compositional complexities inherent to DeFi systems.

Economic Security Considerations

Economic security in DeFi transcends atomic exploits, focusing on the sustainability and incentive compatibility of systems amidst market manipulations and price oracle vulnerabilities. Overcollateralization serves as a primary security mechanism, ensuring system solvency through automated deleveraging processes. However, deleveraging can be compromised during financial crises, wherein thin markets and unstable collateral value confer systemic risk.

Moreover, Miner Extractable Value (MEV) presents significant blockchain layer risks, as miners can exploit transaction ordering to maximize arbitrage, compromising the system's economic equilibrium. Thus, MEV, akin to governance extractable value (GEV), necessitates robust economic models to safeguard protocol stability.

Open Research Challenges and Future Directions

The delineation between technical and economic security risks provides insights into a range of open research challenges. Foremost among these are the composability risks endemic to interconnected DeFi protocols. Additionally, pervasive questions remain concerning governance model optimization, oracle security, MEV quantification, and program analysis improvements to accommodate smart contract interoperability. These areas demand holistic research approaches combining cryptoeconomic, formal, and practical methodologies.

Efforts to advance privacy-preserving technologies amidst anonymity concerns must address computational feasibility alongside technological scalability. As such, overcoming these challenges is crucial for DeFi to evolve into a secure, resilient, and truly decentralized financial framework.

Conclusion

The exploration within "SoK: Decentralized Finance (DeFi)" reveals DeFi’s vast potential to redefine global financial systems. Yet, without addressing foundational technical and economic security challenges, the DeFi pessimist may prevail. The pursuit of resilient solutions for composability, governance, and incentivization will be pivotal for researchers and practitioners seeking to realize DeFi’s promise of delivering a transformative, open financial ecosystem.