Comprehensive Risk Management Services Proposal for Compound Finance by Chainrisk

Proposals
2

Note : This reply is a continuation to the first post.

Key Features

Protocol Risk Analysis

The dashboard will offer in-depth protocol and market-specific risk analysis, including ( but not restricted to ) :

  • Supply and borrow metrics per asset per market
  • Asset-specific Utilization rates
  • Asset distribution for supply and borrow
  • Value at Risk (VaR) and Liquidations at Risk ( LaR ) calculations per market
  • Protocol reserves distribution
  • Identification of accounts at risk of liquidation
  • Market Risk Alerts

User Analysis

To enhance user experience and decision-making, the dashboard will provide:

  • Real-time user metrics
  • User wallet breakdown and distribution
  • Individual user health scores
  • Simulations of user health based on asset price fluctuations

This comprehensive user analysis will enable Compound users to better understand and manage their positions.

5.3 On-Chain Credit Risk Framework

Proposal for Integrating On-Chain Credit Risk (OCCR) Scores with Compound V3

Introduction

In decentralized finance (DeFi), fostering transparent and efficient interactions between lenders and borrowers is key to sustained growth. We propose the integration of an On-Chain Credit Risk (OCCR) Score tailored for Compound V3 to evaluate wallet risk profiles, based on each wallet’s borrowing history on Compound and on-chain activity across the EVM networks.

The OCCR Score will allow Compound to more precisely manage Loan-to-Value (LTV) ratios and Liquidation Thresholds (LT) in response to user-specific risk assessments. This targeted approach encourages risk-aware borrowing behaviours, enhances capital efficiency, and establishes Compound as a leader in secured and data-driven DeFi lending.

Overview of On-Chain Credit Risk (OCCR) Scores

The On-Chain Credit Risk Score quantifies the likelihood of default for individual wallets based on on-chain activity, including transaction history on the Ethereum network and borrowing patterns on Compound. This score serves as an objective risk metric designed to support creditworthiness assessments, opening new capital efficient avenues for borrowing.

Unlike traditional credit models in Web2 that rely on centralized credit histories and personal financial data, OCCR relies solely on transparent, immutable blockchain data. This model assesses the probability of a wallet defaulting, based on key on-chain behaviours, offering Compound a highly reliable means to gauge risk in real-time.

Proposed Implementation Plan

  1. Score Calculation and Integration:
    • Develop the OCCR Score framework tailored to Compound V3, incorporating data from the wallet’s borrowing history on Compound and on-chain transaction history on Ethereum.
    • Integrate the scoring framework into a user dashboard, displaying key borrowing metrics and transaction history.
  2. Dashboard Integration:
    • Implement a wallet risk dashboard where users can view their OCCR Score alongside detailed borrowing and transaction data, making the risk evaluation process transparent and actionable.
    • Offer resources to help users understand and improve their scores, promoting responsible borrowing behaviours.
  3. Ongoing Evaluation and Optimization:
    • Conduct regular reviews and evaluations to ensure that OCCR Scores remain accurate and relevant.
    • Continuously monitor the impact of OCCR Score integration on Compound’s capital efficiency and user behaviour.

Benefits of OCCR Scores

  1. Dynamic Loan-to-Value (LTV) Adjustment: LTV ratios can be flexibly adjusted based on OCCR Scores. Lower-risk wallets could receive higher LTV ratios, incentivizing users to maintain a favourable score while potentially increasing borrowing capacity. We will try to incorporate this as a core feature in new protocol upgrades and initiatives, such as the Compound Sandbox proposed by the WOOF team.
  2. Transparency and User Incentives: By displaying OCCR Scores on user dashboards, Compound empowers users with insights into their credit risk standing, encouraging positive borrowing practices and fostering long-term engagement with Compound.
  3. Data-Driven Risk Assessment: Integrating OCCR leverages Compound users’ borrowing history on the protocol and Ethereum transaction history, bringing more granularity and accuracy to risk assessments.

