Comprehensive Risk Management Services Proposal for Compound Finance by Chainrisk

Comprehensive Risk Management Services Proposal for Compound Finance by Chainrisk

1. Previous Work with Compound

Chainrisk recently conducted a comprehensive economic audit of Compound V3 on the Arbitrum One Chain as part of the Compound Grant Program (CGP), with regular updates and active engagement on the grant forum. The audit focused on optimizing risk management and enhancing protocol stability through advanced simulations and stress tests within the USDC market, targeting collateral assets such as Wrapped Ether (WETH), Wrapped Bitcoin (WBTC), GMX, and Arbitrum (ARB). The final report, shared with the community, provides an in-depth overview of Chainrisk’s risk methodology, offering valuable insights into how these recommendations enhance the protocol’s resilience and ensure its sustainable growth in the decentralized finance ecosystem.

2. Executive Summary

Chainrisk proposes a state-of-the-art risk management solution for Compound Finance, designed to optimize protocol safety, capital efficiency, and sustainable growth. Our comprehensive approach leverages advanced quantitative methodologies, machine learning algorithms, and protocol-specific risk models to test Compound V3 (Comet) Modules and new protocol upgrades in various market scenarios.

Key Highlights:

  • Chainrisk will serve as a secondary risk management provider alongside Gauntlet for all new and upcoming markets on Compound V3, with a special focus on longer-tail assets. We are committed to transparency by making our reports and analyses publicly accessible to enhance community engagement.

  • Chainrisk will deliver comprehensive Quarterly and Annual Risk reports that will encompass our risk management framework, analyses of newly launched markets and added assets, and detailed assessments of high-risk events, including days with elevated liquidation risk, for the Compound protocol.

  • Chainrisk will provide bi-weekly data-driven recommendations for dynamic risk parameters, including but not limited to:

    • Borrow Collateral Factor
    • Liquidation Collateral Factor
    • Liquidation Threshold
    • Supply Cap
    • Target Reserves
    • Storefront Price Factor

    These recommendations will be based on rigorous quantitative analysis and market conditions to optimize protocol safety and efficiency.

  • Chainrisk will deploy an advanced real-time monitoring and alerting system, providing critical risk insights to protocol stakeholders and facilitating timely responses to market dynamics.

  • Our dedicated team of eight professionals includes experts in Crypto, Security, Statistics, Economics, and Data Science, bringing valuable experience from prestigious institutions such as the Ethereum Foundation, NASA, JP Morgan, Deutsche Bank, Polygon, Nethermind, and EigenLayer.

  • Chainrisk will implement Multi-Agent Influence Diagrams (MAIDs) to enhance governance in Compound by modeling agent incentives, analyzing voting behaviours, and simulating scenarios to identify and mitigate vulnerabilities to governance attacks.

  • Chainrisk aims to introduce ‘On-Chain Credit Risk Score’ for Compound users, enabling trustless loan access based solely on public blockchain data.

  • Chainrisk aims to develop a comprehensive framework for assessing and quantifying the restaking risks, including collateral riskiness and AVS slashing potential, to enable more informed decision-making in the evolving restaking ecosystem.

  • A robust knowledge transfer and community engagement program will be implemented to ensure comprehensive understanding and active participation within the Compound community.

  • 12-month engagement (Jan 1, 2025 - December 31, 2025): $500k base (in USDC, streamed linearly) serves as the foundational payment, while $150k (Base) + Performance Bonus in COMP (7-day TWAP), tied to the deliverables discussed below, constitutes the incentive structure.

3. Company Overview

Chainrisk is an end-to-end economic security & risk management company building tools and services for all Defi protocols and L1, L2s to protect value at risk. Chainrisk specializes in economic security, offering a unified simulation platform designed for teams to efficiently test protocols, particularly in challenging market conditions. Our technology is anchored by a cloud-based simulation engine driven by agents and scenarios, enabling users to create tailored market situations for comprehensive risk assessment.

Our team comprises experts with diverse backgrounds in Crypto, Security, Statistics, Economics, and Data Science, bringing valuable experience from institutions such as Ethereum Foundation, NASA, JP Morgan, Deutsche Bank, Polygon, Nethermind, and EigenLayer.

Key Differentiators:

  • Focus on Capital Efficiency: We prioritize enhancing the top-line of DeFi protocols by exploring innovative avenues of capital efficiency for both protocols and its users.
  • Commitment to Transparency: Risk management shouldn’t be a black box. That’s why we strive to make our analyses as public as possible, fostering trust and clarity within the DeFi community.
  • Advanced Simulation Engine: Our unique dual-pronged simulation engine combines the power of Rust-based off-chain computations with real-time on-chain data, enabling us to conduct precise risk assessments and fine-tune parameters effectively.
  • Community Engagement: We value community input and actively involve users in our risk management proposals. By seeking feedback, we ensure our solutions align with the community’s needs and insights.
  • Agility and Speed: Our agile team is always ready to roll out new tools and strategies quickly, helping DeFi protocols understand and mitigate risks while opening up new opportunities for capital efficiency.

4. Scope of Work for Compound Finance

This proposal outlines a comprehensive approach to enhancing risk management, governance analysis, and user experience for Compound V3. It is structured into two main components: Base Fee services and Incentive Fee services.

Base Fee Services -

A. Risk Management and Analysis

  1. Complementary Risk Management
    • Serve as a secondary risk management provider alongside Gauntlet for all new and upcoming Compound V3 markets ( with no limit on the number of markets )
    • Expand asset offerings by introducing new collateral types for existing base assets, adding new base assets with corresponding collateral, and actively supporting new chain deployments with full coverage of associated base and collateral assets
    • Focus on longer-tail assets to ensure comprehensive coverage
  2. Comprehensive Reporting
    • Deliver Quarterly Risk Reports (4 per year)
    • Provide an Annual Comprehensive Risk Report
    • Include:
      • Risk management framework details
      • Analyses of newly launched markets and added assets
      • Assessments of high-risk events, particularly days with elevated liquidation risk
  3. Data-Driven Recommendations
    • Provide bi-weekly recommendations for dynamic risk parameters:
      • Borrow Collateral Factor
      • Liquidation Collateral Factor
      • Liquidation Threshold
      • Supply Cap
      • Target Reserves
      • Storefront Price Factor
  4. Real-Time Monitoring & Alerts
    • Implement an advanced real-time monitoring and alerting system
    • Provide critical risk insights to stakeholders
  5. Supporting New DAO Initiatives
    • Offer risk management support for new DAO initiatives, including recent proposals like the Compound Sandbox development by the WOOF team.

