A forum to discuss categorisation of risk in DeFi and on specific protocols.
Our framework is grounded in established risk management techniques and uses a high level qualitative approach to ratings. To start, we classify risk into 3 main categories.
1. Technical Risk
This is the risk of the smart contracts not behaving as intended by the developers. It is very hard to code error free so there is always some level of technical risk that exists. Audits, extensive testing, formal verification as well as how “battle-tested” the contract are factors that can reduce technical risk.
2. External Risk
This is the risk of external information influencing how the smart contracts operate to the detriment of other users. For example, an oracle could provide malicious data, and administrator could change a system parameter or governance procedures could be co-opted.
3. Economic Incentive Failure Risk
Many smart contract systems, especially in the DeFi space rely on economic incentives to encourage network participants to perform certain actions. These incentives could fail to encourage the right behaviour or not be adequate enough leading to other users being adversely impacted. For example, the incentives in the MakerDAO smart contracts could be too aggressive and the DAI <> USD peg could break if the ETH price drops too far, too quickly.