Conclusion

Integrating On-Chain Credit Risk (OCCR) Scores into Compound V3 represents a forward-looking enhancement to the protocol’s risk management and lending practices. We plan to enhance and refine our current OCCR scoring system based on community feedback before expanding its capabilities. Once we’ve established a more stable foundation, we’ll explore incorporating Dynamic Loan-to-Value (LTV) Adjustment and additional applications of OCCR Scores.

We look forward to working closely with Compound’s team to realize this vision and contribute to enhanced growth for Compound in the coming years.

Read more about our methodology here - On-Chain Credit Risk Scoring by Chainrisk

5.4 Restaking Risk Framework

As the DeFi landscape evolves, restaking mechanisms continue to gain prominence, providing novel utility and yield generation opportunities for staked assets. Recognizing this growing trend, we at Chainrisk propose a comprehensive risk assessment and quantification framework, specifically tailored to address the unique risks associated with restaking within Compound’s lending and borrowing ecosystem. Our framework aims to quantify collateral riskiness and Actively Validated Services (AVS) risk, ensuring Compound’s users can make informed decisions regarding restaking tokens as both base and collateral assets.

Background and Objectives

Restaking mechanisms inherently introduce additional layers of risk to protocol assets, including exposure to validator slashing, network instability, and collateral devaluation in adverse events. Compound stands to benefit greatly from integrating a systematic approach to assessing these risks, especially as they impact collateral health and market stability. By developing an AVS risk framework, Chainrisk aims to enable Compound to:

  • Evaluate Restaking Asset Risks: Identify and quantify potential risk factors tied to slashing events, staking network failures, and variations in collateral stability.
  • Enhance Asset Transparency: Provide risk insights for informed decision-making around listing restaking tokens as collateral and base asset.
  • Integrate Dynamic Risk Monitoring: Implement a dashboard that aggregates risk factors, facilitating real-time adjustments to Compound’s risk management strategies.

Proposed Framework Components

Our framework is designed to assess the risks associated with restaking, focusing on two primary aspects:

  1. Actively Validated Services (AVS) Risk:
    • AVS Risk Quantification: By quantifying the risk of slashing across multiple staking networks, we aim to provide a precise assessment of the risks associated with validator misbehaviour or network vulnerabilities.
    • Risk Modulation: AVS risk scores will dynamically adjust based on network conditions, validator activity, and governance updates, providing Compound with timely risk updates.
  2. Collateral Riskiness Assessment:
    • Restaking Token Collateral Profiles: Each restaking token will be evaluated for its ability to be used as collateral under stress conditions.
    • Cross-Network Correlation Analysis: Using cross-correlation data, we will assess dependencies between restaking networks, capturing contagion risk and reinforcing risk scoring for Compound’s listed assets.
    • Liquidity Stress Testing: To prevent illiquidity risks, we will perform simulations and stress tests on restaking tokens, ensuring collateral health under high-volatility conditions.

Deliverables

  1. AVS Risk Dashboard Integration:
    • Dynamic Dashboard: A real-time, on-chain dashboard will be built to continuously monitor AVS risk and collateral riskiness of restaking tokens within Compound.
    • Historical and Predictive Analytics: The dashboard will display historical data and predictive analytics, facilitating informed governance and listing decisions.
  2. Risk Reporting & Analysis:
    • Quarterly Reports: Our team will provide quarterly risk reports covering insights on restaking token behaviours, market conditions, and ongoing AVS and collateral evaluations.
    • Continuous Data Feed: Integration of a live risk feed into Compound’s risk management infrastructure, enabling instantaneous data-driven responses to market changes.
  3. Governance Collaboration:
    • Risk Scoring Criteria: Work closely with the Compound community to establish criteria for listing restaking tokens as base and collateral assets, based on quantifiable AVS and collateral risks.
    • Iterative Improvements: Based on Compound’s feedback, we will iterate and refine our framework, ensuring it aligns with evolving protocol needs and market trends.