B. Community Engagement and Knowledge Transfer

  1. Knowledge Transfer Program
    • Implement a robust knowledge transfer initiative
    • Conduct regular community engagement sessions
  2. Transparency
    • Ensure all reports and analyses are publicly accessible
    • Provide clear documentation and resources for community understanding

Incentives Fee Services -

C. Governance and Infrastructure Analysis

  1. Multi-Agent Influence Diagrams (MAIDs)
    • Implement MAIDs to enhance governance processes:
      • Model agent incentives
      • Analyze voting behaviours
      • Simulate scenarios to identify and mitigate governance attack vulnerabilities
  2. Restaking Risk Assessment
    • Develop a comprehensive framework for assessing risks associated with restaking:
      • Evaluate collateral riskiness
      • Assess AVS slashing potential

D. Innovation and User Experience

  1. On-chain Credit Risk Score
    • Introduce a novel ‘On-chain Credit Risk Score’ for Compound users
    • Enable trustless loan access based on public blockchain data like wallet loan repayment history and transaction behaviour.

E. Revenue Sharing Model

  1. Implement a Performance-Based Revenue Sharing Model:
    • If the cumulative revenue across the markets managed by Chainrisk exceeds $500,000 annually, 25% of the revenue above this threshold will be allocated to Chainrisk.
    • Revenue sharing will be evaluated and disbursed annually, based on the incremental revenue exceeding the base threshold.

Deliverables

  1. Quarterly Risk Reports (4 in total)
  2. Annual Comprehensive Risk Report
  3. Bi-Weekly risk parameter recommendations
  4. Real-time monitoring and alerting system
  5. MAID implementation for governance analysis
  6. Restaking risk assessment framework
  7. On-chain Credit Risk Score prototype
  8. Community engagement sessions
  9. Knowledge transfer documentation and resources

5. Detailed Service Offerings

5.1 Proposed Risk Management Framework for Longer Tail Assets

Long-tail assets in the cryptocurrency landscape refer to digital tokens characterized by low market capitalization and trading volume, positioning them at the periphery of the market compared to dominant cryptocurrencies like Bitcoin and Ethereum. Long-tail assets often attract speculative trading strategies, where traders aim to leverage short-term price movements in these less liquid markets.

Long-tail assets play a pivotal role in portfolio diversification, offering exposure to niche sectors within the cryptocurrency ecosystem. This category encompasses various tokens such as liquidity provision (LP) tokens, liquid restaking tokens (LRTs), liquid staking tokens (LSTs), real-world assets (RWAs), and vault tokens. While these assets hold the promise of high returns, their limited presence on mainstream decentralized finance (DeFi) platforms underscores the necessity for robust risk management strategies.

Chainrisk Long Tail Asset Onboarding Methodology

This methodology outlines a basic framework for evaluating long tail assets through Fundamental, Technical, Market and Statistical Evaluations.

I. Asset Fundamental Evaluation:

Objective: This includes an in-depth examination of the asset’s functionality, utility, and role within its ecosystem. Key factors include:

  • Assess the primary functions of the asset and the specific scenarios in which it is utilized. Understanding its real-world applications helps gauge its relevance and potential for adoption.
  • Evaluate critical indicators such as Price, Fully Diluted Valuation (FDV), trading volume, market capitalization, and other relevant metrics. These figures provide insights into the asset’s reliability, stability, and overall market performance.
  • Analyze the economic model surrounding the asset, including total supply, distribution among stakeholders, utility within the ecosystem, and any inflation or deflation mechanisms.

II. Technical Evaluation:

Objective: To evaluate the technical specifications of the asset to understand its security and operational robustness. Key Factors include:

  • Analyzing the asset’s interoperability within decentralized finance ecosystems highlights its potential for integration with other protocols.
  • Assess the asset’s smart contract audits, built-in security features (e.g., multi-signature wallets), historical security incidents, and the presence of bug bounty programs.
  • Evaluate other technical specifications such as access control, oracles, immutability, centralization, documentations, and more.

III. Market Evaluation:

Objective: To assess potential market risks associated with the asset by analyzing the historical performance of the asset. Key Factors include:

  • Volatility Analysis: Evaluate the historical price volatility to understand potential fluctuations. This involves analyzing past price movements and asset volatility.
  • Liquidity Analysis: Evaluating the asset’s liquidity across different trading platforms (DEX and CEX) provides insights into how easily it can be traded without significant price impact.

IV. Statistical Evaluation:

Why Chainrisk uses Percentile-based methods for Long Tail Assets?

Percentile-based methods are very useful for understanding skewed data distributions because they focus on actual data points rather than assuming a perfectly balanced, bell-shaped curve (like a normal distribution). In many real-world situations, data isn’t balanced in this way. For instance, in finance, big losses are often more common than big gains, resulting in a left-skewed distribution where the “tail” (extreme values) is longer on the left. Using percentiles helps capture these extreme events more accurately.

Traditional measures like the mean (average) and standard deviation don’t work as well in these cases because they rely on symmetry. When data is skewed, these measures don’t accurately reflect the likelihood of extreme values. Percentiles, on the other hand, look at specific data points within the distribution—like the 5th percentile, which represents the point where only 5% of the data falls below. This approach is much better at identifying “tail risks,” or the chance of rare but large losses since it doesn’t assume the data is evenly spread.

In finance, for example, percentile measures can show how much a portfolio might lose in the worst 5% of scenarios (known as Value at Risk, or VaR). Percentiles are useful because they aren’t thrown off by extreme values; they simply show where data points fall relative to each other. This makes them reliable and realistic for assessing risk in any skewed distribution, giving a clear picture of potential extremes without assuming everything follows a neat, bell-shaped curve.

