Decentralized finance (DeFi) is a promising technology to drastically change the traditional financial system. It has the potential to significantly accelerate various services like exchanging funds, trading, and lending. However, developing a secure and efficient DeFi application is challenging.
In this article, we discuss the concept of decentralized finance, exploring its use cases and benefits. We also analyze the major pitfalls you can face when building DeFi applications and offer possible ways to overcome them. This article will be helpful for everyone interested in developing or applying a decentralized finance product.
Contents:
- DeFi basics: definition and key technologies
- How to use decentralized finance: types of DeFi applications
- 6 key benefits of DeFi for businesses
- What can go wrong in a DeFi project and how to fix it
- 1. Smart contract limitations
- 2. Lack of a clear legal framework
- 3. Low liquidity and high fees
- 4. Performance issues
- 5. Hacking and attacks
- 6. Lack of talent
- Conclusion
DeFi basics: definition and key technologies
What is decentralized finance?
Decentralized finance, or DeFi, is a concept that covers a variety of financial applications that donโt rely on intermediaries like brokerages, exchanges, or banks. Instead, DeFi uses smart contracts and encourages parties to use cryptocurrencies.
DeFi users donโt need to waste time on long-lasting phone and email conversations with managers, as often happens with conventional financial applications. Instead, they interact with open software protocols through unhosted digital wallets. These wallets are managed by DeFi platform users, not a service provider. Thus, DeFi users have full control over their funds and can perform financial transactions directly with each other.
Because of DeFiโs heavy reliance on different technologies, itโs often mixed up with FinTech, which, in reality, is a wider concept.
Financial technology, or FinTech, is a term for any technology (software, algorithms, applications, and even hardware) that can be used to augment, streamline, and digitize traditional financial services. Common FinTech examples are banking and financial apps that help users check their balances, calculate taxes, and manage their investments.
Itโs more appropriate to say that DeFi is a product of FinTech and blockchain convergence rather than considering it synonymous with FinTech.
How do DeFi solutions work?
To manage financial transactions, DeFi solutions rely on a range of modern technologies. Letโs explore four commonly used terms related to DeFi:
Smart contracts. Smart contracts are the core of decentralized solutions and DeFi functionality, since they cut out intermediaries while ensuring fair and secure financial transactions. Smart contract code contains terms of an agreement and executes a transaction once all terms are met. If the terms are not met, the smart contract sends funds back to the payer. Thanks to data encryption and a shared ledger, itโs virtually impossible to lose smart contract information stored in a blockchain. Also, smart contracts canโt be altered or changed once deployed on a blockchain.
Governance tokens. Governance tokens are cryptocurrencies that help building voting system using blockchain. They help DeFi projects distribute powers and rights to users in order to remain decentralized. Some dApps allocate governance tokens to reward users for engaging with the system and making transactions. For example, users can vote on proposals to change a dAppโs protocol, its incentives, and its operations, thus contributing to the dApp projectโs governance and evolution.
Software protocols. DeFi protocols are groups of smart contracts that work together to create a certain solution and execute specific tasks. Such a protocol features a collection of standards, rules, and principles that can align with real-world institutions of specific industries. DeFi protocols are interoperable, meaning that multiple entities can use them simultaneously. To help users manage their crypto assets, DeFi protocols use self-executing smart contracts. The most common protocols for current DeFi projects, including Aave and Synthetix, are built on Ethereum.
Decentralized applications (dApps). A dApp is a type of digital application that exists and runs in a blockchain or on a peer-to-peer (P2P) network of computers instead of on a single computer and is outside the purview and control of a single authority. For example, a dApp can be a website that allows users to interact with a DeFi protocol. DApps can be controlled by business automation software that checks whether all specified parameters are met before executing an operation. Chainlink and the Golem Network are examples of popular dApps.
Now, letโs see how all these technologies can be applied in real-life DeFi products and explore major use cases for decentralized finance.
How to use decentralized finance: types of DeFi applications
A curious thing about decentralized financial technologies is that theyโre focused on recreating the entire financial ecosystem rather than just building software for separate services. DeFi projects can often serve as consumer-facing financial interfaces powered by blockchain and crypto assets.