Value to Compound

This framework will empower Compound to maintain a high standard of security and transparency for users, improving risk assessment capabilities specifically for the restaking sector. The Chainrisk AVS and Collateral Risk Framework will mitigate exposure to adverse events, allowing Compound to confidently onboard new assets with increased security and risk insights.

5.5 Detecting Governance Attacks through MAIDS

Governance Attacks on Compound

Governance Extractable Value (GEV) refers to the profits or benefits that individuals or groups can obtain by controlling or influencing the governance mechanisms of decentralized protocols. Similar to Miner Extractable Value (MEV) in mining, GEV is realized when token holders, delegates, or participants with significant voting power manipulate decisions to their advantage, often through buying votes, proposing self-serving changes, or exploiting loopholes in governance models.

Governance attacks present a unique threat to decentralized protocols like Compound Finance, where power rests in the hands of token holders who vote on important decisions. Governance models in DeFi platforms aim to decentralize control, but they are susceptible to attacks when a small group amasses enough voting power to sway outcomes in their favour.

A notable example recently occurred with Compound Finance. In July 2024, a proposal (Proposal 289) by a group known as the “Golden Boys,” led by an individual nicknamed “Humpy,” successfully passed, which aimed to allocate approximately $24 million in COMP tokens to a yield-bearing protocol called “goldCOMP.” This protocol, designed and controlled by the Golden Boys, would have taken a significant portion of Compound’s treasury funds. The proposal narrowly passed, sparking accusations of a governance attack as critics pointed out that Humpy’s group had acquired a substantial quantity of COMP tokens just below the quorum threshold. This led to concerns that the vote was manipulated rather than reflecting the community’s broader interests.

Compound’s governance attack highlights a vulnerability within DAO structures: the “token-based voting” mechanism. When voting power is directly tied to token ownership, it becomes possible for wealthy groups or individuals to buy influence and push through self-serving proposals. The incident also underscores the importance of governance safeguards, as some DeFi communities are now advocating for stronger protections, like time delays for proposal execution, stricter quorum requirements, or alternative governance models that don’t concentrate power solely based on token holdings

In response to this attack, Compound ultimately reached a settlement with the Golden Boys, leading to the cancellation of Proposal 289. The community also discussed potential governance model changes to prevent future incidents, including exploring mechanisms similar to Curve Finance’s “ve-tokenomics,” which requires users to lock up tokens over an extended period to obtain voting power. This model seeks to align governance incentives more closely with long-term commitment rather than short-term profit-driven voting.

Multi-Agent Influence Diagrams (MAIDs)

Multi-Agent Influence Diagrams (MAIDs) are powerful tools for analyzing governance structures in decentralized finance (DeFi). They are particularly effective in scenarios involving multiple agents, such as Compound’s governance, where decision-making depends on the collective actions and incentives of a wide range of stakeholders. MAIDs combine elements of Bayesian networks and influence diagrams to represent complex interactions, allowing each agent’s decisions, beliefs, and objectives to be captured within a graphical model.

Detecting Vulnerabilities in Compound’s Governance with MAIDs

In the context of Compound, MAIDs can be instrumental in analyzing and mitigating vulnerabilities related to Governance Extractable Value (GEV). GEV arises when influential agents in a governance system exploit their voting power to extract value, often at the protocol’s expense. Here’s how MAIDs can be applied to detect such vulnerabilities:

  1. Modelling Incentives - By representing Compound’s governance as a MAID, each agent (or major COMP holder) can be modelled with their decision variables (e.g., supporting or opposing proposals) and utility variables (such as potential financial gains). This model allows the identification of agents whose incentives may diverge from the protocol’s long-term stability, particularly if these agents stand to gain financially from voting in self-serving ways.
  2. Analysing Agent Strategies - MAIDs allow researchers to simulate different voting scenarios, helping to identify situations where agents with large holdings might coordinate to push proposals that disproportionately benefit themselves. For example, if a proposal reallocates a large amount of COMP tokens to a few addresses, an MAID can reveal how this would influence other agents’ responses and whether it aligns with Nash equilibrium strategies for profit maximization.
  3. Identifying Equilibria and Deviation Risks - Through Nash equilibrium computations, MAIDs can pinpoint the optimal strategy for each agent, given the incentives and actions of others. If MAID analysis reveals that some agents have a strong incentive to deviate from the collective good, this signals potential vulnerabilities. For instance, the recent attack on Compound involved a group that gained near-majority control by purchasing COMP tokens, allowing them to pass a proposal beneficial to themselves.

