17 July 2024

EEA Introduces Enterprise Standard for Assessing DeFi Protocols

EEA today published the DeFi Risk Assessment Guidelines, Version 1 <https://entethalliance.org/specs/defi-risks/>. This is a pioneering document compiling risks for DeFi protocols, along with mitigation strategies. The guidelines also cover the documentation and data a project should have available to help investors assess and manage those risks and mitigations.

The standard has been produced, and will be maintained, by the EEA’s DRAMA Working Group. That group has brought together top representatives of the blockchain and financial industries to fortify the DeFi ecosystem against a spectrum of risks. Banco Santander, Bitwave, C4, Certik, Coinchange, Consensys, Cryptio, Cube.AI, DeFi Safety, DTCC, Entersoft, EY, Hacken, Noves, OpenZeppelin, QualitaX, Quantstamp, Relm, and SAP have pooled their resources and knowledge to forge this document.

Dyma Budorin, EEA DRAMA Co-Chair and Hacken CEO:

“The need for these Guidelines is highlighted by the ongoing regulatory uncertainty in the DeFi space. With traditional frameworks lagging behind DeFi’s rapid growth, this document serves as an essential, industry-supported roadmap for navigating DeFi’s complexities through targeted risk management strategies.
From a security perspective, proper documentation is a cornerstone of seamless operation and security of a project. This standard is the first comprehensive resource founders and dev teams can rely on while working on their products.”

EEA DeFi Risk Assessment Guidelines Overview

Written for DeFi Protocol Users and Protocol Investors as a primary audience, this document is also relevant to Protocol Operators and Protocol Developers seeking to minimize the risks in their Protocol. It can also serve as a tool for standard setters and regulators.

The Guidelines explain the risks that can affect DeFi protocols, spanning a range of areas including software, governance, liquidity and tokenomics, external market factors, and regulatory and standards compliance. The paper then discusses the information that can be used to help assess the level of each risk and outlines potential mitigation strategies that can be taken by Protocols themselves, third parties providing specialized services, or Investors.

The work addresses a variety of areas:

DeFi is fundamentally built on several different types of Software. The Guidelines describe issues that affect each of these, such as Smart Contracts, Bridges, or Oracles. It also covers issues that can affect many types of software, such as the lack of standardization in DeFi that can pose interoperability challenges and security risks when integrating and normalizing software or data from diverse suppliers or sources.

Beyond software, a number of factors are important. The tokenomics design and liquidity management inherent to each DeFi protocol, the governance structures, compliance with regulation and relevant standards, and external market factors, can all introduce elements of risk for investors. From a simple governance failure where a malicious insider steals the funds they are meant to help safeguard, to an externality that impacts the performance of a Protocol in the broader market, or legal action on the part of regulators, the Guidelines provide information on how to assess the likelihood of a problem arising, and provide guidance on minimizing the associated risk.

Chaals Nevile, EEA Director of Technical Programs and Editor of the EEA Defi Risk Assessment Guidelines:

“Developing these guidelines has been, and continues to be, a collaborative effort of the members of EEA, for the benefit of the industry and broader ecosystem as well as the participating organizations. The broad range of perspectives and deep expertise the participants bring to the group has been crucial to this work. I am pleased to have been able to associate myself with it and proud to have offered some assistance to the group, but most of all, grateful to all the people whose efforts and contributions enabled it.”

How the DeFi Guidelines will be useful

For protocol founders and developers:

It is a go-to guide to developing and managing a trustworthy Protocol: What documentation a protocol needs to provide, what processes and workflows need to be in place to ensure trust in the protocol, how to think about topics like security, governance, tokenomics, liquidity, and external aspects that can be a source of risk.

For Regulators & Licensing

The DeFi Risk Assessment Guidelines can serve as a basis for regulators when assessing and licensing projects. For example, the Guidelines already serve as a foundation for the DLT assessment methodology in the recent partnership between Abu Dhabi Global Markets and Hacken. Exchanges and other industry players are expected to adopt these guidelines, ensuring a robust and secure DeFi ecosystem.

For Institutional Investors

Institutional participants will use the DeFi Risk Assessment Guidelines to identify and mitigate potential risks, ensuring a more secure and trustworthy environment for decentralized finance operations. By following these guidelines, institutional investors can better navigate the complexities of DeFi, contributing to as well as benefiting from overall market stability and confidence.

Impact of DeFi Risk Guidelines on the ecosystem

The rise of cryptocurrency exchange-traded funds (ETFs), including Ethereum ETFs, and the tokenization of assets underscore the need for a comprehensive risk assessment framework. Clear and standardized guidelines are crucial with the floodgates opening to institutional investors entering the crypto space. While the recent bull run has attracted attention, it is the influx of these major players that makes this standard vital. This framework helps ensure a secure and trustworthy environment for all participants in decentralized finance.

Michael Lewellen, Head of Solutions Architecture at OpenZeppelin

“The DeFi industry is still rapidly evolving with an ever expanding set of new financial products and subsequent challenges. There is a unique mix of both financial and technical risks that must be accounted for by new entrants to the market. The EEA DeFi Risk Assessment Guidelines provides a comprehensive overview of both financial and technical risks and will be essential reading for businesses and institutions that wish to engage in the DeFi ecosystem safely.”

About EEA

The EEA is a global community of blockchain leaders, adopters, innovators, developers, and businesses. We’re accelerating business in Ethereum through professional and commercial support, advocacy and research, standards development, and ecosystem trust services.

The EEA is recognized for developing and maintaining the leading industry standard for smart contract review, its EthTrust Security Levels specification. Developed by experts from multiple companies, it extended early foundational work such as the SWC registry and the security work of the Solidity language project to improve smart contract security practices.

For more information regarding the EEA’s DeFi Risk Assessment Guidelines, or its Working Groups, please contact EEA’s Technical Program Director Chaals Nevile: [email protected].

For EEA membership enquiries please contact [email protected] or visit https://entethalliance.org/become-a-member/