You can find DeFi products for various purposes, such as insurance services, lending platforms, and currency exchanges. Other use cases are related to new cryptocurrency types like stablecoins and mining types like liquidity mining.
Letโs take a closer look at common types of DeFi applications:
Decentralized exchanges (DEXs)
Unlike traditional centralized exchanges (CEXs), DEXs ensure direct peer-to-peer cryptocurrency transactions, relying on self-executing smart contracts to facilitate trading. This allows for instantaneous trades, often at a lower cost than on CEXs.
Depending on its method of facilitating trades, a DEX can be categorized as:
- Order book DEX like Nash Exchange and Tomo DEX
- Swap DEX like Uniswap and Balancer
- DEX aggregator like 1inch and DeversiFi
Derivatives trading
Such DeFi platforms allow users to trade tokenized derivatives using smart contracts, without the need for a third party. Any product like options, futures, and collateralized loans can be a derivative.
Popular protocols for derivative trading are Synthetix and BarnBridge.
Lending platforms
These platforms allow lenders to instantly lend cryptocurrencies to borrowers. The main condition is that borrowers have to provide enough collateral to deposit in a smart contract.
One of DeFiโs key benefits is that it provides a censorship-free environment, meaning there is no preferential treatment. Leading examples of DeFi lending platforms are C.R.E.A.M. and Notional.
Stablecoins
A stablecoin is a type of cryptocurrency that holds a stable price, usually thanks to its being tied to a non-crypto asset, like the dollar or euro. This type of cryptocurrency was created in response to the crypto marketโs volatile nature.
Although stablecoins themselves arenโt DeFi projects, they are closely related, since stablecoins can act as funds for DeFi projects. There are three major types of stablecoins:
- Fiat-backed or collateralized stablecoins. These are crypto tokens associated with the value of a specific fiat currency. Examples are Tether and Diem.
- Commodity-backed stablecoins. The value of these coins is fixed to one or more commodities, such as precious metals. Digix Gold Token and Paxos Gold are popular commodity-backed stablecoins.
- Cryptocurrency-backed stablecoins. Usually, these coins are backed by a single cryptocurrency like Bitcoin or Ethereum rather than a mix to prevent risks of volatility. Well-known examples are DAI and Wrapped Bitcoin.
Prediction markets
Crypto prediction markets allow anyone, regardless of status, location, and nationality, to trade the outcome of events like sports games and financial situations. The goal of decentralized prediction markets is to offer the same functionality provided by traditional prediction markets, but without intermediaries. Popular prediction market platforms include TotemFi and Augur.
Yield farming
Yield farming is the practice of staking or lending crypto assets to generate returns or rewards in the form of additional cryptocurrency. Liquidity providers stake or lock up their assets in a smart contract-based liquidity pool. In return, they receive incentives like a percentage of transaction fees or governance tokens.
Yield farming is a tool to help provide network liquidity. As more investors add funds to the liquidity pool, the value of the issued returns decreases accordingly. Examples of popular yield farming DEXs are PancakeSwap and Plenty.
Liquidity mining
A form of yield farming, liquidity mining allows digital asset owners to provide liquidity to DEXs via cryptocurrency in return for rewards.
The main difference between yield farming and liquidity mining is that with liquidity mining, liquidity providers receive not only fee revenue but also the platformโs own tokens. Liquidity mining is a significant improvement to the DEX ecosystem that aims to fix the issue of low liquidity. Also, itโs a major source of revenue for some digital asset investors. Examples of liquidity mining platforms are Uniswap and Balancer.
With major use cases explored, letโs move to exploring DeFi pros and cons.
6 key benefits of DeFi for businesses
Blockchains are on the rise, and thereโs a broad target audience interested in cryptocurrencies and decentralized finance.
Also, thanks to the robust technologies behind it, DeFi offers lots of advantages to businesses and end users, such as blockchain-guaranteed transparency, decentralization, and security. No wonder large enterprises like IBM are already working on projects related to decentralized finance.
The key benefits of decentralized finance for businesses include:
1. Easier access to financial services. As a core technology behind DeFi, the blockchain brings decentralization to DeFi applications. It helps users regardless of their social status to conduct financial operations without third-party institutions that can be biased while ensuring transaction security and transparency. Thus, the decentralized approach can democratize the financial sector, providing easy access to financial services for everyone.