Application of MAIDs for Mitigating Governance Attacks

In Compound, MAIDs can serve as a tool to strengthen governance frameworks:

  • Formal Verification of Strategies - MAIDs can be used to establish protocols for strategic decision-making. By verifying that agent incentives align with protocol sustainability, Compound could mitigate risks from proposals designed purely for extractable value.
  • Simulation of Adversarial Behavior - MAIDs are also effective for testing governance models under attack scenarios. In the paper’s example, introducing an adversarial agent into a MAID reveals how such an agent’s disruptive strategies affect equilibrium. For Compound, similar simulations could help prepare countermeasures for scenarios where a small group gains voting power to influence the protocol adversely

Next Steps

The first and foremost step would be to set up the MAIDs with exact values after an extensive analysis of the Compound V3 governance protocol. It is not exactly trivial to consider the exact dynamics of the protocol and our analysis in this post was just a glimpse into how important solving such problems for the compound protocol would really be. This setup process requires precise identification of all decision points, chance events, and utility considerations specific to Compound V3. Such a framework must incorporate a thorough assessment of the decision-making processes of both honest and adversarial agents, including decisions like submitting proposals, accepting or rejecting bribes, and voting outcomes. Additionally, it requires accurately modelling the variables that influence these choices, such as governance extractable value (GEV), reputational impacts, and conditional probability distributions for uncertain events in the governance environment. MAIDs would be the key to turning the theoretical analysis of extensive form games in Compound Governance into an actionable tool that can be used to address shortcomings as they appear.

Read more about how MAIDs could have detected the recent Golden Boys Attack :

https://chainrisk-cloud.notion.site/MAIDs-for-Compound-Governance-1c933914d6604b5f8e05a60bde728820

6. Technical Implementation

6.1 Chainrisk Simulation Engine

The Chainrisk Simulation Engine is a sophisticated, modular testing environment designed to conduct high-fidelity simulations of DeFi market scenarios. It comprises two key components:-

  • RiskEVM: A high-performance, Rust-based simulation engine optimized for computationally intensive tasks. RiskEVM models complex protocol interactions, including borrowing, lending, and liquidation events under various market conditions. This component enables a comprehensive assessment of protocol behaviour and stability, particularly during periods of market stress.
  • On-Chain Simulation: This component executes backtests on forked mainnet networks, ensuring simulation accuracy and fidelity to real-world scenarios. By leveraging actual on-chain data, it evaluates protocol responses to diverse conditions, providing insights into resilience and potential vulnerabilities.

The integration of these components allows Chainrisk to identify potential risks and optimize parameters with a high degree of precision. This dual-pronged approach combines the efficiency of the Rust-based simulation engine with the accuracy of on-chain data, enabling robust risk assessment and parameter optimization for DeFi protocols.

Why do we need 2 Engines?

The RiskEVM is a custom-built, highly optimized agent-based simulation engine designed to address the challenges of conducting large-scale economic audits on blockchain networks. It leverages Rust’s capabilities for parallelism and concurrency to significantly reduce Time to Complete (TTC) for complex audits.

The RiskEVM offers several key advantages that enhance its performance and efficiency in conducting complex DeFi simulations. It employs parallel execution of independent tests and transactions, significantly reducing overall processing time. The system’s ability to deterministically pre-identify wallet interactions allows for optimized resource allocation. Additionally, its branched processing architecture, which converges for final results, ensures both speed and accuracy.

