Decentralized finance (“DeFi”) is used to describe financial applications built on top of public blockchains like Ethereum. These applications can be built and deployed by anyone without permission, and those who use them reap the benefit of the blockchain’s security and privacy guarantees. DeFi applications are unmanned and unstoppable. An application whose code promises to return one token in exchange for another will do exactly that forever, without failure, without theft and, perhaps most importantly, without people in the middle.
DeFi: a collection of smart contracts
A single DeFi application consists of one or more publicly available (and auditable) smart contracts. Take the automated Ethereum exchange protocol, Uniswap.io as an example. The contract’s interface can be found here with contract functions specified in the code that describe the movement of tokens as transactions are received.
These smart contracts are also extendable, which becomes particularly valuable in the DeFi ecosystem where a developer could – for instance – tie an identity protocol to an exchange protocol, or a lending protocol to a KYC/AML protocol. As the ecosystem develops, we can expect greater interoperability between these applications, leading to entirely new financial tools and business models.
How is decentralized finance different from traditional finance?
Building a financial application on Ethereum is radically less complex than building one on our traditional financial infrastructure. In traditional finance, the barriers to entry are simply too high for most small businesses to entertain. Getting the green light from a government regulator can cost hundreds of thousands of dollars per year and the operational costs associated with managing millions of dollars of retail or corporate funds can prove prohibitive.
In the case of Ethereum, this operational work is carried out by the blockchain itself at no cost to the business built atop of it. Conveniently, this operational work also removes the possibility of fraud. And without any person or entity taking custody of funds, the traditional regulator’s role is all but removed. While decentralized finance achieves the same operational outcomes as its traditional counterpart, the infrastructure that powers it could not be more different. The DeFi movement is “open sourcing” the financial world whilst improving security and reliability for those who operate within it.
Can we trust DeFi?
For all the benefits of decentralized finance, there are still very real threats to those who choose to use it. While DeFi is “trustless” in a human sense (i.e. no one can steal or cheat), it is not trustless in a functional sense (i.e. a developer could – knowingly or unknowingly – specify malicious code). In place of traditional regulators, we now have a nascent industry of smart contract auditors as well as best practice documentation and frameworks for smart contract development.
Yet there is still a long way to go until DeFi can be fully trusted. Last year, a specification bug in the Parity multi-signature wallet led to a massive $280M becoming frozen for eternity. For those unfamiliar, Parity was founded by Gavin Wood (co-founder of Ethereum) and its software is used in a significant portion of the Ethereum nodes that are online today. Parity have contributed an enormous amount to the Ethereum ecosystem, but what this bug showed was that – at this early stage – users simply cannot trust even the most accomplished Ethereum developers.
As Ethereum expands and DeFi apps become more complex, the risk of introducing a bug will only become greater. To counter this, a number of developments are currently underway:
Vyper is a “pythonic” smart-contract based programming language that intends to replace the incumbent Solidity language. While it is possible to write sophisticated smart contracts using Solidity, its syntax, scope and modifiers can be used in a way that obfuscates malicious functions. Vyper intends to improve the “auditability” and readability of Ethereum smart contracts.
Trusted, Open-Source Frameworks
Frameworks like OpenZeppelin provide community-reviewed code that is modular and simple. Simplicity combined with repeated use and “battle-testing” goes a long way to ensuring that code is safe to use.
When a problem does arise, there is a huge community push to find and learn from the mistake. An early example of this was with the reentrancy bug that was first found in The DAO’s smart contract back in 2016. The code – at the time – looked fairly innocuous, however, following its discovery the bug has become thoroughly reviewed and documented leading to its simple detection in a security audit.
What DeFi apps are available today?
A curated listed of all DeFi applications can be found here (note the dominance of Ethereum-based DeFi Apps). It is possible to interact with these applications today, with 2,212,553 ETH being locked as collateral in MakerDAO’s DAI stablecoin alone. The number of DeFi applications is small and its growth is staggered. Unlike most cryptocurrency projects, the vast majority of decentralized finance does not require a new token or ICO and as such there is little room for hype. However, with Ethereum taking such a strong role in supporting the DeFi ecosystem, the impact that a growth in DeFi has on the price of ETH is likely to be understated at this time.