2. Transparent person-to-person trades. Information about all activities within the blockchain network is shared by everyone, meaning that the networkโs data is publicly available for inspection. Also, DeFi applications enable cryptographic mechanisms that verify the authenticity of information before recording it. Such transparency can show that an organization works fairly and attracts more investors. Moreover, self-executing code in dApp smart contracts allows for a flexible and direct person-to-person trade with both transparency and minimal requirements for joining.
3. Possibility for international financial transactions. Since DeFi platforms and protocols are distributed across blockchains, theyโre available across the world and can be used for international financial transactions. The key advantage is that without intermediaries, DeFi applications can offer low or even no fees and cheap currency conversions.
4. Improved market efficiency. DeFi platforms allow users to automatically lend and borrow funds by using crypto assets as collateral. This automation may accelerate financial transactions, decrease costs, and expand the availability of lending services.
5. Full control over funds for users. Thanks to the elimination of intermediaries in DeFI applications, users can maintain full control and visibility over their funds in their personal wallets and trading services. Full control means that users decide where their money goes and how itโs spent. For example, DEXs and DeFi trading platforms allow you to trade whenever you want and choose trading partners by yourself. Centralized exchanges, on the contrary, make you deposit your assets before trading and trust the exchange to look after them.
6. Opportunity to combine DeFi apps. Composability โ the ability for DeFi applications and protocols to interact with one another in a permissionless way โ is a useful feature that helps DeFi applications evolve. Thanks to composability, decentralized solutions can be combined like LEGO pieces to build new forms of financial services. This is why DeFi products are often called Money LEGOs.
Despite its promising benefits, DeFi still has some severe challenges to overcome before finally revolutionizing the financial industry. And this also brings several pitfalls for DeFi developers. Letโs explore the most crucial limitations and possible ways to overcome them in the following section.
What can go wrong in a DeFi project and how to fix it
The decentralized finance market is still in its early stages of development, which brings lots of pitfalls to early adopters. Below, we discuss six major challenges to be prepared for before starting your own DeFi project and possible ways to overcome them.
We also offer some key practices and recommendations to enhance the overall security of a DeFi application, explain how to improve your appโs performance, point out what requirements to watch for, and share how to gather a perfect development team.
1. Smart contract limitations
As we mentioned before, smart contracts fill the role of intermediaries in DeFi solutions. Any malfunctioning of smart contracts will inevitably affect your DeFi solutionโs entire ecosystem.
Flaws in the code. The presence of an error in code can lead to a variety of unpleasant consequences like the loss of funds locked in the smart contract and misused smart contract processes.
For instance, admins in crypto projects definitely should have extended access rights to work efficiently. However, sometimes developers may provide admins with unnecessary access rights, opening opportunities to steal tokens, remove users, delete wallets, or cause damage unintentionally.
Flaws in code can also allow users to trick core processes like voting. A fraudulent voter may find an opportunity to manipulate the voting process, reset voting results, or even cancel voting in the first place.
User errors. As mentioned earlier, the key idea of DeFi services is to take away intermediaries and provide users with full responsibility for their funds and assets. The other side of this coin is that DeFi solutions donโt take responsibility for user mistakes like sending money to the wrong address. A lack of tools to prevent human error may be a reason for potential users not to choose DeFi apps.
How to overcome smart contract limitations
A proven way to improve smart contracts is sticking to development best practices. Although smart contract architectures may vary depending on a projectโs specifics, there are several essential practices that can help you develop robust smart contracts:
Carefully choose a blockchain network. If you donโt have particular preferences yet, compare the transaction costs and speed of different platforms. The platform you choose often determines the programming language you can use for writing smart contracts. You can choose the language for your smart contract if the network supports several virtual machines or uses high-level synthesis (Python-like, Javascript-like) for translating to its low-level language.
Popular programming languages like C++ and JavaScript can provide you with tons of development opportunities, but some specific blockchain languages like Scilla will help you avoid programming mistakes when writing a smart contract.
Follow your blockchain networkโs development standards. When adding extra functionality to a smart contract, follow the practices recommended for the blockchain network you use. Otherwise, you might end up with a complex multifunctional smart contract that has severe security vulnerabilities.
