DeFi’s OPM era: The custody hurdle

Co-written with Lucas Gaylord, co-founder & CEO of Eulith, which builds on-chain trading infrastructure for nonrecreational traders

DeFi has to day been dominated by investors with either niche method know-how, oregon capable hubris to alert blind. Yet erstwhile trading goes beyond a browser plugin to organization levels, a myriad of issues arise. The world is, DeFi has evolved for a marketplace of idiosyncratic traders managing their ain capital, but operational challenges originate erstwhile “OPM” comes into play. Since the opening of fiscal markets, and crossed each plus classes and marketplace cycles, traders person tended towards utilizing much and much OPM. For those unfamiliar with the term, OPM lovingly stands for, “Other People’s Money”. This nonfiction is for traders and imaginable investors looking to measure the existent scenery of organization superior successful DeFi. We volition not beryllium focused connected marketplace speculation, but alternatively survey the challenges traders and investors look contiguous and however it impacts you.

Here’s an executive summary:

• There are astir 4 organization ways to custody successful DeFi:

  1. Hardware wallets

  2. Smart contracts and trading bots

  3. CeFi’s DeFi integrations

  4. Simulation-based approaches

• Simulation based approaches scored the highest crossed our metrics, portion CeFi’s DeFi integrations look to airs existent and poorly understood threats to their clients. This was our astir astonishing discovery.

• DeFi is inactive maturing. There is simply a tiny but increasing manufacture of nonrecreational traders and money managers successful DeFi. If DeFi is to unrecorded up to its potential, this assemblage volition go precise important. We judge this is worthy paying attraction to.

Each enactment is explained successful item below

Over the past 100 years, accepted markets person evolved to enforce the separation of trading and administrative privileges astatine each furniture of the organization. Furthermore, ample ineligible and method systems item precisely what the rules are erstwhile it comes to immoderate fixed fiscal merchandise oregon service. These modern structures support investors from excessive fiscal risk, interior collusion, theft, and different malfeasance. 

Over the past fewer years, CeFi has started to inclination successful this absorption (albeit done bankruptcy and arrests) and arsenic regularisation comes into play, 1 whitethorn expect the marketplace to mostly replicate this acquainted model. Crypto is simply a antithetic plus people but the underlying marketplace operation is comparably similar: centralized ownership of assets, operated either on-premise oregon connected cloud-hosted services, wherever the velocity of trading and the information of the assets is ensured by a fewer organization operators.

The non-custodial quality of DeFi, however, makes managing superior astatine standard a much challenging problem. If a “large” DeFi money (which contiguous would represent assets on-chain of lone $40-100M) wants to actively commercialized its book, it runs into challenges astir custody, commercialized execution, and information integrity. We research these nuances successful item below. By and large, the cardinal occupation is however a money manages its transaction security, which successful CeFi is encompassed by custody of the assets, but successful DeFi takes connected a broader context. In assessing their options, DeFi money managers - and possibly much importantly - their LPs are affected by a tradeoff betwixt transaction security, automated execution (e.g. a stop-loss button), and the quality to dynamically set risk. 

DeFi’s halfway ethos is to physique a basal fiscal furniture with unfastened and adjacent entree for each investors. In bid to turn and scope wide adoption, DeFi volition request to service nonrecreational money managers, who service you and I, and bring marketplace ratio and much-needed liquidity.

When Bitcoin emerged from the ashes of the Global Financial Crisis, 1 of its much fashionable memes was to “be your ain bank”. Through nationalist cardinal cryptography, blockchains alteration a drawstring of characters (the backstage key) to unilaterally power an relationship (the transaction outputs of a nationalist address). The thought is summed up successful the operation “your keys, your crypto”. With Bitcoin, the lone happening to bash is hodl, which doesn’t spur overmuch of a conducive fiscal system. DeFi picked up wherever Bitcoin near disconnected and facilitated trading, lending, and different fiscal services with self-custody – trusting lone astute contracts to execute predetermined commercialized logic.

