TLDR
- The governance of DeFi applications is meant to be transparent and openly auditable through smart contracts on a blockchain. Typically, DeFi applications have some flexibility to parameters such as fees or price feeds which are governed by a cooperative of governance token holders. Yet, this cooperative sometimes faces perverse incentives.
- In this paper, we study governance incentive problems in non-custodial stablecoins similar to Maker. We formalize a game theoretic model of governance incentives by modeling the objectives of governance token holders, vault owners, and stablecoin holders.
- Using option pricing theory, we derive the optimal interest rate that is incentive compatible, as well as conditions for the existence of equilibria that ensures a non-attack scenario, and discuss implications for designing secure protocols.
Core Research Question
What conditions ensure a mutually profitable equilibrium of participating in the stablecoin system, and how are interest rate policies related to governance attacks in stablecoins with decentralized governance?
Citation
Huo, L., Klages-Mundt, A., Minca, A., MĂĽnter, F. C., & Wind, M. R. (2021). Decentralized Governance of Stablecoins with Closed Form Valuation. arXiv preprint arXiv:2109.08939.
Background
- Non-custodial stablecoins: Stablecoins that utilize on-chain collateral to maintain a stable peg against a target, implemented through smart contracts. We focus on exogenous collateral, where the price of the collateral is independent of the stablecoin system.
- Stablecoin issuance: Stablecoin issuance is initiated by a user creating a collateralized debt position (CDP) using a “vault”. The user transfers collateral, e.g., ETH, to the vault, which can mint an amount of stablecoins up to the minimum collateralization level. This leveraged position can be used in multiple ways, e.g. to spend the stablecoin or invest in other assets.
- Liquidation: If the vault becomes undercollateralized, for instance if the price of ETH drops, then an involuntary redemption (liquidation) is performed to deleverage the position. This deleveraging is performed through buy-backs of stablecoins to close the vault. Vaults are over-collateralized to help ensure that the position can be closed.
- Collateral shortfall: If the liquidation proceeds are insufficient, additional mechanisms may kick in to cover the shortfall – either by tapping into a reserve fund or by selling governance tokens as a form of sponsored support (or backstop).
- Incentive compatibility: We consider a cryptoeconomic protocol to be incentive compatible if agents are incentivized to execute the game as intended by the protocol designer, and equilibrium participation in the stablecoin is sustainable.
- Governance extractable value (GEV): GEV encompasses value that governance token holders can extract in excess of the incentivized protocol rewards, e.g. seigniorage and interest rate earnings, at the expense of protocol security and/or stability and/or the protocol’s users. For non-custodial stablecoins, this primarily entails stealing collateral from the system.
- Black Scholes option pricing: This is a common pricing framework for corporate liabilities. It considers the probability and probability-adjusted severity of a corporate default, which, in our case, is the expected collateral shortfall.
- Stackelberg equilibrium: This is a sequential equilibrium originating in game theory, where a follower chooses a strategy based on the move a leader has made previously. The game is solved backwards by initially evaluating the optimal choice for the second agent, and then evaluating the optimal move of the first agent given the optimal move of the second agent.
Summary
- Decentralized Finance (DeFi) protocols are often described as either utopian systems of aligned incentives or dystopian systems that incentivize hacks and exploits.
- These incentives, however, are thus far sparsely studied formally, especially around the governance of DeFi applications, which determine how they evolve over time. The aim is often to incentivize good governance without relying on legal recourse.
- Control is often placed in the hands of a cooperative of governance token holders who govern the system. This cooperative, however, is known to face perverse incentives both theoretically and often in practice.
- Our paper studies governance incentive problems in non-custodial stablecoins similar to Maker. We formalize a game theoretic model, which seeks to describe incentives between governance token holders, vaults/risk absorbers and stablecoin holders.
- Our approach follows classical ideas for the valuation of corporate liabilities, i.e. we apply option pricing theory to characterize the stakeholders’ behavior in equilibrium.
- We also introduce an attack vector, where a rational adversary can exploit the governance system to change the contract code by accessing a sufficiently large governance token stake to approve the update.
- Our theoretical results include a condition for the optimal interest rate set by governance that ensures a non-attack decision.
- Further, we characterize the unique equilibrium arising in non-custodial stablecoins with decentralized governance.