Note: The following evaluation is intended as an illustrative example of the proposed framework and should not be construed as a recommendation or endorsement for listing the asset. This analysis serves solely to demonstrate the application of the framework’s methodology.

CRV Market Evaluation

Market Data:

All data given below are as of 9th November, 2024

Market Cap: $317.67M

At $317.67 million, the market cap indicates a moderate level of investor interest and market presence for CRV.

24h Volume: $61.5M

The 24-hour trading volume of $61.5 million suggests healthy trading activity, indicating that CRV is actively traded among investors.

Circulating Supply: 2.19B CRV

The circulating supply of 2.19 billion CRV tokens reflects the total number of tokens currently available for trading, calculated as the total coins created minus any coins that have been burned.

Fully Diluted Value: $570M

The FDV of $570 million provides insight into the potential future valuation of CRV if all tokens were to be issued.

Current Rankings

  • CoinMarketCap: 165

Volatility Analysis

Asset Volatility

CRV’s high volatility and recent price decline present significant risks for lending protocols, as sharp price drops can increase liquidation risk and potential bad debt. Its long-tail characteristics, including lower liquidity during volatile periods, add challenges for efficient liquidation. To manage these risks, CRV would need strict risk parameters, like high collateral requirements and liquidation penalties, to ensure stability. While listing CRV is possible, it would require strong controls to offset its volatility-driven risks.

Trading Volume to Market Capitalization Ratio

A trading volume-to-market capitalization ratio of 19.29% indicates a healthy level of liquidity, making it easier to buy or sell the cryptocurrency close to its true value on exchanges.

Historical Performance

The CRV token has experienced significant price fluctuations since its launch in August 2020. The historical price data includes:

Liquidity Analysis

Token On-Chain Liquidity

The market capitalization of CRV over the last 24 hours was approximately $318 million, while the average daily trading volume stood at around $71 million across both centralized and decentralized finance platforms. Although the market cap is relatively modest, it is considered appropriate for listing. The trading volumes are reasonable, given the asset’s market cap and risks can be further mitigated through suitable recommendations for asset risk parameters.

Slippage

The DefiLlama slippage estimator (Token Liquidity) tool shows that a CRV-> ETH trade of $2.7M (10,000,000 CRV) over 1inch will produce 2.37% trade slippage in CRV. As the ETH pair is the deepest liquidity available for CRV currently, large liquidations are likely to route through ETH.

Supported CEXes & DEXes:

CEXes:

The CRV Token is prominently listed on several leading centralized exchanges (CEX), including Binance, Gate io, OKX, MEXC, Bitget, HTX, and Biconomy.

Top 10 Markets on Centralized Exchanges

DEXes:

The CRV token is actively traded across a variety of decentralized exchanges (DEX), including Curve, Uniswap, Sushiswap, DeFiSwap, QuickSwap, and ApeSwap.

Top 10 Markets on Decentralized Exchanges

Projected Revenue Estimate:

Existing Market Condition:

CRV is currently utilized as a collateral asset on Aave. The total borrow amount for CRV is $3.46 million, with an annual percentage yield (APY) of 11.06%.

Historically, the total borrow for CRV has been much higher, with maximum APYs reaching 28.70% and average APYs around 7.9%. This historical performance suggests that CRV has previously experienced greater demand and higher yield potential, which could be indicative of future trends as market conditions evolve.

Revenue from lending protocols can be estimated using the formula:

Estimated Revenue = Total Borrow × APY

For our calculations, we will assume an average total borrow of $5 million worth of CRV and an average APY of 8%

To reflect a conservative estimate based on historical averages. We can get Estimated Revenue as:

Estimated Revenue= 5,000,000 × 0.08 = 400,000

To further understand how varying borrowing levels and APYs could impact revenue projections, a sensitivity analysis can be conducted:

pufETH Market Evaluation

Market Data

All data given below are as of 9th November 2024

Market Cap: $714 M

At $714 million, the market cap indicates a moderate level of investor interest and market presence for pufETH.

24h Volume: $5.5M

The 24-hour trading volume of $5.5 million suggests healthy trading activity, indicating that pufETH is actively traded among investors.

Circulating Supply: 227,548 pufETH

The circulating supply of 227,548 pufETH tokens reflects the total number of tokens currently available for trading, calculated as the total coins created minus any coins that have been burned.

Fully Diluted Value: $714 M

The FDV of $714 million provides insight into the potential future valuation of pufETH if all tokens were to be issued.

Current Rankings

  • CoinMarketCap: 22

    This rank is for rehypothecated crypto (e.g. staked, restaked, or wrapped).

Volatility Analysis

Asset Volatility

Liquid Staking Basis (LSB)

The LSB represents the price difference between pufETH (liquid staking token) and its underlying asset, ETH. It measures the deviation of the pufETH price from the ETH price.

pufETH is a value-accrual type LSD token and therefore can be expected to have a constant increase in LSB value. The chart below shows the constantly increasing trend (linear) of the pufETH LSB value over time:

Closeness to Underlying (c2u)

The descriptive statistics for the ‘Closeness to Underlying’ (c2u) between synthetic pufETH and ETH indicate that pufETH generally trades at a slight premium to ETH, with an average c2u value of 0.00321. The data points are relatively consistent, with a standard deviation of 0.002236. The range of c2u values spans from a minimum of 0.006347 to a maximum of 0.000806, suggesting that while pufETH typically trades above ETH.

Trading Volume to Market Capitalization Ratio

It is an indicator of liquidity. A trading volume-to-market capitalization ratio of 0.4908% indicates a low level of liquidity, making it a bit difficult to buy or sell the cryptocurrency close to its true value on exchanges.

Historical Performance

The historical price data includes:

Liquidity Analysis

Token On-Chain Liquidity

The three most liquid pools are the pufETH/wstETH pool with $135.42 Million in TVL followed by $53.51 Million in the ETH/pufETH Pool and $34.07M in Uniswap weETH/pufETH pool.