Allowing everyone to beryllium their ain slope means that everyone besides needs to store their ain keys. Storing a backstage cardinal connected a telephone oregon machine is good if determination are lone a fewer 100 dollars successful the account, but the calculus changes if that fig is $10m oregon more.

Until recently, the lone solution for ample investors came successful the signifier of centralized custodians that look and consciousness similar a much accepted SaaS oregon fiscal firm. Custodians specified arsenic Coinbase, Anchorage, and Paxos volition safeguard a backstage cardinal and travel bonded and insured. The contented present is that these custodians are chiefly designed to hodl, and truthful they don’t realistically let their clients to enactment successful DeFi. 

For investors who privation on-chain exposure, determination are 4 main custody options, arsenic shown successful the array above. From this, it’s wide that there’s nary cleanable solution arsenic they each impact tradeoffs betwixt backstage cardinal security, automated execution, and the quality to easy modify trading strategies.

Individual traders are typically comfy utilizing a hardware wallet, similar a Ledger, and storing the backstage cardinal someplace safe. The payment is that backstage keys are offline, truthful adjacent if a instrumentality was compromised, nary commercialized could beryllium executed. 

Hardware wallets are highly flexible successful their quality to interact with immoderate DeFi protocol and connected astir immoderate chain. They typically guarantee bully backstage cardinal security, due to the fact that the backstage keys are not easy compromised. The downside is they’re not scalable and astir importantly - humans don’t work EVM bytecode, which has led to the agelong database of hacks and theft headlining hunt results. Still, this whitethorn beryllium a functional setup for a small-ish DeFi money doing mostly elemental swaps oregon output farming. Using a Gnosis Safe with aggregate hardware wallet signers adds redundancy, but besides makes it hard to enactment quickly, and doesn’t lick the halfway occupation of screening for perchance malicious transactions (for which determination are solutions described below). Importantly, multi-signature wallets alteration lone a half-solution to the occupation of separating administrative and trading privileges. 

While immoderate DeFi funds whitethorn beryllium contented with swapping and yielding, others are moving much analyzable strategies crossed aggregate protocols and chains. Human signatories cannot beryllium relied upon here. In the clip it takes to initiate and motion a transaction, the accidental has apt moved connected oregon the harm is done.

Instead of humans, bots moving connected servers execute predefined trading strategies babelike connected assorted marketplace conditions. This is what astir MEV traders do. For instance, a bot could beryllium moving a just-in-time (JIT) liquidity strategy connected Uniswap v3, wherever it monitors the nationalist mempool and instantly supplies liquidity erstwhile it observes a large swap, to gain the LP swap fees. To bash this, the bot server needs to store the backstage keys, meaning whoever has entree to the server has entree to the keys and each the funds it controls. 

To lick this entree problem, firms constitute astute contracts that restrict the full functionality of the declaration custodying the assets. Consequently, adjacent if a backstage cardinal was compromised, a malicious histrion could not bargain oregon redirect the funds to its ain address.

This attack has historically been the lone realistic enactment for automated trading. While it sufficiently protects the backstage cardinal (or much accurately, removes the singular dependence) and enables existent automation, it has 1 large downside, namely, firms request to write, test, and deploy a caller astute declaration for each accommodation successful the trade, resulting successful 2 prohibitive problems:

1. Hedge funds, whose endurance is predicated connected reacting rapidly to marketplace conditions, are slowed to the velocity of an engineering squad who isn’t allowed to marque mistakes.

2. It is prohibitively costly to unafraid the agelong process of astute contracts, and arsenic a result, it typically isn’t. There are regular instances of MEV bot astute contracts getting exploited. 

In essence, it is kicking the private-key-can down the proverbial smart-contract-road.

Automated trading systems are indispensable for astir nonrecreational money managers. Yet problems originate erstwhile automated commercialized execution meets custody. One imaginable workaround being explored is the usage of CeFi custodians to negociate backstage keys for DeFi funds.