Method
- We formalize a game theoretic model, which seeks to describe incentives between governance token holders, vaults/risk absorbers and stablecoin holders.
- The setup considers an interaction between governors and vaults, who both seek to maximize profits, while stablecoin holders mimic the role of the debt holder in classical capital structure models.
- Governors maximize profits by choosing the system’s interest rate, while vaults maximize profits by choosing stablecoin issuance and thereby maintain a long position in their collateral token, while pursuing a new (leveraged) opportunity, and paying an interest fee to governance.
- We consider a Stackelberg equilibrium in which first the governance chooses an interest rate and then the vault chooses the stablecoin issuance.
- We introduce randomness into the model by assuming that the return rate on the collateral token (e.g. ETH) follows a log-normal distribution. This introduces a risk of collateral shortfall in the system, i.e. a risk of unforeseen liquidations.
- Due to the model’s randomness, we rely on option pricing theory, where the stablecoin holders have an asset essentially equal to 1 (the face value) minus a quantity that captures a potential collateral shortfall.
- We derive several technical results that describe each agent’s optimal behavior, which, in the end, allows us to describe the system’s unique equilibrium.
- Afterwards, we introduce a governance attack vector, and derive conditions for a non-attack scenario with mutually profitable continued participation across all parties.
Results
- We first characterize the unique equilibrium arising in non-custodial stablecoins with decentralized governance without the possibility of a governance attack.
- We derive a series of intermediate theorems and propositions which describe the optimal choices of governors and vaults, and combine these intermediate results to obtain a theorem that describes the resulting equilibrium.
- We find that the optimal interest rate balances multiple opposing forces by letting governors achieve a sufficiently high profit through fee revenue yet is set lower than what is necessary to ensure vault participation in order to mitigate the risk of collateral shortfall.
- Then, we add the possibility of a governance attack where a fraction of governance can extract a fraction of locked-in collateral. Restricting this such that we only analyze the non-attack equilibrium, we derive a condition for the optimal interest rate that ensures a non-attack decision, and prove that this condition is both necessary and sufficient for the existence of an interest rate that satisfies both the non-attack condition and ensures participation from all stakeholders.
Discussion and Key Takeaways
- Our results allow us to quantify how loose the participation constraint, i.e. how large a surplus a vault can earn by participating in the stablecoin system compared to an outside opportunity, can be in order to allow governors to earn a sufficiently high profit in the stablecoin system such that it offsets the proceeds from attacking the system.
- Further, our work suggests that financial engineering methods from traditional finance could be used to solve risk management problems in DeFi more broadly.
Implications and Follow-Ups
- The non-attack interest rate condition has the practical implication that participants in the system can use it to verify the incentives of decentralized governors and assess whether given conditions lead to an equilibrium with incentive security or whether governors may have perverse incentives.
- Another implication of the non-attack condition is that governance tokens should be expensive enough (e.g., from a fundamental value of `honest’ cash flows) so that it is unprofitable for outsiders to buy them with the sole purpose of attacking the system.
- The framework could be extended in multiple directions, e.g. by extending the decision space for governors (lending rate, risk parameters etc.). Also, we could extend the vault choice problem to include the amount of collateral locked in the stablecoin system as a share of total endowed collateral available to the vault, where only locked-in collateral is subject to seizure during a governance attack.
Applicability
- The conditions for mutually profitable participation in the stablecoin system can be used by protocol designers to more easily account for the effects their design choices will have on economic equilibrium and incentive security in the system.
- Specifically, by comparing the precise value of the GOV tokens to the return of the collateral at stake, adjusted for the attack cost, we can evaluate the security and sustainability of decentralized governance systems.
- As the adjusted attack cost increases with the outside cost to attack, one possible mitigation to strengthen these governance systems is the traditional one: increase the outside cost to attack through centralized means. One way to do this is to make governors resemble legal fiduciaries with known identities, which often goes against the idealized tenets of DeFi.
- Another possibility, recently proposed as “optimistic approval”, alters the problem in a different way by incorporating a veto mechanism invokable by other parties in the system (e.g., vaults and stablecoin holders) in the case of malicious governance proposals. This would introduce a new term in our model that lowers the success probability of an attack based on the probability that the veto mechanism is invoked. If governors anticipate that the veto mechanism will be invoked, then their expectations of attack profit plummet, expanding the mutual participation region.