Slippage

The DefiLlama slippage estimator (Token Liquidity) tool shows that a pufETH-> ETH trade of $3.15M (1000 pufETH) over KyberSwap will produce 3.20% trade slippage in pufETH. As the ETH pair is the deepest liquidity available for pufETH currently, large liquidations are likely to route through ETH.

Supported CEXes & DEXes

CEXes: The pufETH Token is currently not listed on any centralized exchanges.

DEXes: The pufETH token is actively traded across a few of decentralized exchanges (DEX), including Curve, Uniswap and Balancer.

Markets on decentralized exchanges:

Projected Revenue Estimate:

Current Market Position

pufETH has established itself as a collateral asset on Morpho, facilitating the borrowing of WETH. The current supply of pufETH stands at $4.04 million, with a borrowing volume of approximately $2.77 million. The annual percentage yield (APY) for borrowing is 3.36%, reflecting a competitive rate in the decentralized finance (DeFi) landscape. Historically, total borrowing reached around $11.52 million, indicating robust demand and utilization metrics.

Calculation Methodology

Revenue from lending protocols can be estimated using the formula:

Estimated Revenue = Total Borrow × APY

Assuming an average total borrow of $8 million worth of pufETH and an APY of 4%, the projected annual revenue would be calculated as follows:

Estimated Revenue = 8,000,000×0.04 = $320,000

To further understand how varying borrowing levels and APYs could impact revenue projections, a sensitivity analysis can be conducted:

2 Likes

Note : This reply is a continuation to the first post.

Key Features

Protocol Risk Analysis

The dashboard will offer in-depth protocol and market-specific risk analysis, including ( but not restricted to ) :

  • Supply and borrow metrics per asset per market
  • Asset-specific Utilization rates
  • Asset distribution for supply and borrow
  • Value at Risk (VaR) and Liquidations at Risk ( LaR ) calculations per market
  • Protocol reserves distribution
  • Identification of accounts at risk of liquidation
  • Market Risk Alerts

User Analysis

To enhance user experience and decision-making, the dashboard will provide:

  • Real-time user metrics
  • User wallet breakdown and distribution
  • Individual user health scores
  • Simulations of user health based on asset price fluctuations

This comprehensive user analysis will enable Compound users to better understand and manage their positions.

5.3 On-Chain Credit Risk Framework

Proposal for Integrating On-Chain Credit Risk (OCCR) Scores with Compound V3


Introduction

In decentralized finance (DeFi), fostering transparent and efficient interactions between lenders and borrowers is key to sustained growth. We propose the integration of an On-Chain Credit Risk (OCCR) Score tailored for Compound V3 to evaluate wallet risk profiles, based on each wallet’s borrowing history on Compound and on-chain activity across the EVM networks.

The OCCR Score will allow Compound to more precisely manage Loan-to-Value (LTV) ratios and Liquidation Thresholds (LT) in response to user-specific risk assessments. This targeted approach encourages risk-aware borrowing behaviours, enhances capital efficiency, and establishes Compound as a leader in secured and data-driven DeFi lending.

Overview of On-Chain Credit Risk (OCCR) Scores

The On-Chain Credit Risk Score quantifies the likelihood of default for individual wallets based on on-chain activity, including transaction history on the Ethereum network and borrowing patterns on Compound. This score serves as an objective risk metric designed to support creditworthiness assessments, opening new capital efficient avenues for borrowing.

Unlike traditional credit models in Web2 that rely on centralized credit histories and personal financial data, OCCR relies solely on transparent, immutable blockchain data. This model assesses the probability of a wallet defaulting, based on key on-chain behaviours, offering Compound a highly reliable means to gauge risk in real-time.

Proposed Implementation Plan

  1. Score Calculation and Integration:
    • Develop the OCCR Score framework tailored to Compound V3, incorporating data from the wallet’s borrowing history on Compound and on-chain transaction history on Ethereum.
    • Integrate the scoring framework into a user dashboard, displaying key borrowing metrics and transaction history.
  2. Dashboard Integration:
    • Implement a wallet risk dashboard where users can view their OCCR Score alongside detailed borrowing and transaction data, making the risk evaluation process transparent and actionable.
    • Offer resources to help users understand and improve their scores, promoting responsible borrowing behaviours.
  3. Ongoing Evaluation and Optimization:
    • Conduct regular reviews and evaluations to ensure that OCCR Scores remain accurate and relevant.
    • Continuously monitor the impact of OCCR Score integration on Compound’s capital efficiency and user behaviour.

Benefits of OCCR Scores

  1. Dynamic Loan-to-Value (LTV) Adjustment: LTV ratios can be flexibly adjusted based on OCCR Scores. Lower-risk wallets could receive higher LTV ratios, incentivizing users to maintain a favourable score while potentially increasing borrowing capacity. We will try to incorporate this as a core feature in new protocol upgrades and initiatives, such as the Compound Sandbox proposed by the WOOF team.
  2. Transparency and User Incentives: By displaying OCCR Scores on user dashboards, Compound empowers users with insights into their credit risk standing, encouraging positive borrowing practices and fostering long-term engagement with Compound.
  3. Data-Driven Risk Assessment: Integrating OCCR leverages Compound users’ borrowing history on the protocol and Ethereum transaction history, bringing more granularity and accuracy to risk assessments.

Conclusion

Integrating On-Chain Credit Risk (OCCR) Scores into Compound V3 represents a forward-looking enhancement to the protocol’s risk management and lending practices. We plan to enhance and refine our current OCCR scoring system based on community feedback before expanding its capabilities. Once we’ve established a more stable foundation, we’ll explore incorporating Dynamic Loan-to-Value (LTV) Adjustment and additional applications of OCCR Scores.

We look forward to working closely with Compound’s team to realize this vision and contribute to enhanced growth for Compound in the coming years.

