i agree with a lot of what stani says here in principle, but i have to call out that this post misrepresents how aave operates in practice
aave is not an isolated lending market in the way people typically understand this term- while it is isolated from other curators, with everything managed under aave dao/aave service provider curation, each asset within aave core is connected with all others allowing for collateral lending and rehypothecation. @SebVentures put it pretty succinctly here:
there are certain advantages to having upgradable market parameters- for example, it makes it simpler to update oracles if a pegged asset fails. but whether curation decisions happen at the level of market parameter upgrades or capital allocation decisions makes no difference in how curators respond to competitive pressure and profit motives
aave dao+service providers face the same competitive pressures as any other curator while managing their users' assets. they want to achieve top line metric growth like tvl (see and increase their profitability, and they may be incentivized to cut corners or take actions that negatively impact the safety profile and risk adjusted returns of their users to achieve this. having upgradable markets does not remove principal agent problems inherent to risk curation, and while fixed fee contracts may help with incentive alignment, service providers will naturally cater to the preferences of key stakeholders to avoid being fired (independence within a dao model can be limited)
effectively, as a unified market aave is tying the solvency of the entire protocol to the weakest collateral assets. one bad apple spoils the bunch - failure of one collateral asset could quickly spread to other markets as users rush to withdraw or borrow out any available liquidity. and because aave does not have a way to segregate high risk from low risk collateral assets it systematically underprices risk from long tail assets or tokenized hedge funds, which drags down risk adjusted returns for end users
aave/compound style unified lending infrastructure has been a huge unlock for defi allowing more efficient capital formation, but it ultimately works best under a deliberately risk-averse strategy where all of the collateral assets have similar levels of tail risk (where it makes sent to charge a uniform risk premia across assets, and suppliers can be somewhat indifferent between which particular assets are backing their lent funds)
in my view, aave has seen considerable mandate drift in the past 1-2 years, allowing flavor-of-the-month looping strategies to begin crowding out lower risk overcollateralized lending activity. so far, they have been able to retain users based on inertia and the strength of their brand (just use aave), but imo the market will put sharper focus on risk-adjusted returns over time. hopefully aave v4 will address some of the infra shortfalls that make v3 markets unsuitable for margining long tail assets and tokenized hedge funds. until then, users can always use other lending protocols that allow risk based pricing (eg. morpho) or adhere to low-risk-only collateral policy (sparklend)
ultimately, diversity of curators and lending infrastructure is a good thing and it pushes everyone to do better for users. rather than trying to stifle competition, we should be demanding greater transparency and visibility into protocol and curator risk, to allow users to make informed decisions with their money. EF's focus on low risk defi, recent ratings initiatives from the likes of @CredoraNetwork and @SPGlobalRatings, and other initiatives yet to come will be key to making sure defi innovation continues moving the space forward, while minimizing tail risks and moral hazard
Some misconceptions and paradoxes in DeFi lending:
Lending is based on trust. This is the self-evident truth on which banking is built. Losing trust means losing capital, and that can cause bank runs or systemic collapses.
The way to preserve trust is to create a system that is fundamentally risk-averse throughout the entire supply chain. Ignore this rule and you are effectively in the business of risk-taking, which is more akin to today’s hedge funds.
DeFi lending protocols follow the same basic principles as banking. The fundamental difference between traditional finance and DeFi lending systems is that lending protocols encode trust mechanisms into the code for reasons like improving automation, capital efficiency, and liquidity provisioning etc.
Some people have a flawed idea that if a lending protocol fixes parameters around trust, it will somehow improve trust. Of course, this does not make sense since you are simply moving trust from one place to another. From one market level to another, but not really improving the trust assumptions, at all in fact.
You also cannot rely on fully immutable systems in dynamic marketplaces such as lending and borrowing. This is why comparing lending protocols to AMMs does not work either. Traders on AMMs do not depend on ongoing trust; their transactions are one-off trades, while borrowers and lenders maintain a relationship until the debt is repaid.
Applying immutable parameters means the system cannot adapt to changing market conditions, and financial markets are nothing if not dynamic. It’s relatively straightforward to run immutable model during up cycle, however bear markets is where the true resiliency is tested out.
Now, back to the idea of moving trust from one place to another.
Since trust always exists in lending, and most markets will likely rely on some level of human involvement, the real question is: at what level and under what circumstances should that involvement occur?
In isolated lending protocols like Aave, decision-making happens at the lowest level, close to the markets. This has benefits, such as ensuring that parameter decisions remain aligned with the protocol’s risk framework in a non-conflicted way. Risk managers are paid fixed fees to protect the protocol. If they fail, they get replaced, as we have seen before.
In designs where human involvement is moved higher up and risk curators are incentivized based on fund performance, hidden issues can emerge that are highly detrimental to the system.
First, the idea of risk curation as isolation is misleading. While markets may be separated, risk curators often share liquidity across markets by supplying to the same markets and comingling strategies. This means users can be exposed to the weakest curator or market in the system, with no capped protection.
For example:
Curator A supplies liquidity to markets B and C, while curator D supplies liquidity to markets C and E. If market E loses trust, for instance through a depeg event like xUSD or deUSD, it could trigger a bank run from market E, driving utilization to 100% and creating a race for withdrawals and even full insolvency.
At the same time, LPs withdrawing from the curated vaults cause another bank run at the vault level, meaning markets B and C are affected too. As a result, curator A’s LPs, even those subscribed to less risky strategies, would also be impacted, intensifying the liquidity contagion, even if they didn’t supply the liquidity into the problematic market, creating protocl-wide bank run.
This is my biggest concern with this type of design model: it leads to contagious liquidity effects that break trust while marketing some sort of risk isolation, which doesn’t in reality exist. It is especially problematic for RWAs, which require greater isolation due to their specific characteristics.
The problem worsens when considering curator incentives. DeFi risk strategies are highly commoditized. Lending against ETH or BTC is not particularly profitable or exciting for degens. So curators often go on the offensive, adding new types of collateral, sometimes untested or poorly understood. Other curators then rush to copy and allocate capital to these new markets.
It becomes a speed race to capture reward at the cost of additional risk, much like hedge funds today operate. It’s especially problematic for integrators that are looking to run their own strategies, knowing they would be commingled with strategies ran by riskier vault curators, making integrations more challenging.
Also this design comes at the cost of liquidity segregation, without truly improving or isolating risk, while introducing potential systemic contagion on every bank run. Given the permissionless nature, we will see more events of contagions spread.
It’s important for everyone to understand the mechanisms. DeFi is still relatively young, less than a decade old, and any large-scale issue could set the industry back significantly.
We are close to building safe and secure DeFi, and we need to protect the users. Hope this is a good learning on how to build better DeFi.
Just use Aave.
14.95K
95
The content on this page is provided by third parties. Unless otherwise stated, OKX is not the author of the cited article(s) and does not claim any copyright in the materials. The content is provided for informational purposes only and does not represent the views of OKX. It is not intended to be an endorsement of any kind and should not be considered investment advice or a solicitation to buy or sell digital assets. To the extent generative AI is utilized to provide summaries or other information, such AI generated content may be inaccurate or inconsistent. Please read the linked article for more details and information. OKX is not responsible for content hosted on third party sites. Digital asset holdings, including stablecoins and NFTs, involve a high degree of risk and can fluctuate greatly. You should carefully consider whether trading or holding digital assets is suitable for you in light of your financial condition.