The astir fashionable enactment for ample DeFi money managers comes successful the signifier of a harvest of CeFi custodians that connection DeFi integrations. These work providers’ halfway products are their custody solutions (typically multi-party computation oregon MPC wallets), OTC trading, and CeFi integrations. They connection a predefined argumentation motor that manages hazard and allows money managers to springiness definite permissions to antithetic users connected their team. 

These CeFi custodians tin beryllium divided into 3 antithetic groups. 

1. The archetypal offers the astir vanilla on-chain services, similar staking and on-chain governance. They’re firmly rooted successful a “safety first” approach, but astatine the outgo of minimal functionality. Anchorage Digital is the champion example. 

2. The 2nd offers DeFi integrations done Metamask Institutional oregon immoderate different browser wallet. Using these custodians – Bitgo, GK8 and Qredo, among others – is perchance utile for a money that is doing basal DeFi activity, similar output farming, swapping, oregon lending but doesn’t expect to request much than a tiny fistful of functions. 

3. The past radical of custodians – champion exemplified by Fireblocks, Cactus, and Copper – marque themselves arsenic fundamentally “DeFi native” firms. They advertise a fig of flexible services, including a configurable argumentation motor and automated execution for DeFi strategies. This hypothetically let programmatic entree to on-chain contracts and codification which tin acceptable triggers for customized liquidity management, commercialized execution, oregon exit strategies.

The 3rd radical is the astir important, as it advertises the functionality that is indispensable to  commercialized professionally on-chain. In bid to forestall malicious activity, these services use a argumentation motor that whitelists definite astute declaration addresses that traders are allowed to interact with. The occupation is that portion they advertise features specified arsenic the quality “to deploy systematic DeFi strategies portion maintaining the highest level of money information connected an institutional-grade platform” and an API “that enables programmatic entree to astute contracts, portion extending information to each DeFi interaction" their argumentation engines bash not really cheque the behaviour of on-chain transactions - neither for manual nor automated trading. 

These firms lone cheque precocious level ‘to’ and ‘from’ fields of a DeFi transaction, ignoring its behaviour (encoded successful what is called the “calldata”). This attack is the information equivalent of asking for one’s DOB connected definite big websites... Consequently, firms and their investors are often nether the content they are being protected from theft oregon efficaciously separating trading and administrative privileges erstwhile they successful information are not.

This vulnerability indicates that these firms are adding DeFi functionality to an existing product, alternatively than gathering a DeFi-native strategy that understands the nuances of however blockchain transactions work. However, determination is an emerging manufacture of DeFi autochthonal providers that person 1 important happening successful common.

Over the past 2 years, DeFi autochthonal startups tackling “the transaction information problem” person evolved into much dependable work providers. There are, truthful far, 3 groups of solutions, each with 1 happening successful communal - they each instrumentality a “transaction simulation based approach”.

Simulating the transaction allows either a idiosyncratic oregon a argumentation motor to look astatine the effect of a transaction and justice whether it is secure. For example, if arsenic a effect of the transaction, funds extremity up successful an relationship you’ve ne'er seen, nary substance however it happened, you apt privation to cull that transaction.

Where these firms differ, is their attack to custody and backstage cardinal storage. There are astir 3 categories:

1. Custodians - Fordefi is simply a nonstop rival to the likes of Fireblocks, Cactus, and Copper for their DeFi business. Unlike the CeFi custodians, their argumentation motor is based connected transaction simulation. The upside is they credibly support their clients successful DeFi, successful opposition to the aforementioned custodians. The elemental downside is that astir firms already trust connected a custodian and changing tin beryllium a large headache.

2. Security analytics solutions - Examples see Pocket Universe for individuals and Hypernative, Redefine, Hexagate, and others for institutions. These solutions supply their clients with ocular queues earlier a transaction takes place, allowing clients to debar precocious hazard transactions. These firms, successful opposition to the custodians, bash not negociate immoderate backstage cardinal material, making them much of a “security advisor” than a custodian.

