July 17, 2024
The EEA today published the DeFi Risk Assessment Guidelines, Version 1. This is a pioneering document that compiles risks for DeFi protocols, as well as mitigation strategies. The guidelines also cover the documentation and data a project should have to help investors assess and manage these risks and mitigation measures.
The standard was developed and will be maintained by the EEA’s DRAMA Working Group. This group brought together leading representatives from the blockchain and finance industries to strengthen the DeFi ecosystem against a range of risks. Banco Santander, Bitwave, C4, Certik, Coinchange, Consensys, Cryptio, Cube.AI, DeFi Safety, DTCC, Entersoft, EY, Hacken, Noves, OpenZeppelin, QualitaX, Quantstamp, Relm, and SAP pooled their resources and knowledge to develop this document.
Dyma BudorinCo-Chair of EEA DRAMA and CEO of Hacken:
“The need for these guidelines is underscored by the ongoing regulatory uncertainty in the DeFi space. With traditional frameworks lagging behind DeFi’s rapid growth, this document serves as a critical, industry-backed roadmap for navigating the complexities of DeFi through targeted risk management strategies.
From a security perspective, proper documentation is the cornerstone of a project’s smooth running and security. This standard is the first comprehensive resource that founders and development teams can rely on when working on their products.
Overview of the EEA Guidelines on DeFi Risk Assessment
Written with DeFi protocol users and investors in mind, this document is also relevant for protocol operators and developers looking to minimize risks related to their protocol. It can also serve as a tool for standards bodies and regulators.
The guidelines explain the risks that can affect DeFi protocols, covering a wide range of areas including software, governance, liquidity and tokenomics, external market factors, and regulatory and standards compliance. The document then examines the information that can be used to help assess the level of each risk and outlines potential mitigation strategies that can be adopted by the protocols themselves, third parties providing specialized services, or investors.
The book covers various areas:
DeFi is fundamentally built on several different types of software. The guidelines outline issues that affect each of them, such as smart contracts, bridges, or oracles. They also cover issues that can affect many types of software, such as the lack of standardization in DeFi that can cause interoperability issues and security risks when integrating and standardizing software or data from different vendors or sources.
Beyond software, a number of factors are important. The design of the tokenomics and liquidity management inherent in each DeFi protocol, governance structures, compliance with relevant regulations and standards, and external market factors can all introduce elements of risk for investors. Whether it’s a simple governance failure where a malicious insider steals the funds they are supposed to help protect, an externality that impacts a protocol’s performance in the broader market, or legal action from regulators, the guidelines provide insights into how to assess the likelihood of an issue occurring and provide guidance on how to minimize the associated risk.
Chaals NevileDirector of EEA Technical Programs and Editor of the EEA Guidelines on Defi Risk Assessment:
“The development of these guidelines has been and continues to be a collaborative effort by EEA members, benefiting the broader industry and ecosystem as well as participating organizations. The broad range of perspectives and deep expertise that participants bring to the group have been essential to this work. I am pleased to have been able to be a part of it and proud to have assisted the group, but most importantly, I am grateful to all those whose efforts and contributions have made this work possible.”
How DeFi Guidelines Will Help
For protocol founders and developers:
This is a reference guide for developing and managing a trusted protocol: what documentation a protocol should provide, what processes and workflows should be in place to ensure trust in the protocol, how to think about topics such as security, governance, tokenomics, liquidity, and external aspects that can be a source of risk.
For regulators and licensing bodies
The DeFi risk assessment guidelines can serve as a basis for regulators when evaluating and licensing projects. For example, the guidelines already serve as the basis for the DLT assessment methodology under the recent partnership between Abu Dhabi Global Markets and Hacken. Exchanges and other industry players should adopt these guidelines, ensuring a robust and secure DeFi ecosystem.
For institutional investors
Institutional participants will use the DeFi Risk Assessment Guidelines to identify and mitigate potential risks, ensuring a safer and more reliable environment for decentralized finance operations. By following these guidelines, institutional investors can better navigate the complexities of DeFi, contributing to the overall stability and confidence of the market.
Impact of DeFi Risk Guidelines on the Ecosystem
The rise of cryptocurrency exchange-traded funds (ETFs), including Ethereum ETFs, and the tokenization of assets underscore the need for a comprehensive risk assessment framework. Clear, standardized guidelines are essential as the floodgates open for institutional investors to enter the crypto space. While the recent surge has attracted attention, it is the influx of these major players that makes this standard vital. This framework helps ensure a safe and trustworthy environment for all participants in decentralized finance.
Michael LewellenHead of Solution Architecture at OpenZeppelin
“The DeFi sector is evolving rapidly with an ever-expanding set of new financial products and the challenges that come with them. There is a unique mix of financial and technical risks that need to be considered by new market entrants. The EEA Guidelines on DeFi Risk Assessment provide a comprehensive overview of the financial and technical risks and will be essential reading for businesses and institutions looking to safely engage with the DeFi ecosystem.”
About the EEA
The EEA is a global community of blockchain leaders, adopters, innovators, developers, and companies. We accelerate Ethereum business through professional and business support, advocacy and research, standards development, and ecosystem trust services.
The EEA is recognized for developing and maintaining the industry’s leading smart contract review standard, its EthTrust Security Levels specification. Developed by experts from multiple companies, it extended early foundational work such as the SWC Registry and the Solidity language project’s security work to improve smart contract security practices.
For more information on the EEA DeFi Risk Assessment Guidelines or its working groups, please contact EEA Technical Program Director Chaals Nevile: (protected email).
For all EEA membership requests, please contact (protected email) or visit