For example, you might want to watch the EthTrust Security Levels Working Group formed by the Enterprise Ethereum Alliance, since the majority of DeFi projects are built on the Ethereum blockchain. The goal of this new organization is to set security standards for smart contract transactions that run on Ethereum. At the time of writing, the working group hasnโt introduced any documentation yet. It would be worth checking for updates at the end of 2021 or the beginning of 2022.
Pay close attention to smart contract testing. Once smart contracts are deployed, thereโs no way to change them and fix bugs detected at the last minute. To ensure a thorough testing process, use tools for test coverage analysis, static code analysis, formal verification, and symbolic execution.
To learn more about these and other security practices, check out our article on five security tips for writing smart contracts.
2. Lack of a clear legal framework
The most complicated challenge for blockchains in general and for DeFi projects in particular is the absence of comprehensive legislation.
Even if a DeFi project is developed with top-notch security and fair processes in mind, thereโs no guarantee that government institutions wonโt introduce strict requirements. These requirements may force a DeFi project to make significant changes to the architecture and business logic of its solutions or, in the worst-case scenario, even shut down.
With no precise regulation of the decentralized financial system, DeFi faces lots of issues, including the following:
Lack of user trust. Unlike blockchain and FinTech enthusiasts, many people may not trust DeFi systems because governments and central banks have no control over transactions. Without laws, regulations, and standards, the majority of banks and other financial institutions wonโt even think of adopting decentralized technology protocols, which slows down DeFi evolution.
Unclear bureaucracy. To keep your DeFi project legal, you have to deal with lots of nuances such as choosing the country or state in which to register your company, as the laws of this jurisdiction will govern your use of digital currencies. You also have to be ready to deal with relevant agencies surveilling the field. For instance, in the US, the U.S. Securities and Exchange Commission (SEC) may want to investigate your DeFi project.
Some law firms even advise developers of DeFi projects operating in the US to set up a virtual meeting with an SEC officer to gain insights about what potential issues might affect the project or trigger an investigation. But since thereโs still no comprehensive legislation pertaining to DeFi, the rules of the bureaucratic game are quite unclear.
Opportunities for criminals. Since DeFi offers anonymity, anyone can send or receive cryptocurrencies without revealing their name, which gives lots of opportunities to malicious actors. And without regulations, the DeFi market can be full of scam companies that can disrupt the reputation of the entire market and negatively affect the reputation of conscientious DeFi projects. Even if a project seems legit, thereโs always a risk of its changing owners or the way itโs operated, sometimes with little to no warning.
How to solve challenges with a lack of clear legislation
Although we donโt have a comprehensive legislative basis for DeFi yet, the process of creating such a legal framework is already in progress.
The challenges of FinTech and distributed ledger technology are being discussed not only among technology enthusiasts but among G20 leaders. Moreover, in June 2021, the World Economic Forum introduced the Decentralized Finance (DeFi) Policy-Maker Toolkit whitepaper that provides an overview of the DeFi space, explores its potential benefits and risks, and maps out potential legal and regulatory responses to DeFi.
To make sure your DeFi project is legal and unlikely to be investigated and banned by regulators like the SEC, keep track of the latest news regarding FinTech regulations and explore information provided by the Strategic Hub for Innovation and Financial Technology (FinHub). Also, if youโre planning to develop functionality that is not covered by existing legislation, you should take into account the risks of this functionality being forbidden in the future.
3. Low liquidity and high fees
In the blockchain world, liquidity describes the degree to which an asset can be quickly bought or sold at its intrinsic price. In simple terms, we can define liquidity as the pool of coins available for performing different operations within a platform, such as exchanging coins or making a loan.
Low liquidity means thereโs market volatility that causes spikes in cryptocurrency prices and a lack of assets. Such a situation can arise when there are too many types of assets in the market.
The cryptocurrency market is already filled with thousands of digital currency types, which makes it complicated for users to choose a specific currency, since their values continuously change. Itโs no wonder that one of the major reasons why centralized alternatives are outpacing decentralized ones is because of DeFiโs low liquidity.
Also, low liquidity usually goes along with high fees for financial transactions, as in some cases like lack of a certain cryptocurrency, the only way to sell or buy digital assets is by paying high fees. As a result, users canโt freely exchange their assets, which makes the financial system ineffective.
