Exercises: Chapter 25 — The DeFi Risk Stack

Exercises: Chapter 25 — The DeFi Risk Stack

Conceptual Exercises

Exercise 25.1: Risk Layer Identification

For each of the following scenarios, identify the primary risk layer from the DeFi Risk Stack (smart contract, oracle, governance, liquidity, composability, regulatory, bridge, or counterparty) and explain why. Some scenarios involve multiple layers — identify the primary one and name the secondary layers.

a) A lending protocol uses a Uniswap v3 TWAP oracle for a low-liquidity token. An attacker manipulates the token's price on Uniswap for 30 minutes, then borrows against inflated collateral on the lending protocol.

b) A protocol's governance votes to redirect treasury funds to a new "strategic partnership" entity controlled by the protocol's founding team. The vote passes with 4% participation, and the founding team holds 3.8% of the total token supply.

c) A yield aggregator deposits user funds into three underlying protocols. One of those protocols is exploited, losing all deposited funds. The yield aggregator's smart contracts work exactly as designed — it faithfully deposited into and is now unable to withdraw from the exploited protocol.

d) The SEC issues a Wells notice to the team behind a major DEX, alleging that the DEX operates as an unregistered securities exchange. The DEX token drops 40% in 24 hours, and lending protocols that accepted the DEX token as collateral face potential bad debt.

e) A user bridges USDC from Ethereum to a Layer 2 using the official bridge. Six months later, a vulnerability in the bridge contract is discovered. The user's "USDC" on the L2 is actually a wrapped representation that depends on the bridge's solvency.

Exercise 25.2: Euler Finance Attack Reconstruction

Using the description of the Euler Finance exploit in Section 25.11.1, draw a step-by-step diagram showing: 1. The attacker's initial state (no assets) 2. The flash loan deposit 3. The leverage operation (minting eTokens and dTokens) 4. The donate-to-reserves call 5. The self-liquidation 6. The extraction of profit and flash loan repayment

For each step, indicate the attacker's eToken balance, dToken balance, and collateral ratio. Explain why the donate-to-reserves step was the critical vulnerability — what would have happened if the function had checked for outstanding debt before allowing the donation?

Exercise 25.3: Iron Finance Death Spiral Analysis

The Iron Finance collapse followed a reflexive feedback loop. Map the complete loop: 1. Start with "Large TITAN holder sells" 2. Trace through each step: TITAN price decline, IRON depeg, arbitrageur redemption, TITAN selling from redemption, further TITAN price decline... 3. Identify the point(s) where the loop could have been broken. What mechanism(s) could have prevented the death spiral? 4. Compare this to the Terra/Luna collapse. What was structurally identical? What was different (in terms of scale, mechanism, and aftermath)?

Exercise 25.4: Trust Dependency Mapping

Choose one of the following DeFi positions and map its complete trust dependency graph — every entity, protocol, oracle, and infrastructure provider that must function correctly for the position to be safe:

a) Depositing ETH into Lido, then using stETH as collateral on Aave to borrow USDC b) Providing liquidity to a Curve stablecoin pool (e.g., USDC/USDT/DAI), then staking the LP tokens on Convex c) Using a cross-chain bridge to move USDC from Ethereum to Arbitrum, then depositing into a lending protocol on Arbitrum

For your chosen position, answer: How many distinct entities must you trust? Which single entity's failure would be most catastrophic? How does this compare to the trust dependencies of holding USDC in a bank account?

Exercise 25.5: The Composability Cascade

Describe a plausible (but fictional) composability cascade failure involving at least four protocols. Your scenario should: - Start with a specific triggering event in Protocol A - Show how the failure propagates to Protocol B (different type than A) - Show how it reaches Protocol C through a different pathway - Show how Protocol D is affected even though it has no direct dependency on Protocol A

Make the scenario realistic — use actual protocol types (lending, DEX, liquid staking, stablecoin, yield aggregator) and actual risk mechanisms (liquidations, depegs, oracle failures, bank runs).

Applied Exercises

Exercise 25.6: Due Diligence Report

Select a real DeFi protocol currently operating (e.g., Aave, Compound, MakerDAO, Uniswap, Curve, Lido, Rocket Pool, GMX, or any protocol you use). Complete the 15-point due diligence checklist from Section 25.12 for that protocol. For each point: - Provide your finding (with sources — link to audit reports, governance forums, on-chain data) - Rate the risk as Low, Medium, or High - Explain your rating

Conclude with an overall risk assessment: Would you deposit funds into this protocol? At what size? With what percentage of your portfolio?

