Risk is Everywhere

Risk is the reality. The reality of DeFi, the reality of crypto, the reality of finance, and the reality of everything. We can allow risk to immobilize us and slow our progress, or we can see it as an opportunity and embrace it. That choice is ours.

What we are observing with Aave last Friday is worth sitting with, because it's easy to misread — especially in terms of how risk works in DeFi. Aave didn't get hacked. The protocol functioned exactly as designed: it accepted collateral, it issued loans, it did its job. And yet Aave ended up holding around $196M in (possibly) irrecoverable bad debt while it watched $13 billion exit from all of DeFi in the hours after. If Aave can end up here without a single line of its own code being exploited, so can anyone in DeFi.

This is a story about risk.

An attacker forged a cross-chain message through a single-verifier bridge, minted 116,500 rsETH from nothing, and deposited it into Aave as collateral. Aave's oracle priced it at face value and loans were issued, but the collateral was worthless. It didn't matter how many times Aave had been audited or how robust its own security posture was, because the attack surface wasn't Aave.

The reality is that using a DeFi protocol doesn't only expose you to the risks that specific protocol can manage. It exposes you to the risk in every dependency, every collateral asset, every cross-chain messaging layer underneath it — whether you knew those things existed or not.

If you were an Aave WETH supplier who had never heard of Kelp DAO until you couldn't get your money out, you just experienced this composability risk firsthand. You also had no way of pricing this risk upfront so you had to pay for it unequally, and in real time. One of DeFi’s pressing problems is that the only way to react to risk is to exit, as @Philfog has pointed out:

{https://x.com/Philfog/status/2046324460073193474?s=20}

Does this mean DeFi is fundamentally broken? No. But our understanding of risk definitely is.

After an incident like this, the knee-jerk reaction is to demand less composability from DeFi, almost as to reduce the surface area for risk. But composability is part of what makes DeFi so powerful, even when it naturally opens up risk vectors alongside it. A more rational, economic view is to understand that this surface area for risk only exists as the inevitable consequence of a surface area for opportunity as well.

more opportunity surface area = more risk surface area

Where DeFi really shines is when it can innovate on how we approach old problems. Risk is not a new problem, but DeFi does allow us to create more sophisticated risk products and markets. So our challenge isn't to reactively slice composability out of DeFi, it's to figure out the shape of this new kind of risk. We need to understand it well enough to price it, isolate it, and ultimately make it something users can opt into consciously rather than unwittingly absorb.

There’s also a silver lining: because crypto is composable, its risk management can be composable, too. The same architecture that allowed one protocol's bad collateral to bleed into another's balance sheet can be used to transfer and isolate that risk before it hits depositors. That’s a better direction for DeFi than trying, ineffectively, to avoid risk and further fragmentation.

After the dust settles, the real question isn't how we eliminate composability risk, because we can't. It's how users can choose to protect themselves, individually, against systemic risks they didn't consent to and couldn't fully see.

Aave can still win. DeFi will still win. We just need to evolve past an understanding of risk that assumes if your protocol is safe, you're safe. In a composable world, risk is shared and risk management has to be shared just as much.