The RiskEVM eliminates the need for external RPC calls and repetitive oracle setups per simulation, streamlining the process and reducing potential points of failure. Finally, by minimizing the gas cost complexity typically associated with mainnet fork testing, it provides a more cost-effective solution for comprehensive protocol analysis. These features collectively enable the RiskEVM to perform extensive simulations with improved speed, accuracy, and resource efficiency compared to traditional methods.

This architecture allows the RiskEVM to perform extensive simulations (e.g., 6 million for Compound Labs) more efficiently than traditional on-chain forked network approaches. By minimizing latency, external dependencies, and resource overhead, the RiskEVM provides a more scalable and cost-effective solution for comprehensive blockchain economic audits.

Architecture :

Chainrisk Solution Architecture
Chainrisk Solution Architecture1040×998 75.7 KB

Benchmarking

The Chainrisk RiskEVM leverages a highly optimized Anvil implementation using a Rust compiler. Its modular architecture and efficient handling of high transaction volumes, combined with minimal external calls, results in latency improvements of up to 150x compared to competitors.

This performance boost enables the Chainrisk team to rapidly compile and generate risk parameters. The system significantly outperforms current risk management solutions, which typically process around 40K simulations in 24 hours. The RiskEVM’s capabilities allow for:

  1. Real-time parameter recommendations for settings that don’t require governance proposals

  2. Accelerated analysis for parameters and markets subject to on-chain voting

The enhanced simulation speed translates to:

  • Faster updates
  • Quicker alerts
  • Increased ability to mitigate potential market shocks

This technological edge positions Chainrisk to provide more responsive and effective risk management in dynamic market conditions.

6.2 Chainrisk Cloud Architecture

Our cloud architecture is designed to support high-performance computing and large-scale data management, leveraging AWS services to ensure scalability, reliability, and security. Below is an overview of the key components and considerations that shape our infrastructure.

Core Compute Components

  • Kubernetes: Our primary compute happens in multi-region Kubernetes Clusters, as we use AWS as our primary cloud provider. We use Elastic Kubernetes Service ( EKS ) coupled with AWS Fargate. EKS allows us to manage containerized applications using Kubernetes without the overhead of maintaining the control plane. This service automatically scales the Kubernetes control plane based on workload demands, ensuring high availability and performance.
  • ⁠Elastic Container Service: Our secondary compute is AWS ECS coupled with Fargate. We use this if we suddenly need to run a burst of workload for a shot duration of time or in case of super heavy load or as a failover service in case our main Clusters are down for some reason like maintenance.

Scalability

Scalability is a critical aspect of our architecture, enabling us to efficiently handle varying workloads:

  • Horizontal Scaling: EKS supports horizontal scaling of workloads, allowing us to increase or decrease the number of running pods based on demand. This flexibility is essential for maintaining performance during peak usage times.
  • Multi-Region Deployment: Currently operating in two AWS regions, our architecture can support up to 12 million simulations daily. This multi-region setup enhances our resilience and ensures low-latency access for users in different geographical locations.
  • Service Integration: Services like Amazon SQS for messaging, RDS for database management, and API Gateway for API management scale seamlessly with our compute resources. This integrated approach simplifies operations and enhances responsiveness to user demands.

Security Framework

Security is embedded at every level of our architecture:

  • Identity and Access Management (IAM): We implement strict IAM policies to enforce least-privilege access controls across all services, ensuring that users and applications have only the permissions necessary for their functions.
  • Secrets Management: Utilizing AWS Secrets Manager, we securely store sensitive information such as API keys and database credentials. Automated rotation of these secrets further enhances our security posture.
  • Network Isolation: Sensitive workloads are deployed within a Private VPC, isolating them from public internet access. This setup minimizes exposure to potential threats while allowing controlled access to necessary services.
  • Data Security: Our databases employ encrypted connections and fine-grained access controls. Additionally, multi-region backups safeguard against data loss, ensuring business continuity in case of failures.