Exercise 25.7: Risk Scoring Model Design

The chapter's code exercise (risk_scoring.py) implements a simple weighted risk scoring model. Extend it by:

a) Adding two additional risk factors not included in the original model. Justify why these factors are important and how they should be weighted.

b) Calibrating the model against historical data: take five protocols that have been exploited and five that have not. Score all ten using your model. Does the model correctly identify higher risk for the exploited protocols? If not, what factors are missing?

c) Discuss the limitations of quantitative risk scoring for DeFi. What risks are inherently difficult to quantify? How should qualitative factors be incorporated?

Exercise 25.8: Cascade Simulation Extension

The chapter's code exercise (cascade_simulation.py) simulates a three-protocol cascade. Extend the simulation by:

a) Adding a fourth protocol that acts as an insurance pool. The insurance pool covers losses in Protocol B up to a maximum payout. Run the simulation with insurance and without. How does insurance change the cascade dynamics? Under what conditions does the insurance pool itself become insolvent?

b) Adding a "circuit breaker" mechanism to Protocol B that pauses liquidations when the collateral price drops more than 30% in a single time step. How does this affect the cascade? Does it prevent the failure or merely delay it?

c) Running a Monte Carlo simulation with 1,000 trials using random initial conditions. What percentage of trials result in a full cascade failure? What are the most important parameters for determining whether a cascade occurs?

Exercise 25.9: Regulatory Risk Scenario Analysis

Choose one of the following regulatory scenarios and analyze its impact across the DeFi Risk Stack:

a) Scenario A: The EU implements a requirement under MiCA that all DeFi protocol front-ends operating in Europe must implement KYC/AML checks. Analyze the effects on: protocol usage, liquidity, governance token values, and the likely responses from protocol teams.

b) Scenario B: The U.S. Treasury sanctions a major stablecoin (e.g., USDT or USDC) due to evidence of sanctions evasion by a foreign government. Analyze the immediate effects on DeFi lending protocols, DEX liquidity pools, and cross-chain bridges that hold the sanctioned stablecoin.

c) Scenario C: A major jurisdiction declares that all governance tokens are securities and must be registered. Analyze the impact on governance participation, protocol decentralization efforts, and the viability of on-chain governance.

Exercise 25.10: Insurance Protocol Evaluation

Research one DeFi insurance protocol (Nexus Mutual, InsurAce, Unslashed Finance, or Neptune Mutual) and answer:

a) What types of events does it cover? What is explicitly excluded? b) How are claims assessed? Who decides whether a claim is valid? c) What is the protocol's claims history? Have claims been paid for major events? d) What is the maximum coverage available? How does this compare to the TVL of the protocols it covers? e) What are the smart contract risks of the insurance protocol itself? Has it been audited? f) Would you purchase coverage from this protocol? Under what circumstances?

Discussion Questions

Discussion 25.1: The Audit Paradox

Euler Finance was audited six times and still lost $197 million. Some argue this proves that audits provide a false sense of security and that the industry should invest more in formal verification, bug bounties, and economic security modeling instead. Others argue that audits remain the most cost-effective security measure and that the Euler case is an outlier. What is your position? Should DeFi protocols be required to undergo audits before launching?

Discussion 25.2: Code Is Law vs. User Protection

The Mango Markets exploiter (Avraham Eisenberg) argued that his actions were legitimate because he was simply using the protocol as designed — the code permitted his trading strategy, so it was not an exploit. He was nevertheless convicted of fraud. Where should the line be drawn between "clever use of a protocol" and "exploitation"? Should the code define what is permitted, or should external legal and ethical standards apply?

Discussion 25.3: Systemic Risk and Regulation

Traditional finance manages systemic risk through regulation: capital requirements, deposit insurance, central bank backstops, and systemic risk oversight. DeFi has none of these. Should DeFi develop its own systemic risk management mechanisms? If so, what would they look like — and who would enforce them? Can systemic risk be managed in a permissionless system, or is permissionlessness itself the source of systemic risk?

Discussion 25.4: The Transparency Tradeoff

DeFi's transparency means that anyone can see exactly what every protocol holds and does. This is a significant advantage over opaque traditional financial institutions. But transparency also means that attackers can see exactly what every protocol holds and analyze the code for vulnerabilities. Is DeFi's transparency net positive or net negative for security? How does the answer change depending on the type of risk (smart contract vs. oracle vs. governance vs. liquidity)?

Discussion 25.5: Insurance in a Correlated System

DeFi insurance works well for idiosyncratic risks (single protocol failures) but poorly for systemic risks (market-wide collapses). This is similar to the problem traditional insurance faces with correlated risks (pandemics, housing market collapses). Is DeFi insurance fundamentally viable as a risk mitigation strategy, or is it destined to fail precisely when it is most needed? What structural changes could make DeFi insurance more robust?