How to solve the issues of low liquidity and high fees
A straightforward and efficient way to address low liquidity of a certain cryptocurrency is to make it more attractive to the audience. For instance, you can engage more users with different reward systems.
One potential solution for low liquidity in a DeFi project is using atomic swaps โ automatic exchange contracts that allow two parties to trade tokens from two different blockchains. This approach seems reasonable, but it still doesnโt solve the issue of flooding the market with a raft of highly specialized tokens.
Another possible way to address low liquidity is to use decentralized liquidity pools. Liquidity pools contain tokens locked into a smart contract. They are supposed to facilitate efficient asset trading while allowing investors to earn a return on their holdings. Thus, a DEX serves as a marketplace where buyers and sellers agree on asset prices based on the relative supply and demand. The drawback of this model is that the efficiency of liquidity pools depends on having enough buyers and sellers to create high liquidity.
To overcome issues of high fees, you may consider using feeless transactions. This can be achieved in different ways, such as by subsidizing the platform or using multiple tokens.
4. Performance issues
From blockchains, DeFi solutions inherited not only benefits like security and transparency but also major drawbacks like slow transaction speeds (compared to centralized finance) and scalability issues, which significantly reduce overall system performance.
To keep transactions secure and transparent, blockchains register every transaction and make them public. This comes at the cost of a limited number of transactions that can be processed simultaneously.
Current speed of blockchain transactions:
- 10 to 20 seconds per block, with 250 confirmations taking about one hour for ETH
- 10 minutes per block, with 6 confirmations taking about one hour for BTC
How to solve performance issues
If you work with Bitcoin-powered applications, then one promising way to solve issues of scalability and speed is the Lightning Network. This protocol is based on the idea that only the final transaction for an operation needs to be recorded on the blockchain.
The Lightning Network establishes a peer-to-peer payment channel between two parties. But to create a payment channel, the payer must lock a certain amount of BTC into the network. Only then can the recipient invoice amounts as they see fit. A significant drawback of the Lightning Network is that it can only be used for Bitcoin.
For Ethereum-driven projects, state channels are a possible solution for improving blockchain scalability. State channels refer to the process in which users transact with one another directly outside of the blockchain (off-chain) and greatly minimize their use of on-chain operations. This approach can significantly reduce the strain on blockchains by simply grouping similar transactions. Thus, it will reduce the overall number of transactions and improve both scalability and transaction speed.
Also, you might want to look into blockchain platforms like Futurepia, whose DDPoS (Dual Delegated Proof of Stake) protocol allows it to resolve various security risks and achieve impressive scalability โ 300,000 transactions per second in laboratory testing. At Apriorit, we managed to successfully build our own blockchain network for delivery management systems. Itโs based on Futurepia and is called FiberChain. FiberChain offers highly adaptable distributed data storage, an interface for interacting with that storage, and the ability to implement any custom logic for data processing and analysis.
5. Hacking and attacks
Malicious actors will always remain a threat to the financial sector, attempting to come up with new ways for stealing funds. The most common dangers DeFi projects must watch out for include reentrancy and flash loan attacks.
Reentrancy attacks. These attacks can help hackers sneak their way into smart contract code and steal crypto. Reentrancy attacks can occur when a smart contractโs function calls an external untrusted contract. If attackers gain control over this untrusted contract, they can make a recursive call back to the original function. Attackers can recursively call a withdraw function repeatedly and drain the whole contract.
In 2020, a reentrancy vulnerability in the DForce lending market allowed hackers to borrow assets worth roughly $24.75 million in total and exit with all of the assets deposited in the lending application. Luckily for DForce, hackers returned almost all of the stolen assets. However, you canโt expect all hackers to be that kind, and therefore you should watch for reentrancy vulnerabilities in your project.
Flash loan attacks allow borrowers to receive any sum of dollars in crypto assets without providing any collateral, but they have to pay the full amount back within the same transaction. If the loan isnโt paid back, the lender just rolls back the transaction. During flash loan attacks, attackers borrow significant sums of money to manipulate the market or exploit vulnerable DeFi protocols for their own personal gain.
