The introduction of the Chainlink oracle is a great step forward for Compound, which can usher in the next phase of growth for the protocol on Ethereum. Now that Compound has started to list more assets, we wanted to try to add a better structure to the listing process which would help the protocol manage the risk associated with these new assets in a principled way. Maker has a process for this, as does Aave, however we wanted to focus on specifying what will work best for Compound.

We’ll first break down these risks into a couple different categories, and then outline a process for addressing these risks while maintaining a clear path for listing new assets and allowing the protocol to grow aggressively.

Risks in Compound

We view the goal of a lending protocol as simple - to let anyone in the world lend or borrow digital assets. We use “anyone” quite broadly here, including other smart contracts. To maximize that goal, and the value created by the protocol, the protocol should try to maximize the number of people and protocols who desire to and are able to participate. Adding more assets is a great way to do that, but if in doing so, the protocol destroys user trust, this would not maximize long term usage. We’ll try to list out the ways the protocol might damage that trust here:

• A user who supplies tokens is unable to withdraw them
  • Insolvency risk - the value of the funds held by the protocol is less than the liabilities of the protocol.
  • Liquidity risk - the funds users wish to withdraw are not available for withdrawal, though the protocol holds other tokens of sufficient value to eventually allow the withdrawal
• A user who borrows funds pays unnecessary fees
  • Someone manipulates the price of assets, either in the oracle or by taking advantage of limited market liquidity to create large price swings. This can cause liquidations on assets that belies expectation and borrowers would pay liquidation penalties
  • An interest rate curve for an asset creates swing in interest rates that would appear usurious
• A protocol hack or bug
  • Someone finds a vulnerability in the protocol that allows them to withdraw a ton of value from the protocol, often referred to as a protocol “hack”
  • An error in the honest execution of an action, in this case, adding a new asset, that could destroy or lose user funds
    • Assets that rebase like AMPL, which behave differently than standard ERC20s, can be prone to these issues. I’m not picking on AMPL here - it’s been added to AAVE after extensive testing and so it is a great example that when these risks arise, how they can be addressed.

Here at Gauntlet, we focus on market risks like insolvency and fees, and will be publishing a proposal for how we can help the protocol manage market risks and capital efficiency soon.

The Process

We’ll suggest the following four* phases for collateral onboarding:

1. Application

   • Explaining what the token does and why listing it as an asset will bring value to Compound. Key risks like volatility will be addressed in this stage as well.

2. Implementation Review

   • Review contract deployments, scenario testing, etc. Would be great if any community developers could chime in here @arr00, @tylerether, @blck, etc

3. Proposal

   • Pushing the proposal to vote and allowing the community to vote on chain to either accept or reject the asset

4. Post-Launch Parameter Update

   • After launch, increasing collateral factor to a safe level and setting the reserve factor in line with other assets

Over the next few days, we’ll publish a set of checklists as guides for each phase. These checklists will follow directly from the risks identified above so that we can be sure those are addressed as new assets are onboarded. To provide an example of what these will look like, we provide a draft outline of the first stage here:

Collateral Onboarding Application

• Overview
  1. What is the token name and ticker symbol?
  2. What the the token do?
  3. What additional risks might supporting this token create?
  4. What audits, if any, have been done?
  5. Have there ever been any protocol hacks? If so, when? How were they addressed?
• Market Risk Information
  1. What venues allow for the trading of this asset?
  2. How much liquidity is there on each of these venues?
  3. How has that liquidity changed over time? One way to show this is with rolling 30/60/90 averages.
  4. What is the historical volatility of this asset?
• Decentralization
  1. How is this asset distributed amongst token holders?
     • GINI Coefficient
     • Largest 10 positions and the percent of total float they constitute
  2. How is the supply of this currency controlled?
  3. Centralization scale (Centrally Backed → Permisionless)
• Asset Listing Request
  1. Collateral Factor - will be 0 for all assets until after launch
  2. Reserve Factor (probably should start pretty high)
  3. Borrow Cap
  4. Interest Rate Curve
     • Should likely start with an existing interest rate curve

We look forward to working with the community to publishing the rest of these checklists and identifying owners for each step of the process.

*One quick note - we might want to add an “Asset Review” stage where we look at existing assets and figure out if we need to remove any of them as we get close to the total asset limit.

We should also make sure the prospective token does not make callbacks during transfer and transferFrom.

Maybe it’s too early for this question, but do you expect to have different frameworks/requirements for fully digital assets and tokenized real-world assets? Of course, it makes sense for both to go through the general flow of application, review, and proposal but the risks and decentralization levels are different.

We have a couple questions in the draft application regarding centralization and other risks, but if someone wanted to contribute a separate checklist for real world assets, that might be a great start for figuring out what it would look like to list them. My first read here is that the highest ROI additions to Compound are digital assets - just looking at the most popular ERC20s by volume, liquidity, and market cap. Down the line, as Compound is able to support more assets, the community will have some real questions to answer on what risks real world assets create and how to address them.