A discussion about risk

Authors

Treasury League

Summary

A post to discuss the introduction of a risk framework that will standardize future analyses of new underlying markets for integration purposes on the Perpetual Yield Tranches and Best Yield.

References

Background

Following the 2023 roadmap, presented by @Teo, we would like to discuss the introduction of a risk framework to standardize how the Senior and Junior Best Yield strategies can integrate Perpetual Yield Tranches as new underlying yield sources.

This standard will improve the current Integration Standard requirements and simplify the onboarding of new yield sources into Best Yield strategies.

Specifications

We envision a risk evaluation structure made part of two main components:

  1. Risk Framework
  2. Risk Rating

Before focusing on these two components, it could be beneficial to define the risks associated with DeFi protocols. Risks affecting DeFi protocols can be segregated into systemic risks, or risks that impact a large part or all of the DeFi ecosystem such as currency, regulatory and chain risks, and idiosyncratic risks, or risks that impact a single protocol or group of protocols, such as smart contract, governance, market, financial and oracle risks. Though idiosyncratic risks by nature tend to be unique to a specific platform, exposure to systemic risk factors may also differ substantially per platform.

Idiosyncratic risks

In this first discussion, we will focus to evaluate the idiosyncratic risks of a protocol. The most common protocol risks mainly rely on these four categories:

Risk Metrics
Smart contract Immutable or upgradeable SC, audits, track record of auditors, number of hacks and third-party protocol dependencies
Governance Team transparency, admin keys control, level of governance concentration and governance-related issues, emergency exit plan
Market & Financial Total Value Locked, complexity, longevity, tokenomics
Oracle Oracle dependencies, oracle fallbacks

Risk Framework

The Risk Framework will represent an evaluation tool to quantify and assess the risk of current and future Best Yield underlying yield sources.

The framework will be constituted of three parts

  1. Third-party review (33%) considering the reports of DeFi Safety and Exponential. These reviews will ensure that part of the risk rating will be based on independent analyses, avoiding any centralization issue that could affect Idle’s risk-scoring impartiality.
  2. Internal Security review (33%) focusing on Protocols risks from a smart contract, governance and market perspective. This review will be done by Idle DAO based on publicly available information and will use the same metrics for every protocol analyzed.
  3. Strategy review (34%) assessing the risks of each specific vertical, such as overcollateralized lending, uncollateralized lending, automated market makers, liquid staking and more.

1. Third-party review

The DeFi Safety and Exponential scores consider the vast majority of the Protocol risks listed in the Idiosyncratic risks section.

DeFi Safety metrics* Exponential metrics**
Smart contracts and team (PF) Asset strength
Documentation (PF) Protocol code quality
Testing (PF) Protocol maturity
Security (PF) Protocol design
Admin controls (PF) Chain design
Oracles (PE) Collateralization and leverage
(PE) Impermanent loss
(PE) Yield outlook
(PE) Chain reliability

* the DeFi Safety score will be time-adjusted, considering when the report was last updated. The older the analysis, the lower the score.
** where PF stands for Protocol fundamentals and PE for Pool economics.

As an example, below we list the reports referred to Idle protocol:

Other external and reputable sources may be included at a later stage.

2. Internal Security review

This review mainly focuses on smart contracts and market/financial risks (see the Idiosyncratic risks section).

Type Description
Audit Number of audits and quality of auditors
Bad debt, LP losses Severity of losses incurred, if any
Bug bounty, Insurance Size of bug bounty program
Protocol TVL Total value locked across all chains (average since protocol inception)
Pool TVL Total value locked on Ethereum (average since pool inception)
Protocol longevity Months of activity
Pool longevity Months of activity

3. Strategy review

The Strategy component refers to specific risks related to each underlying market integrated into Idle strategies. The strategy score will be composed of a fixed parameter associated with the vertical and a score associated with thematic risks.

Current underlying sources

  • Aave, Compound and either Senior or Junior tranches as underlying markets for Best Yield strategies.
  • Euler, Morpho, Lido and Clearpool as underlying markets for Perpetual Yield Tranches.
Vertical Risks
Overcollateralized lending Lowest collateral fully diluted value (FDV)
Borrow capacity
Liquid staking Validator concentration
Validators key management
Uncollateralized lending Borrower’s asset under management
Credora rating

Additional underlying sources

Some future verticals may include option and leverage strategies and support to bridges to allow multi-chain optimization.

Vertical Risks
Options Drawdown probability
Leverage Health rate factor
Bridge Bridge key management

Risk rating

The Risk Framework will assign a percentage score that will be then translated to a letter rating (A-E) based on the protocol risks evaluation, where

  • A will be given to the highest-rated protocols in terms of overall risks
  • E will be given to the lowest-rated protocols in terms of overall risks
Rating A B C D E
Upper bound 100% 85% 70% 55% 40%
Lower bound 85% 70% 55% 40% 0%

Next Step

We would like to gather the sentiment of the DAO toward the risk analysis process we sketched.

