On May 27, it has been reported by the Electric Capital blog that Deeter called for DeFi projects to introduce “better risk management” as this largely came as a response to the many hacks and protocol failures that occurred in recent months, like the temporary theft of $25 million from the dForce protocol.
However, Deeter believed that DeFi should adopt some of the established techniques in the tech industry, which makes heavy use of “canary deployment,” the practice of gradually rolling out new features to portions of the user base.
He admitted that this approach cannot be directly applied to blockchain, but the principle holds.
“The core underlying idea remains applicable: start small in a low stakes environment and then increase exposure and risk in a controlled manner.”
Likewise, Deeter proposed a gradual launch process for DeFi projects by using rules and thresholds, which limit the functionality of the system. As the developers gain confidence in the reliability of the system, governance processes can be used to relax the restrictions.
It has been analyzed that the restrictions can be of a varied nature and includes hard limits on the capacity of the system in terms of asset amounts, types, and number of users. Restricting composability is also an important part of this concept, as several of the previous hacks were eased by complex interactions between different protocols.
Ultimately, traditional risk management like escrow, insurance ratio, and conservative loan-to-value ratios can also be helpful, as emergency shutdown capability was also cited.
Deeter noted that several DeFi projects, like Maker, Compound, and Uniswap, already include some of these mechanisms.
Also, he argued for the creation of standardized smart contract libraries and services as part of a “DeRisking as a Service” concept, as these would create a plug and play option for projects to implement these controls.
Deeter compared this approach to OpenSSL and gnutls, which already perform a similar function in some crypto projects.
Thus, generic libraries could be thoroughly tested and audited and thus make smart contract deployment safer.