Read more about our methodology here - On-Chain Credit Risk Scoring by Chainrisk

5.4 Restaking Risk Framework

As the DeFi landscape evolves, restaking mechanisms continue to gain prominence, providing novel utility and yield generation opportunities for staked assets. Recognizing this growing trend, we at Chainrisk propose a comprehensive risk assessment and quantification framework, specifically tailored to address the unique risks associated with restaking within Compound’s lending and borrowing ecosystem. Our framework aims to quantify collateral riskiness and Actively Validated Services (AVS) risk, ensuring Compound’s users can make informed decisions regarding restaking tokens as both base and collateral assets.

Background and Objectives

Restaking mechanisms inherently introduce additional layers of risk to protocol assets, including exposure to validator slashing, network instability, and collateral devaluation in adverse events. Compound stands to benefit greatly from integrating a systematic approach to assessing these risks, especially as they impact collateral health and market stability. By developing an AVS risk framework, Chainrisk aims to enable Compound to:

  • Evaluate Restaking Asset Risks: Identify and quantify potential risk factors tied to slashing events, staking network failures, and variations in collateral stability.
  • Enhance Asset Transparency: Provide risk insights for informed decision-making around listing restaking tokens as collateral and base asset.
  • Integrate Dynamic Risk Monitoring: Implement a dashboard that aggregates risk factors, facilitating real-time adjustments to Compound’s risk management strategies.

Proposed Framework Components

Our framework is designed to assess the risks associated with restaking, focusing on two primary aspects:

  1. Actively Validated Services (AVS) Risk:
    • AVS Risk Quantification: By quantifying the risk of slashing across multiple staking networks, we aim to provide a precise assessment of the risks associated with validator misbehaviour or network vulnerabilities.
    • Risk Modulation: AVS risk scores will dynamically adjust based on network conditions, validator activity, and governance updates, providing Compound with timely risk updates.
  2. Collateral Riskiness Assessment:
    • Restaking Token Collateral Profiles: Each restaking token will be evaluated for its ability to be used as collateral under stress conditions.
    • Cross-Network Correlation Analysis: Using cross-correlation data, we will assess dependencies between restaking networks, capturing contagion risk and reinforcing risk scoring for Compound’s listed assets.
    • Liquidity Stress Testing: To prevent illiquidity risks, we will perform simulations and stress tests on restaking tokens, ensuring collateral health under high-volatility conditions.

Deliverables

  1. AVS Risk Dashboard Integration:
    • Dynamic Dashboard: A real-time, on-chain dashboard will be built to continuously monitor AVS risk and collateral riskiness of restaking tokens within Compound.
    • Historical and Predictive Analytics: The dashboard will display historical data and predictive analytics, facilitating informed governance and listing decisions.
  2. Risk Reporting & Analysis:
    • Quarterly Reports: Our team will provide quarterly risk reports covering insights on restaking token behaviours, market conditions, and ongoing AVS and collateral evaluations.
    • Continuous Data Feed: Integration of a live risk feed into Compound’s risk management infrastructure, enabling instantaneous data-driven responses to market changes.
  3. Governance Collaboration:
    • Risk Scoring Criteria: Work closely with the Compound community to establish criteria for listing restaking tokens as base and collateral assets, based on quantifiable AVS and collateral risks.
    • Iterative Improvements: Based on Compound’s feedback, we will iterate and refine our framework, ensuring it aligns with evolving protocol needs and market trends.

Value to Compound

This framework will empower Compound to maintain a high standard of security and transparency for users, improving risk assessment capabilities specifically for the restaking sector. The Chainrisk AVS and Collateral Risk Framework will mitigate exposure to adverse events, allowing Compound to confidently onboard new assets with increased security and risk insights.

5.5 Detecting Governance Attacks through MAIDS

Governance Attacks on Compound

Governance Extractable Value (GEV) refers to the profits or benefits that individuals or groups can obtain by controlling or influencing the governance mechanisms of decentralized protocols. Similar to Miner Extractable Value (MEV) in mining, GEV is realized when token holders, delegates, or participants with significant voting power manipulate decisions to their advantage, often through buying votes, proposing self-serving changes, or exploiting loopholes in governance models.

Governance attacks present a unique threat to decentralized protocols like Compound Finance, where power rests in the hands of token holders who vote on important decisions. Governance models in DeFi platforms aim to decentralize control, but they are susceptible to attacks when a small group amasses enough voting power to sway outcomes in their favour.

A notable example recently occurred with Compound Finance. In July 2024, a proposal (Proposal 289) by a group known as the “Golden Boys,” led by an individual nicknamed “Humpy,” successfully passed, which aimed to allocate approximately $24 million in COMP tokens to a yield-bearing protocol called “goldCOMP.” This protocol, designed and controlled by the Golden Boys, would have taken a significant portion of Compound’s treasury funds. The proposal narrowly passed, sparking accusations of a governance attack as critics pointed out that Humpy’s group had acquired a substantial quantity of COMP tokens just below the quorum threshold. This led to concerns that the vote was manipulated rather than reflecting the community’s broader interests.

Compound’s governance attack highlights a vulnerability within DAO structures: the “token-based voting” mechanism. When voting power is directly tied to token ownership, it becomes possible for wealthy groups or individuals to buy influence and push through self-serving proposals. The incident also underscores the importance of governance safeguards, as some DeFi communities are now advocating for stronger protections, like time delays for proposal execution, stricter quorum requirements, or alternative governance models that don’t concentrate power solely based on token holdings

In response to this attack, Compound ultimately reached a settlement with the Golden Boys, leading to the cancellation of Proposal 289. The community also discussed potential governance model changes to prevent future incidents, including exploring mechanisms similar to Curve Finance’s “ve-tokenomics,” which requires users to lock up tokens over an extended period to obtain voting power. This model seeks to align governance incentives more closely with long-term commitment rather than short-term profit-driven voting.

Multi-Agent Influence Diagrams (MAIDs)

Multi-Agent Influence Diagrams (MAIDs) are powerful tools for analyzing governance structures in decentralized finance (DeFi). They are particularly effective in scenarios involving multiple agents, such as Compound’s governance, where decision-making depends on the collective actions and incentives of a wide range of stakeholders. MAIDs combine elements of Bayesian networks and influence diagrams to represent complex interactions, allowing each agent’s decisions, beliefs, and objectives to be captured within a graphical model.