A flash loan attack that happened to the yield-farming aggregator PancakeBunny crashed its price by nearly 95%. Another famous example of a flash loan exploit happened to one of Yearn.Financeโs DAI lending pools in 2021. The total loss for this DeFI platform was $11 million.
How to solve issues with hacking and attacks
The most common and straightforward way for malicious actors to hack a crypto project is to find and exploit vulnerabilities. This is why thoroughly checking all your code for weak spots and conducting a security audit is a must for preventing your DeFi application from being hacked.
Keep your code clean and unique. To eliminate the majority of vulnerabilities, you have to put all your efforts into writing flawless code. Simple copy-pasting code from other protocols is a dangerous practice, because later youโll try to fit in additional parts of code for additional functionality. And such a combination is likely to result in code incompatibility, logical errors, and other vulnerabilities that could be exploited by hackers.
The best practices for keeping your DeFi project code clean and efficient highly depend on the limitations of the blockchain protocol youโre using.
The most common recommendations, suitable for all projects, are the following:
- Detect and fix typos in code
- Use an alias for repeatedly used complex types
- Avoid code duplication
- Provide function documentation and keep it updated
Audit smart contract security. In the majority of cases, attackers target smart contracts, attempting to find and exploit vulnerabilities to change their logic and steal funds. Security audits can help you identify vulnerabilities and security loopholes in DeFi smart contracts and fix them before deployment.
Cryptocurrency and DeFi organizations often hire an external specialist to perform a security audit to receive an unbiased opinion and receive helpful recommendations on how to improve the efficiency and security of their smart contracts.
Common practices for smart contract security audits include:
- Analyzing source code behavior
- Evaluating code quality
- Performing a symbolic analysis of potentially vulnerable areas
- Checking how smart contracts react to common manual attacks
- Analyzing unit test coverage
- Analyzing gas usage
Consider using metric monitoring tools. Such applications will help you detect suspicious activities, allowing you to investigate them and detect any issues before they lead to negative consequences.
For example, sudden spikes in any of the values of pool funds might be a sign of an impending hacker attack. Also, if a specific user frequently conducts repeating requests and initiates large transactions, it may indicate a potential attempt to hack your system.
Metric monitoring tools often use a Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge (zk-SNARKS) cryptographic proof that allows a party to prove it possesses certain information without revealing that information.
6. Lack of talent
Cryptocurrency and DeFi companies face significant challenges when hiring developers due to a lack of competent professionals in the field. Also, when striving to hunt skilled developers, DeFi companies compete with both blockchain and non-blockchain organizations, including banking institutions that require development experts with an understanding of financial technologies.
The main reason behind the talent shortage is that the crypto space is rapidly growing, while blockchain developers need time to study new technologies, explore nuances of decentralized finance projects, and build up relevant expertise.
Thanks to growing interest in studying blockchain development and cryptocurrency, exchanges and startups can expect more talent in the industry. However, they still need to recruit at least a few experts with experience in real-life DeFi products to lead the project and ensure proper development processes.
How to respond to the lack of talent
A talented and experienced development team is key to creating a robust and secure product. Apart from developers who know how to build a DeFi application, your team should include a skillful project manager to efficiently organize all work processes and a testing team to help ensure top-notch quality assurance.
Also, you may want to involve a business analyst with experience in crypto and FinTech projects to research the industry specifics and identify both opportunities and pitfalls for your project before starting DeFi solutions development.
Hereโs a brief checklist of key knowledge and qualities a perfect team should have:
- Deep expertise in the field of blockchain and cryptocurrencies
- A list of successfully implemented blockchain projects
- Deep knowledge in smart contract development and testing
- Experience with FinTech projects
- Understanding of security standards like the CryptoCurrency Security Standard
- Expertise in security and penetration testing
Conclusion
Developing an efficient decentralized finance project is a true challenge due to unclear but strict compliance requirements and complicated technologies. However, with a strong understanding of possible pitfalls and an experienced and skilful team, you can build a successful and competitive DeFi product.
At Apriorit, we combine the efforts of our professional blockchain development team with experts in quality assurance to create top-notch cryptocurrency, FinTech, and custom DeFi solutions. We are ready to share our experience and help you build your desired product with exceptional security. Contact us to start discussing your dream project!