Research Summary: Decentralized Governance of Stablecoins with Closed Form Valuation

TLDR

  • The governance of DeFi applications is meant to be transparent and openly auditable through smart contracts on a blockchain. Typically, DeFi applications have some flexibility to parameters such as fees or price feeds which are governed by a cooperative of governance token holders. Yet, this cooperative sometimes faces perverse incentives.
  • In this paper, we study governance incentive problems in non-custodial stablecoins similar to Maker. We formalize a game theoretic model of governance incentives by modeling the objectives of governance token holders, vault owners, and stablecoin holders.
  • Using option pricing theory, we derive the optimal interest rate that is incentive compatible, as well as conditions for the existence of equilibria that ensures a non-attack scenario, and discuss implications for designing secure protocols.

Core Research Question

What conditions ensure a mutually profitable equilibrium of participating in the stablecoin system, and how are interest rate policies related to governance attacks in stablecoins with decentralized governance?

Citation

Huo, L., Klages-Mundt, A., Minca, A., MĂĽnter, F. C., & Wind, M. R. (2021). Decentralized Governance of Stablecoins with Closed Form Valuation. arXiv preprint arXiv:2109.08939.

Background

  • Non-custodial stablecoins: Stablecoins that utilize on-chain collateral to maintain a stable peg against a target, implemented through smart contracts. We focus on exogenous collateral, where the price of the collateral is independent of the stablecoin system.
  • Stablecoin issuance: Stablecoin issuance is initiated by a user creating a collateralized debt position (CDP) using a “vault”. The user transfers collateral, e.g., ETH, to the vault, which can mint an amount of stablecoins up to the minimum collateralization level. This leveraged position can be used in multiple ways, e.g. to spend the stablecoin or invest in other assets.
  • Liquidation: If the vault becomes undercollateralized, for instance if the price of ETH drops, then an involuntary redemption (liquidation) is performed to deleverage the position. This deleveraging is performed through buy-backs of stablecoins to close the vault. Vaults are over-collateralized to help ensure that the position can be closed.
  • Collateral shortfall: If the liquidation proceeds are insufficient, additional mechanisms may kick in to cover the shortfall – either by tapping into a reserve fund or by selling governance tokens as a form of sponsored support (or backstop).
  • Incentive compatibility: We consider a cryptoeconomic protocol to be incentive compatible if agents are incentivized to execute the game as intended by the protocol designer, and equilibrium participation in the stablecoin is sustainable.
  • Governance extractable value (GEV): GEV encompasses value that governance token holders can extract in excess of the incentivized protocol rewards, e.g. seigniorage and interest rate earnings, at the expense of protocol security and/or stability and/or the protocol’s users. For non-custodial stablecoins, this primarily entails stealing collateral from the system.
  • Black Scholes option pricing: This is a common pricing framework for corporate liabilities. It considers the probability and probability-adjusted severity of a corporate default, which, in our case, is the expected collateral shortfall.
  • Stackelberg equilibrium: This is a sequential equilibrium originating in game theory, where a follower chooses a strategy based on the move a leader has made previously. The game is solved backwards by initially evaluating the optimal choice for the second agent, and then evaluating the optimal move of the first agent given the optimal move of the second agent.

Summary

  • Decentralized Finance (DeFi) protocols are often described as either utopian systems of aligned incentives or dystopian systems that incentivize hacks and exploits.
  • These incentives, however, are thus far sparsely studied formally, especially around the governance of DeFi applications, which determine how they evolve over time. The aim is often to incentivize good governance without relying on legal recourse.
  • Control is often placed in the hands of a cooperative of governance token holders who govern the system. This cooperative, however, is known to face perverse incentives both theoretically and often in practice.
  • Our paper studies governance incentive problems in non-custodial stablecoins similar to Maker. We formalize a game theoretic model, which seeks to describe incentives between governance token holders, vaults/risk absorbers and stablecoin holders.
  • Our approach follows classical ideas for the valuation of corporate liabilities, i.e. we apply option pricing theory to characterize the stakeholders’ behavior in equilibrium.
  • We also introduce an attack vector, where a rational adversary can exploit the governance system to change the contract code by accessing a sufficiently large governance token stake to approve the update.
  • Our theoretical results include a condition for the optimal interest rate set by governance that ensures a non-attack decision.
  • Further, we characterize the unique equilibrium arising in non-custodial stablecoins with decentralized governance.

Method

  • We formalize a game theoretic model, which seeks to describe incentives between governance token holders, vaults/risk absorbers and stablecoin holders.
  • The setup considers an interaction between governors and vaults, who both seek to maximize profits, while stablecoin holders mimic the role of the debt holder in classical capital structure models.
  • Governors maximize profits by choosing the system’s interest rate, while vaults maximize profits by choosing stablecoin issuance and thereby maintain a long position in their collateral token, while pursuing a new (leveraged) opportunity, and paying an interest fee to governance.
  • We consider a Stackelberg equilibrium in which first the governance chooses an interest rate and then the vault chooses the stablecoin issuance.
  • We introduce randomness into the model by assuming that the return rate on the collateral token (e.g. ETH) follows a log-normal distribution. This introduces a risk of collateral shortfall in the system, i.e. a risk of unforeseen liquidations.
  • Due to the model’s randomness, we rely on option pricing theory, where the stablecoin holders have an asset essentially equal to 1 (the face value) minus a quantity that captures a potential collateral shortfall.
  • We derive several technical results that describe each agent’s optimal behavior, which, in the end, allows us to describe the system’s unique equilibrium.
  • Afterwards, we introduce a governance attack vector, and derive conditions for a non-attack scenario with mutually profitable continued participation across all parties.