Detecting Vulnerabilities in Compound’s Governance with MAIDs

In the context of Compound, MAIDs can be instrumental in analyzing and mitigating vulnerabilities related to Governance Extractable Value (GEV). GEV arises when influential agents in a governance system exploit their voting power to extract value, often at the protocol’s expense. Here’s how MAIDs can be applied to detect such vulnerabilities:

  1. Modelling Incentives - By representing Compound’s governance as a MAID, each agent (or major COMP holder) can be modelled with their decision variables (e.g., supporting or opposing proposals) and utility variables (such as potential financial gains). This model allows the identification of agents whose incentives may diverge from the protocol’s long-term stability, particularly if these agents stand to gain financially from voting in self-serving ways.
  2. Analysing Agent Strategies - MAIDs allow researchers to simulate different voting scenarios, helping to identify situations where agents with large holdings might coordinate to push proposals that disproportionately benefit themselves. For example, if a proposal reallocates a large amount of COMP tokens to a few addresses, an MAID can reveal how this would influence other agents’ responses and whether it aligns with Nash equilibrium strategies for profit maximization.
  3. Identifying Equilibria and Deviation Risks - Through Nash equilibrium computations, MAIDs can pinpoint the optimal strategy for each agent, given the incentives and actions of others. If MAID analysis reveals that some agents have a strong incentive to deviate from the collective good, this signals potential vulnerabilities. For instance, the recent attack on Compound involved a group that gained near-majority control by purchasing COMP tokens, allowing them to pass a proposal beneficial to themselves.

Application of MAIDs for Mitigating Governance Attacks

In Compound, MAIDs can serve as a tool to strengthen governance frameworks:

  • Formal Verification of Strategies - MAIDs can be used to establish protocols for strategic decision-making. By verifying that agent incentives align with protocol sustainability, Compound could mitigate risks from proposals designed purely for extractable value.
  • Simulation of Adversarial Behavior - MAIDs are also effective for testing governance models under attack scenarios. In the paper’s example, introducing an adversarial agent into a MAID reveals how such an agent’s disruptive strategies affect equilibrium. For Compound, similar simulations could help prepare countermeasures for scenarios where a small group gains voting power to influence the protocol adversely

Next Steps

The first and foremost step would be to set up the MAIDs with exact values after an extensive analysis of the Compound V3 governance protocol. It is not exactly trivial to consider the exact dynamics of the protocol and our analysis in this post was just a glimpse into how important solving such problems for the compound protocol would really be. This setup process requires precise identification of all decision points, chance events, and utility considerations specific to Compound V3. Such a framework must incorporate a thorough assessment of the decision-making processes of both honest and adversarial agents, including decisions like submitting proposals, accepting or rejecting bribes, and voting outcomes. Additionally, it requires accurately modelling the variables that influence these choices, such as governance extractable value (GEV), reputational impacts, and conditional probability distributions for uncertain events in the governance environment. MAIDs would be the key to turning the theoretical analysis of extensive form games in Compound Governance into an actionable tool that can be used to address shortcomings as they appear.

Read more about how MAIDs could have detected the recent Golden Boys Attack :

https://chainrisk-cloud.notion.site/MAIDs-for-Compound-Governance-1c933914d6604b5f8e05a60bde728820

6. Technical Implementation

6.1 Chainrisk Simulation Engine

The Chainrisk Simulation Engine is a sophisticated, modular testing environment designed to conduct high-fidelity simulations of DeFi market scenarios. It comprises two key components:-

  • RiskEVM: A high-performance, Rust-based simulation engine optimized for computationally intensive tasks. RiskEVM models complex protocol interactions, including borrowing, lending, and liquidation events under various market conditions. This component enables a comprehensive assessment of protocol behaviour and stability, particularly during periods of market stress.
  • On-Chain Simulation: This component executes backtests on forked mainnet networks, ensuring simulation accuracy and fidelity to real-world scenarios. By leveraging actual on-chain data, it evaluates protocol responses to diverse conditions, providing insights into resilience and potential vulnerabilities.

The integration of these components allows Chainrisk to identify potential risks and optimize parameters with a high degree of precision. This dual-pronged approach combines the efficiency of the Rust-based simulation engine with the accuracy of on-chain data, enabling robust risk assessment and parameter optimization for DeFi protocols.

Why do we need 2 Engines?

The RiskEVM is a custom-built, highly optimized agent-based simulation engine designed to address the challenges of conducting large-scale economic audits on blockchain networks. It leverages Rust’s capabilities for parallelism and concurrency to significantly reduce Time to Complete (TTC) for complex audits.

The RiskEVM offers several key advantages that enhance its performance and efficiency in conducting complex DeFi simulations. It employs parallel execution of independent tests and transactions, significantly reducing overall processing time. The system’s ability to deterministically pre-identify wallet interactions allows for optimized resource allocation. Additionally, its branched processing architecture, which converges for final results, ensures both speed and accuracy.

The RiskEVM eliminates the need for external RPC calls and repetitive oracle setups per simulation, streamlining the process and reducing potential points of failure. Finally, by minimizing the gas cost complexity typically associated with mainnet fork testing, it provides a more cost-effective solution for comprehensive protocol analysis. These features collectively enable the RiskEVM to perform extensive simulations with improved speed, accuracy, and resource efficiency compared to traditional methods.

This architecture allows the RiskEVM to perform extensive simulations (e.g., 6 million for Compound Labs) more efficiently than traditional on-chain forked network approaches. By minimizing latency, external dependencies, and resource overhead, the RiskEVM provides a more scalable and cost-effective solution for comprehensive blockchain economic audits.

Architecture :

Benchmarking

The Chainrisk RiskEVM leverages a highly optimized Anvil implementation using a Rust compiler. Its modular architecture and efficient handling of high transaction volumes, combined with minimal external calls, results in latency improvements of up to 150x compared to competitors.