3. Co-signers - DeFi Armor (disclosure, built by Eulith) whitethorn connection the champion of some worlds, but are besides the newest of these 3 categories with DeFi Armor being possibly the lone merchandise successful this niche sub-industry. As is the lawsuit with the supra 2 categories, they connection a simulation-based argumentation engine. The quality is successful backstage cardinal retention - their clients tin take their ain custody solution and past separately “plug in” this co-signer, which stores an further backstage cardinal and rejects transactions automatically if they are unsafe. 

While our probe indicates simulation-based approaches are the champion we have, they’re not a metallic slug either. There are 2 main downsides to beryllium alert of:

1. A transaction simulation tin instrumentality up to respective seconds, which is excessively dilatory for definite high-frequency strategies. In these instances firms are backmost to rolling their ain astute declaration security.

2. A simulation-based argumentation motor is not inherently bulletproof. As with immoderate information system, determination are ways to get it wrong. The astir communal mode is ignoring the imaginable consequences of pre-trade state-change (a taxable for different article!).

The bottommost enactment is portion simulation-based approaches look to beryllium the best, organization firms should trial these solutions earlier depending connected them for ample allocations.

We spot the aboriginal of fiscal systems successful DeFi due to the fact that of the implications of self-custody, inherent transparency, and permissionless access. We’re acrophobic with maintaining a just playing field, which motivated our probe connected MEV. DeFi’s non-custodial plan really gave idiosyncratic investors a caput start; adjacent with the juicy yields of DeFi summer, the custodial options were not robust capable to warrant the hazard for money managers. However, this is starting to change, and volition beryllium a immense nett affirmative for the industry. 

To accelerate this change, and to assistance DeFi to scale, the advancement of infrastructure specialized for investors to usage is the adjacent captious step. There’s presently a batch of absorption connected processing amended wallets for retail users with societal recovery, but what’s arsenic needed is simply a robust mode for organization investors to entree DeFi without compromising hazard management. Importantly, these innovations are being built connected apical of blockchains, and don’t necessitate a compromise connected DeFi’s committedness to a permissionless fiscal system.

Special acknowledgment to Moh Rezaei and Kristian Gaylord for feedback and review. Special acknowledgment to the galore dozens of firms who gave america their invaluable clip and penetration successful processing our research.

• Kyber responds to hackers’ absurd demands Link

• Eden releases nationalist datatsets connected artifact gathering and OFAs Link

• Yearn launches v3 connected Polygon Link

• 15% of Ethereum tx travel done backstage mempools, 50% of non-toxic travel Link

• Flashbots co-founder launches Alfred, a Telegram trading bot Link

• US House of Representatives hopes to walk stablecoin measure successful aboriginal 2024 Link

• Major proposals successful November to MakerDAO’s protocol parameters Link

• Over $600m flows into multi-sig for Blast, a caller L2 with autochthonal output Link

• Similarities and differences betwixt OFAs and PFOFs [bloXroute Labs]

• A little intro to coprocessors [Emperor]

• Deep dive into Kyber exploit [Doug Colkitt/Ambient Finance]

• The interaction of Uniswap X connected the DEX ecosystem [Orange Finance]

• Overview of antithetic approaches to rollup sequencers [Arixon]

• My techno-optimism [Vitalik]

• Switching gears: A measurement towards sustainable recognition [Saurabh/Decentralised]

• Eyes and Orders: On Crypto Front-ends [Trace/Figment Capital]

That’s it! Feedback appreciated. Just deed reply. Delayed station due to the fact that of Devconnect successful Istanbul. Written successful Nashville. I’ll beryllium successful NYC adjacent Wednesday & Thursday astatine Columbia’s CryptoEconomics summit. Holler if you’re around.

Dose of DeFi is written by Chris Powers, with assistance from Denis Suslov and Financial Content Lab. All contented is for informational purposes and is not intended arsenic concern advice.