In the previous issue of Simetri Alphaverse, I provided a tutorial on how to earn yield on your tokens by locking them on DEXes like Uniswap. Liquidity provision is an excellent way to make extra money with your long-term holdings. But, as uncle Ben said:

Although the total value locked in DeFi protocols soared from under $1 billion to $22 billion, the niche is still developing. There are many inefficiencies in DeFi, which creates opportunities and substantial risks.

Liquidity providers (LP) can suffer from impermanent loss, smart-contract hacks or exploits, and rug-pulls. Today I will go over these risks and show how you can protect yourself.

Impermanent Loss

Impermanent loss (IL) is a part of the technological design of Uniswap-like DEXes. These decentralized exchanges are powered by Automated Market Makers (AMMs), a technological innovation that allows them to source liquidity from both traders and tokenholders.

As you may remember, to provide liquidity on Uniswap, you need to supply 50% of each asset to a trading pair. Assets go to pools, which an AMM uses to determine prices and execute trades.

AMMs do not have access to centralized exchanges and use math to figure out prices. In short, it divides the total liquidity in Pool A by the total liquidity in Pool B.

An important note: the product of Pool A and Pool B never changes. Hence, when people trade on Uniswap, they continuously change amounts of liquidity within each of the pools. If a trader buys ETH from Pool A, they increase the size of USDC in Pool B and vice versa. These changes create an impermanent loss for LPs.

Take a look at the table below. You can see how volatility hurts LPs. Even if the price of ETH goes up, being an LP turns out to be worse than merely holding.

Impermanent Loss on Uniswap

50% loss 25% loss Initial Price 2x
Pool A (ETH) 14 11.5 10 7
Pool B (USDC) 3535.5 4330 5000 7071
Total Liquidity 50000 50000 50000 50000
Price of ETH in USDC 250 375 500 1000
Holding $1000 worth of assets 750 875 1000 1500
Providing $500 worth of assets to each pool  

(owning 1% of the total liquidity)

 707 866 1000 1414
IL -6% -1% 0% -6%

More information and calculations are available here.

Trading fees offset the impermanent loss. Theoretically, you should gain passive returns despite having IL.

To minimize your Liquidity Provision loss, you first need to analyze how volatile a trading pair is. The total liquidity will help with this. Uniswap has a tracker for it here. If liquidity is low, then a single trade could have a substantial impact on the pool’s price, so fees and your share of the total liquidity need to be high to mitigate your risk.

Also, consider selecting pairs that have an additional incentive in the form of protocol tokens. For instance, 1Inch.exchange is currently running a liquidity mining program, in which LPs get 1INCH tokens as an additional reward.

You can make all calculations yourself or use tools like UniswapROI, a beautiful tool created by Federico Nitidi. He helped me review the DeFi market when the boom was just kicking off.

Rug Pulls

Impermanent loss is a given, but it can’t wholly wipe-out your LP balance. A scam strategy known as rug pull, on the other hand, can.

A rug pull is performed by the creator of a trading pair. Imagine someone creates a pair for a new token, which isn’t traded anywhere else. During the DeFi craze, a popular trend was ‘food tokens,’ which involved liquidity mining projects named after food like YAM and SUSHI.

While YAM and SUSHI are legitimate, other projects like Truample turned out to be scams. The rug pulling scheme that scammers utilized is quite simple.

A developer creates a new pair on Uniswap, and a project usually provides some outsized returns to attract traders and LPs. Initially, scammers provide liquidity to kickstart the scheme. As the attention to the pair grows, the total liquidity increases along with the token price.

Kimchi Finance Returns 

Considering how Uniswap works, if a scam token’s price grows, more ETH ends up in the pair’s pools as people come to trade and provide liquidity. At some point, smart-contract owners remove liquidity from the pair; in other words, they pull the rug from under LPs’ feet.

The rule of thumb to protect yourself from being rug pulled is to avoid unrealistic yields. If you see hundreds or thousands of annual percentage yields, it’s a red flag.

Also, check whether smart-contracts have a timelock function. Timelock delays interactions from a smart contract’s owners, allowing observers to know what the owner is doing in advance. However, bear in mind that timelocks are not a silver bullet, and you may miss the notification window it can give you.

Hacks and Exploits

Decentralization is liberating but also challenging. ‘Code is the law,’ but bad things will happen when the code is broken or poorly designed.

In line with DeFi’s ethos of decentralization, projects act entirely in the open. Anyone can scrutinize their codebases and play around with smart-contracts. If there is a weak spot, it will be found.

Examples like Opyn, in which a smart-contract bug caused a loss of $370,000 for users, show that no code in DeFi is perfect.

Projects like Quantstamp, Peckshield, and OpenZeppelin help teams make sure their code is bug and vulnerability-free. However, even the best-written code is not bulletproof.

More often than not, DeFi exploits don’t arise from mistakes in the code. One of the critical features of DeFi protocols is “composability,” which means that projects interact with each other to create value.

Large projects like bZx and Harvest were exploited for millions of dollars, even though hackers didn’t try to break them directly. Instead, they broke other systems these projects depended on.

By manipulating the places where these projects got their prices from, hackers were able to steal funds by exploiting smart contracts that were sound in every other way.

You can’t be sure that any project out there won’t be exploited in one way or another. But, you can at least do some basic checks.

First, try comparing smart-contract code to some already existing smart-contracts of established projects. Many new teams just fork code, so you can use tools like Contract Diff Checker to see what’s been changed.

Next, head to DeFi Safety and see if your target project is on their list. They have all popular projects with safety ranks.

In any case, don’t “ape” (rush) into anything you don’t understand just because it looks good at face value. Don’t let emotions guide you; compounding consistent returns is a more profitable strategy than earning super-high yields for a few days with the risk of getting wiped-out.

 

Disclosure: The author of this newsletter holds ETH and FLOAT. Read our trading policy to see how SIMETRI protects its members against insider trading.