This performance boost enables the Chainrisk team to rapidly compile and generate risk parameters. The system significantly outperforms current risk management solutions, which typically process around 40K simulations in 24 hours. The RiskEVM’s capabilities allow for:

  1. Real-time parameter recommendations for settings that don’t require governance proposals

  2. Accelerated analysis for parameters and markets subject to on-chain voting

The enhanced simulation speed translates to:

  • Faster updates
  • Quicker alerts
  • Increased ability to mitigate potential market shocks

This technological edge positions Chainrisk to provide more responsive and effective risk management in dynamic market conditions.

6.2 Chainrisk Cloud Architecture

Our cloud architecture is designed to support high-performance computing and large-scale data management, leveraging AWS services to ensure scalability, reliability, and security. Below is an overview of the key components and considerations that shape our infrastructure.

Core Compute Components

  • Kubernetes: Our primary compute happens in multi-region Kubernetes Clusters, as we use AWS as our primary cloud provider. We use Elastic Kubernetes Service ( EKS ) coupled with AWS Fargate. EKS allows us to manage containerized applications using Kubernetes without the overhead of maintaining the control plane. This service automatically scales the Kubernetes control plane based on workload demands, ensuring high availability and performance.
  • ⁠Elastic Container Service: Our secondary compute is AWS ECS coupled with Fargate. We use this if we suddenly need to run a burst of workload for a shot duration of time or in case of super heavy load or as a failover service in case our main Clusters are down for some reason like maintenance.

Scalability

Scalability is a critical aspect of our architecture, enabling us to efficiently handle varying workloads:

  • Horizontal Scaling: EKS supports horizontal scaling of workloads, allowing us to increase or decrease the number of running pods based on demand. This flexibility is essential for maintaining performance during peak usage times.
  • Multi-Region Deployment: Currently operating in two AWS regions, our architecture can support up to 12 million simulations daily. This multi-region setup enhances our resilience and ensures low-latency access for users in different geographical locations.
  • Service Integration: Services like Amazon SQS for messaging, RDS for database management, and API Gateway for API management scale seamlessly with our compute resources. This integrated approach simplifies operations and enhances responsiveness to user demands.

Security Framework

Security is embedded at every level of our architecture:

  • Identity and Access Management (IAM): We implement strict IAM policies to enforce least-privilege access controls across all services, ensuring that users and applications have only the permissions necessary for their functions.
  • Secrets Management: Utilizing AWS Secrets Manager, we securely store sensitive information such as API keys and database credentials. Automated rotation of these secrets further enhances our security posture.
  • Network Isolation: Sensitive workloads are deployed within a Private VPC, isolating them from public internet access. This setup minimizes exposure to potential threats while allowing controlled access to necessary services.
  • Data Security: Our databases employ encrypted connections and fine-grained access controls. Additionally, multi-region backups safeguard against data loss, ensuring business continuity in case of failures.

Performance Monitoring and Optimization

To maintain optimal performance as we scale:

  • Monitoring Tools: We utilize monitoring solutions that provide insights into resource utilization and application performance. This data informs scaling decisions and helps identify potential bottlenecks before they impact operations.
  • Load Testing: Regular load testing is conducted to validate the scalability of our architecture under various conditions. These tests help ensure that our infrastructure can handle anticipated workloads without degradation in performance.

Future Directions

As we evolve our cloud infrastructure:

  • Enhanced Flexibility: We aim to enhance flexibility by exploring additional cloud providers while maintaining our primary reliance on AWS.
  • Advanced Autoscaling: Plans are underway to optimize resource allocation through advanced autoscaling configurations and potentially integrate more managed services to reduce operational overhead.

This architectural framework ensures we can efficiently manage complex computations and large datasets while maintaining a strong focus on security and scalability.

7. Performance Metrics and KPIs

Financial Metrics

  1. Revenue Growth: Track the increase in revenue due to introducing new markets.
  2. Return on Security Investment (ROSI): Calculate the financial benefits of security investments relative to their costs.

Incentive Deliverables

  1. Restaking Risk Framework: Track the progress and effectiveness of implementing the restaking risk framework.
  2. On-Chain Credit Risk Score Implementation: Track the progress and effectiveness of implementing the On-Chain Credit Risk score.
  3. MAID Implementation Progress: Measure the progress in implementing MAIDs to prevent governance attacks.

Community Engagement and Satisfaction

  1. Community Net Promoter Score (NPS): Survey the community to gauge satisfaction with the Compound-Chainrisk relationship.
  2. Community Engagement Metrics: Track community participation in security-related discussions, forums, and educational initiatives.

8. Fee Structure

Base Compensation

  • Annual Base Fee: $500,000 USD
    • Paid in USDC, streamed linearly over the 12-month period (January 1, 2025 - December 31, 2025)
    • Monthly Payment: $41,666.67 USDC

Performance-Based Incentives

  • Total Incentive Pool: $150,000 + Performance Bonus in COMP tokens
    • Priced based on a 7-day Time-Weighted Average Price (TWAP)
    • Paid upon successful completion and verification of each deliverable

Incentive Breakdown:

  1. On-chain Credit Risk Framework: $50,000
    • Deliverable: Develop and launch a public dashboard that integrates and visualizes Compound users’ borrowing history, credit scores, and risk profiles for enhanced transparency and user insights.
  2. Restaking Risk Framework: $50,000
    • Deliverable: Developing a framework for quantifying AVS risks, slashing risks, and evaluating risks associated with restaking assets
  3. Governance Attack Prevention: $50,000
    • Deliverable: Implementing MAIDs to prevent Governance Attacks on Compound V3
  4. Performance-Based Revenue Sharing:
    • Condition:

      If the cumulative revenue brought by Chainrisk in the markets they manage exceeds $500,000 annually, Chainrisk will earn 25% of the revenue amount.

    • Evaluation and Disbursement:

      The Performance-Based Revenue Sharing will be evaluated and disbursed annually, based on the total revenue generated in the ongoing year.