Results

  • We first characterize the unique equilibrium arising in non-custodial stablecoins with decentralized governance without the possibility of a governance attack.
  • We derive a series of intermediate theorems and propositions which describe the optimal choices of governors and vaults, and combine these intermediate results to obtain a theorem that describes the resulting equilibrium.
  • We find that the optimal interest rate balances multiple opposing forces by letting governors achieve a sufficiently high profit through fee revenue yet is set lower than what is necessary to ensure vault participation in order to mitigate the risk of collateral shortfall.
  • Then, we add the possibility of a governance attack where a fraction of governance can extract a fraction of locked-in collateral. Restricting this such that we only analyze the non-attack equilibrium, we derive a condition for the optimal interest rate that ensures a non-attack decision, and prove that this condition is both necessary and sufficient for the existence of an interest rate that satisfies both the non-attack condition and ensures participation from all stakeholders.

Discussion and Key Takeaways

  • Our results allow us to quantify how loose the participation constraint, i.e. how large a surplus a vault can earn by participating in the stablecoin system compared to an outside opportunity, can be in order to allow governors to earn a sufficiently high profit in the stablecoin system such that it offsets the proceeds from attacking the system.
  • Further, our work suggests that financial engineering methods from traditional finance could be used to solve risk management problems in DeFi more broadly.

Implications and Follow-Ups

  • The non-attack interest rate condition has the practical implication that participants in the system can use it to verify the incentives of decentralized governors and assess whether given conditions lead to an equilibrium with incentive security or whether governors may have perverse incentives.
  • Another implication of the non-attack condition is that governance tokens should be expensive enough (e.g., from a fundamental value of `honest’ cash flows) so that it is unprofitable for outsiders to buy them with the sole purpose of attacking the system.
  • The framework could be extended in multiple directions, e.g. by extending the decision space for governors (lending rate, risk parameters etc.). Also, we could extend the vault choice problem to include the amount of collateral locked in the stablecoin system as a share of total endowed collateral available to the vault, where only locked-in collateral is subject to seizure during a governance attack.

Applicability

  • The conditions for mutually profitable participation in the stablecoin system can be used by protocol designers to more easily account for the effects their design choices will have on economic equilibrium and incentive security in the system.
  • Specifically, by comparing the precise value of the GOV tokens to the return of the collateral at stake, adjusted for the attack cost, we can evaluate the security and sustainability of decentralized governance systems.
  • As the adjusted attack cost increases with the outside cost to attack, one possible mitigation to strengthen these governance systems is the traditional one: increase the outside cost to attack through centralized means. One way to do this is to make governors resemble legal fiduciaries with known identities, which often goes against the idealized tenets of DeFi.
  • Another possibility, recently proposed as “optimistic approval”, alters the problem in a different way by incorporating a veto mechanism invokable by other parties in the system (e.g., vaults and stablecoin holders) in the case of malicious governance proposals. This would introduce a new term in our model that lowers the success probability of an attack based on the probability that the veto mechanism is invoked. If governors anticipate that the veto mechanism will be invoked, then their expectations of attack profit plummet, expanding the mutual participation region.
5 Likes

What are your thoughts on TerraUSD? Would your model include outside interventions like the short squeeze that supposedly blew up the protocol.

@windr Considering the frequency of the different exploits in DeFi, your research is very instrumental to its security. Just last week, Nomad, a cross chain bridge, lost about $200 million to such exploits. If proactive steps like your research are not taken, more exploitation could be imminent in the DeFi ecosystem. However, I have some questions for you:

If we assume that some token holders collude to exploit this system of incentives, how big do you estimate the effect of their actions? Would it be as impactful as in the case of Nomad?

Again, are there other factors that could be considered for the exploit before it becomes impactful and remarkable on the DeFi application?

Also, I came across a research summary by @jasonanastas which provides a nice background to understanding this present research summary. In fact, I consider it a follow-up and recommend it to anyone reading this to go through it for some background understanding. Consider this comparison of the two research summaries:

  1. Although this present summary is a step ahead, both research summaries are focused on decentralized governance.

  2. The summary by @jasonanastas suggests that users in a decentralized blockchain system should participate in shaping the governance in such systems. Users should get involved to balance both privacy and security.

  3. Applying the suggestion from Jasonanastas’ summary, users were made to participate in DeFi governance in this present paper. But this participation comes with a new security challenge, thus complicating the process further.

In the end, we can say that for a successful decentralized blockchain governance, user participation is important. But getting users to participate in this decentralized governance could enable them to game the system in their favor. In this paper, the researchers applied the option theory to prevent users gaming the system.

References
Kessler, S. & Betz, B.(2022) Crypto Bridge Nomad Drained of Nearly $200M in Exploit. CoinDesk[online]. Available at: Crypto Bridge Nomad Drained of Nearly $200M in Exploit [Accessed 2nd August 2022].

2 Likes