What are the risks of using DeFi?

We have identified the following categories of risks that you should be aware of when thinking about your DeFi investments:

Smart Contract risks

Hacks

The greatest advantage of Ethereum's smart contract system (publicly verifiable, and open-source) can also be its greatest weakness in certain cases. If a bad actor finds a way to exploit a smart contract, it can put all the funds involved at risk.

We recommend checking that any smart contract-based protocol you use is publicly and independently audited. However, it is still within the realm of possibility that certain exploits may not be discovered by this process.

Governance

Some DeFi protocols have community governance options in the form of governance tokens. This lets token holders propose and vote on key decisions to be implemented about the platform.

Although this puts important decisions in the hands of the community, it also means you should keep track of major changes (such as stability fees), as it could affect your returns.

Admin Keys

Many DeFi smart contracts are controlled using admin keys. These allow the key holder to make important changes to the code, such as upgrading the protocol.

It is common for smart contract administrators to protect their admin keys using advanced security methods, such as multi-signature and time-locks. However, this still means that you are relying on the key holders to take proper care.

Financial Risk

DeFi markets move fast. If you don't keep up with the market (and even if you do), price volatility can put your investments at risk. This can compounded by over-collateralisation.

Yield farming uses highly collateralised loans that are borrowed against a crypto asset. However, if, due to volatility your deposit no longer cover the loan, your position can be liquidated. Using less volatile assets such as stablecoins can help mitigate some of this risk.

Losing control of your assets

There are many ways to lose access to your crypto assets. One of the most common is forgetting or misplacing either a wallet file or private key. Another is crypto exchanges closing or disappearing with deposited assets.

For this reason, we recommend a non-custodial wallet - as this means that only you have access to your funds. Although some users prefer to deal with complicated private keys, we (and many others) prefer the guardian model to ensure you always remain in control, even if someone steals your device.

For exchanges, using a decentralized exchange (DEX) gives you greater control of your assets, preventing them from being locked up. You can also use crypto on-ramps, such as Moonpay and Sendwyre, to have your newly-purchased crypto sent directly to your wallet.

Scams

As well as being aware of common attack vectors, such as random messages encouraging you to send your crypto to an address to earn free rewards, users also need to watch out for certain scams that can take place even on well-known DeFi platforms.

One such example is the 'fake token' scam, that has been perpetrated on Uniswap. This can happen because anyone can create an ERC-20 token on Ethereum - and name it whatever they want. An unscrupulous attacker could therefore create a fake token that looks identical to a well-known token, and then making off with users' ETH. Argent mitigates this issue for our in-app Uniswap integration by manually approving tokens.