We value the inputs from our community and users, and would appreciate hearing about any additional metrics that should be included in the framework and specifically in these categories:

  • Third-party risk rating sources
  • Internal Security metrics
  • Strategy metrics

Please remember that this framework should be applicable to the majority of DeFi protocols, hence we suggest not going too much into detail. Ad-hoc analyses could be carried out if needed.

4 Likes

Hi Idle Community, this is Jakob Co-Founder of Clearpool Finance one of the underlying markets for PYTs.

We think the framework makes sense, maybe just to add here the Credora rating (third independent party not associated with Clearpool) is taking into account 1) Operations and DD (including borrowing history, 2) Financial Statement Analysis and 3) Risk Monitoring (real time verification of borrower’s assets and liabilities (more info on methodology can be found here

Another indicator Credora calculates is Borrow Capacity, which is calculated by using the credit score and net equity metrics, so it also takes current liabilities into account which might be a more meaningful indicator compared to just AUM.

Let me know your thoughts here.

4 Likes

Hey Jakob!

Thanks for your clarification about Credora’s rating. We can think to expand more on which metrics Credora monitors to help users better understand its letter rating.

I also agree with you in having both the Borrower’s rating and the borrower’s capacity for the uncollateralized lending pools. The borrower capacity metric is a better indicator than the borrower’s AUM and should take its place.

Another interesting point could be to understand the percentage of funds tracked by Credora. Having an A rating with visibility only on 30% of the borrower’s funds it’s different from having the same score but with a view on 90% of the borrower’s assets. This is a question for Credora, though.

4 Likes

Hi! I’m Matt, COO & Co-Founder at Credora. Glad to be speaking with you all.

Wanted to provide some additional clarification on the above. The best source of information for our Credit Methodology is the documentation Jakob provided.

Visibility is a real-time comparison of the latest reported Assets (via Financial Statements) and Assets captured through Risk Monitoring. We use the term Risk Monitoring to refer to Credora’s operation of verifiable confidential computing infrastructure, permitting the aggregation of risk metrics directly from relevant sources (i.e. exchanges, custody solutions, DeFi, bank accounts), while cryptographically validating our inability to access the sensitive data (i.e. trades, positions).

Visibility is itself a major factor in the Credit Methodology (200 / 1000), and it also impacts the Equity (100 / 1000) and Leverage (100 / 1000) scores. For the overall score and the calculation of a Borrow Capacity, Visibility effectively discounts reported information if our system is incapable of validating it. Unless there is a significant (5+ year) history of Big 4 audits, it is very unlikely for a Borrower to receive an A or above absent high Visibility.

The Borrow Capacity metric is calculated by determining a ‘material’ change in the Borrower Credit Score, according to a curve which allows for more significant changes for higher Credit Score Borrowers. The Credit Score is simulated based on changes across multiple metrics due to increases in Debt, and we solve for the Debt amount which drives a ‘material’ deterioration in Credit Score.

Borrow Capacity is impacted by all of the information the Credit Methodology evaluates, and is more heavily impacted by Leverage, Current Ratio, Returns, and Interest Coverage. We view Borrow Capacity as a materially better metric than AUM, as AUM provides no indication of Leverage (i.e. the majority of Assets might be Liabilities, and therefore a significantly more risky Borrower depending on the extent of the Leverage and underlying activity).

We do publish Visibility on the platform as a percentage, alongside a variety of other metrics. Additionally, we can publish a Transparency score which combines Visibility and Financial Quality scores. These and any metric on the platform can be distributed by the Borrower. Credora is not permitted to distribute any Borrower information absent their explicit action on the platform.

Hope that provides some additional clarity. Of course, if you have any questions feel free to ask!

4 Likes

Following the approach detailed in the initial post

we started analyzing three base-layer protocols, i.e. Compound, Aave and Euler, which got the following scores.

Summary rating

Protocol Strategy Third party Internal Security Strategy Avg score Rating
Compound v2 Overcollateralized lending 90% 87% 92% 90% A
Aave v2 Overcollateralized lending 91% 81% 82% 84% B
Euler v2 Overcollateralized lending 89% 76% 93% 86% A

Rating details

Below we include a screenshot showing the rating details for Compound. The same approach has been used for all the three protocols analysed.

The full analysis is available here: Risk Framework [PUBLIC]

Thanks @jakob_poolsider and @Matt_Ficke for your inputs. We have included them in version 1 of the risk framework.

2 Likes