Performance Monitoring and Optimization

To maintain optimal performance as we scale:

  • Monitoring Tools: We utilize monitoring solutions that provide insights into resource utilization and application performance. This data informs scaling decisions and helps identify potential bottlenecks before they impact operations.
  • Load Testing: Regular load testing is conducted to validate the scalability of our architecture under various conditions. These tests help ensure that our infrastructure can handle anticipated workloads without degradation in performance.

Future Directions

As we evolve our cloud infrastructure:

  • Enhanced Flexibility: We aim to enhance flexibility by exploring additional cloud providers while maintaining our primary reliance on AWS.
  • Advanced Autoscaling: Plans are underway to optimize resource allocation through advanced autoscaling configurations and potentially integrate more managed services to reduce operational overhead.

This architectural framework ensures we can efficiently manage complex computations and large datasets while maintaining a strong focus on security and scalability.

7. Performance Metrics and KPIs

Financial Metrics

  1. Revenue Growth: Track the increase in revenue due to introducing new markets.
  2. Return on Security Investment (ROSI): Calculate the financial benefits of security investments relative to their costs.

Incentive Deliverables

  1. Restaking Risk Framework: Track the progress and effectiveness of implementing the restaking risk framework.
  2. On-Chain Credit Risk Score Implementation: Track the progress and effectiveness of implementing the On-Chain Credit Risk score.
  3. MAID Implementation Progress: Measure the progress in implementing MAIDs to prevent governance attacks.

Community Engagement and Satisfaction

  1. Community Net Promoter Score (NPS): Survey the community to gauge satisfaction with the Compound-Chainrisk relationship.
  2. Community Engagement Metrics: Track community participation in security-related discussions, forums, and educational initiatives.

8. Fee Structure

Base Compensation

  • Annual Base Fee: $500,000 USD
    • Paid in USDC, streamed linearly over the 12-month period (January 1, 2025 - December 31, 2025)
    • Monthly Payment: $41,666.67 USDC

Performance-Based Incentives

  • Total Incentive Pool: $150,000 + Performance Bonus in COMP tokens
    • Priced based on a 7-day Time-Weighted Average Price (TWAP)
    • Paid upon successful completion and verification of each deliverable

Incentive Breakdown:

  1. On-chain Credit Risk Framework: $50,000
    • Deliverable: Develop and launch a public dashboard that integrates and visualizes Compound users’ borrowing history, credit scores, and risk profiles for enhanced transparency and user insights.
  2. Restaking Risk Framework: $50,000
    • Deliverable: Developing a framework for quantifying AVS risks, slashing risks, and evaluating risks associated with restaking assets
  3. Governance Attack Prevention: $50,000
    • Deliverable: Implementing MAIDs to prevent Governance Attacks on Compound V3
  4. Performance-Based Revenue Sharing:

    • Condition:

      If the cumulative revenue brought by Chainrisk in the markets they manage exceeds $500,000 annually, Chainrisk will earn 25% of the revenue amount.

    • Evaluation and Disbursement:

      The Performance-Based Revenue Sharing will be evaluated and disbursed annually, based on the total revenue generated in the ongoing year.

    • Example:

      • Revenue Generated: $1M
      • Chainrisk Bonus Earned: (1,000,000- 500,000) × 25% = $125,000

Contract Terms

  • Engagement Period: January 1, 2025 - December 31, 2025 (12 months)
  • Early Termination Clause: Compound can terminate the contract after 6 months (June 30, 2025) if unsatisfied with progress. In the event of early termination:
    • Base compensation will be prorated for completed months
    • Earned incentives will be paid out; unearned incentives will be forfeited

9. References to Previous & Upcoming Work

You can find in this section links to our work:

Research from the Team - Chainrisk Simulation Engine | Chainrisk VaR Methodology | DeFi Lending & Borrowing Risk Framework | Multi-Agent Influence Diagrams ( MAIDs ) for DeFi Governance | MAIDs Video

10. Conclusion and Next Steps

We plan to submit a governance proposal in the coming weeks. Based on community feedback, we will initiate an on-chain snapshot for voting. Please share your comments and suggestions below. Thank you for your active participation in our proposal.

6 Likes