    • Example:

      • Revenue Generated: $1M
      • Chainrisk Bonus Earned: (1,000,000- 500,000) × 25% = $125,000

Contract Terms

  • Engagement Period: January 1, 2025 - December 31, 2025 (12 months)
  • Early Termination Clause: Compound can terminate the contract after 6 months (June 30, 2025) if unsatisfied with progress. In the event of early termination:
    • Base compensation will be prorated for completed months
    • Earned incentives will be paid out; unearned incentives will be forfeited

9. References to Previous & Upcoming Work

You can find in this section links to our work:


Research from the Team - Chainrisk Simulation Engine | Chainrisk VaR Methodology | DeFi Lending & Borrowing Risk Framework | Multi-Agent Influence Diagrams ( MAIDs ) for DeFi Governance | MAIDs Video

10. Conclusion and Next Steps

We plan to submit a governance proposal in the coming weeks. Based on community feedback, we will initiate an on-chain snapshot for voting. Please share your comments and suggestions below. Thank you for your active participation in our proposal.

6 Likes

Thank you to the Chainrisk team for submitting this detailed proposal. While I myself am not a risk management expert, I can see the value in onboarding Chainrisk as a secondary risk manager IF the DAO wants to complement Gauntlet’s current scope in areas like restaking and long-tail assets. Maybe there could be some synergies there with the Sandbox proposal (should it pass).

The cost is obviously relatively low in comparison, though I would love to hear other people’s thoughts on the 25% revenue share over 500k/year/market and what the likelihood are for such potential markets to earn above 500k.

Some other questions that came to mind:

  • How would Chainrisk operate alongside Gauntlet, independently or collaboratively? And do you see any risks of conflicting recommendations etc?
  • Is there still a clear need for governance attack prevention? Delegates, what are your thoughts?

That said, I look forward to hearing from other delegates to weigh in on the specifics of this proposal and its alignment with Compound’s growth strategy

5 Likes

Hello @justErik, thanks so much for sharing your feedback!

We are open to supporting the new DAO initiatives with risk management support like the Sandbox proposal, you have mentioned.

The $500k/year threshold is cumulative across all the markets we manage, not per market. At Chainrisk, our primary focus is to unlock new, capital-efficient opportunities for Compound and drive meaningful value. The 25% revenue share beyond this threshold is designed as an incentive mechanism—it aligns our efforts with Compound’s success. This structure ensures we are rewarded only if we generate revenue beyond our annual base fee, reinforcing our commitment to delivering results that exceed expectations. That said, we are open to receiving reviews and feedback from you and other delegates on the incentive mechanism to ensure it aligns with the DAO’s goals and community expectations.

There is no inherent conflict between Chainrisk and Gauntlet, as our proposal focuses on managing the new markets we plan to launch. These markets would be independently managed by us, ensuring clear delineation of responsibilities.

However, if the DAO prefers, we are open to collaborating with Gauntlet. This collaboration could extend to both the new markets we propose to launch and the existing markets they currently manage. Our goal is to align with the DAO’s vision and ensure a seamless, value-driven risk management framework across all markets.

4 Likes

Mandar here, Core Contributor at Joule, largest money market protocol on Aptos. Came across this proposal, so sharing my 2 cents.

We have been greatly benefited from Chainrisk’s expertise in risk assessment. Chainrisk worked closely with us to fine-tune our Money Markets module, optimizing risk parameters to achieve a balance between capital efficiency and safety. Their audit significantly reduced insolvency and liquidation risks. From the early days before our testnet launch to ongoing mainnet support, Chainrisk has been a reliable partner in our journey. Given their track record of delivering tangible results, I believe Chainrisk would be a valuable addition to Compound, driving growth through their innovative risk management solutions.

4 Likes

Thank you for submitting this proposal to provide additional comprehensive risk management services to Compound Finance. Risk management is a critical function, especially as Compound expands across networks and seeks to maintain a robust and resilient protocol. While your proposal lays a strong foundation, we believe there are opportunities to refine the scope and approach to better align with Compound’s current needs and ongoing initiatives. Below are specific suggestions for consideration:

1. Trial Period: Reduce Scope and Demonstrate Impact

  • Pilot on Select Markets: Rather than rolling out across all markets, consider starting with one or two strategic markets on Arbitrum or Base. These are competitive ecosystems for Compound, and demonstrating tangible value in these markets by capturing market share can serve as a proof of concept.
  • Metrics of Success: Focus on onboarding additional liquidity in these markets, measured by:
    • Growth in supply volume.
    • Introduction and traction of new markets.
    • Corresponding increases in borrow activity.
  • Community Involvement: Utilize the trial period to engage actively with the Compound community. This includes participating in forums, attending governance calls, and identifying areas where ChainRisk’s expertise could expand on existing mandates or help define new ones.

2. Alignment with Compound Sandbox Initiative

  • The recently proposed Compound Sandbox represents an exciting opportunity to experiment with new features and products in a controlled environment.
  • ChainRisk could collaborate closely with the Sandbox team to:
    • Conduct risk assessments for new experiments.
    • Propose risk mitigation strategies as part of Sandbox deployments.
    • Establish best practices for integrating Sandbox outputs into the broader protocol.
  • By aligning with the Sandbox initiative, ChainRisk can position itself as a proactive contributor to Compound’s innovation efforts.

3. Support More Efficient Governance Methods

  • Recent governance improvements, such as the Proposal 374 for expedited market updates, demonstrate Compound’s interest in streamlining governance processes.
  • ChainRisk’s capability for recurrent and detailed market analysis could complement these efforts by:
    • Providing timely risk insights that feed directly into more frequent governance updates.
    • Demonstrating governance execution experience to improve the cadence and precision of risk-related decisions.
  • Highlighting ChainRisk’s potential to support these governance enhancements would strengthen the case for its ongoing role.

Conclusion

By narrowing the initial scope, aligning with ongoing initiatives like the Sandbox, and contributing to governance efficiency, ChainRisk can build a stronger relationship with the Compound community and demonstrate its value more effectively. These steps will not only validate the immediate need for ChainRisk’s services but also pave the way for broader integration and long-term collaboration.

5 Likes