THE DEFI FUNFAIR? - A beginner’s guide to Risk
DEFI - A money-making paradise, a funfair of yield-baring opportunities just waiting for you to come on in and enjoy the rides. However, it’s worth keeping in mind that like the funfair, the rides are rarely free, some are held together with chewing gum & sticky tape and a group of thugs are waiting to jump you behind the candy-floss stall.
Still, “Fortune favours the brave” right? Or should that be “Better to be safe than sorry”? Well, the Degen’s are gonna degen so how about “Look before you leap”?
The following is a non-exhaustive list of some risks to be aware of before you jump on the Aave-train. (Aave is Finnish for Ghost - you see what I did there anon? )
Self Custody Risk
TLDR
It's basic stuff but worth mentioning as SO many people seem to fall prey to scams or mistakes that can wipe you out before you’ve even stepped foot in the Defi theme park. Lose your seed phrase? Game Over. Click a dodgy link? Game Over. One of the tradeoffs with self-custody is there’s no one to call when things go wrong and once it’s gone, it’s properly gone.
Example
You go to Telegram to ask for help with a crypto-related problem. A helpful community member replies with a link to the solution. You click the link and sign to connect your wallet. Congrats, all your money is gone.
Mitigation
Never give your seed phrase to anyone. Use a hardware wallet. Use a multisig. Never keep large amounts on a browser-based hot wallet. Never click on a link from a Twitter reply or from an email that you don’t expect. Don’t trust a DM you receive from anyone on any platform. TAKE YOUR TIME AND THINK.
Smart Contract Risk
TLDR
An umbrella term to encompass the many ways a smart contract holding your assets might be compromised (VC speak for “Hacked”). Whether it’s re-entrancy attacks, code exploits or front-running, there have been innumerable examples over the years hitting some of the biggest names in the space. Ethereum itself succumbed during the infamous Dao hack. Other giants that have fallen prey include Bancor, Euler, Poloniex, Curve, Multichain, Kyberswap the list goes on… and on… and on.
Example
You deposit 10k DAI into your new favourite Defi app earning a sweet sweet 8% APR. The next morning you read a tweet from the founder reaching out to @samczsun “You up?”. Congrats, Lazarus hacked your app during the night and Kim Jong Un now owns your DAI.
Mitigation
Unless you’re a full-stack crypto Dev it’s going to be tough to make a call by reading the smart contract yourself. The best defence is a combination of caution and common sense. The longer a smart contract has been around the better, don’t go in too big and don’t put all your eggs in one basket. Ask yourself some basic questions. Is this a legit project? Is the team doxxed? Is there an insurance fund? If I lost all this money how badly would I be impacted? (Because you really might lose it all!)
Impermanent Loss
TLDR
Essentially the name given to professional arbitrageurs eating your lunch. Notoriously difficult to explain and even harder to comprehend, “Impermanent Loss” refers to the loss incurred to an LP (Liquidity Provider) when the price of either asset moves rapidly/significantly in one direction or another and the price difference is arbitraged away.
Example
You decide to LP in a 50/50 pool with Eth on one side and your favourite meme-coin on the other. You return 3 days later after the meme-coin has tanked. Congrats you now own a lot of worthless meme coins and very little ETH.
Mitigation
LP’ing is hard and you’re up against some tough, professional competition. Often fees and incentives to LP don’t even cover the impermanent loss so make sure you research the incentives vs the likely volatility of the asset pair.
Homework
Great little explainer here: <www.youtube.com/watch?v=8XJ1MSTEuU0>
Sandwich Attacks
TLDR
Time for a lunch break. Sandwich attacks are a common risk when using a decentralised exchange (DEX). A bot “sees” your buy order and pushes in front of it (called front-running) buying the asset ahead of you. It then immediately sells it to you at a slightly higher price, pocketing the difference.
Example
You place an order to buy a new meme coin on your favourite DEX, the KOL who shilled it told you to go into the DEX settings and whack the slippage % up (whatever that means). Jared from Subway is your server. Congrats you just paid a 20% premium on the token price.
Mitigation
Chances are you’re going to get sandwiched. You can limit the damage by trading highly liquid pairs, keeping the slippage setting at a sensible level and keeping your order size on the small side in relation to liquidity.
Homework
cyberscope.medium.com/sandwich-attacks-in-crypto-how-to-protect-yourself-9e9c223c7e3a
Liquidation Risk - Borrowing
TLDR
Using your crypto as collateral to take out a loan is all well and good while prices are on the rise but if things go south your collateral could easily become someone else’s collateral.
Example
You borrow $2k on a Defi app using 1 Eth as collateral. Eth is $3500 so everything looks healthy. Sweet. Oh wait, Gary Gensler just said the words Ethereum and Security in the same sentence and the price of ETH spiked down to $2300. Congrats you are liquidated, enjoy your $2k because your ETH is gone.
Mitigation
Don’t max out your borrowing limits, only borrow small amounts in relation to your collateral. Use it as a short-term position and re-pay that loan ASAP.
Liquidation Risk - Leverage
TLDR
Certainly not isolated to crypto, leveraged trading has been the downfall of many a “trader.” With platforms and protocols offering increasingly high leverage, it can be hard to resist. However the higher your leverage the smaller the price-movement needs to be to have a dramatic effect on your PnL, for better or worse.
Example
Your new favourite trading platform is offering 100x leverage, Wow! You stick 1ETH in and now you have the buying power of 100ETH. What’s not to love?! You place a trade to Long BTC at a strong support level. Oh wait, that level is just an arbitrary line on your computer screen and price doesn’t care. Congrats you just lost your account.
Mitigation
Just don’t do it. Or if you have to, keep the leverage low. Only stick in what you can afford to lose cos chances are, you’re going to lose it.
Some other things to think about.
Complexity
Defi apps are becoming increasingly complicated (shout out to Pendle) so ask yourself: Do I really understand how this protocol I’m putting my money into works? If the answer is no, maybe spend some time figuring it out. Give the new shiny cutting-edge protocol idea a few weeks (or call me crazy months!) before committing your capital.
**Where is the Yield coming from? **
Always remember the ancient crypto proverb “If you don’t know where the yield is coming from… you are the yield”. The impressive yield percentage that got your attention must be coming from somewhere. Is it from fees? (hopefully) Is it from token printing (more likely). If it’s not obvious or not fully explained in the docs, move on.
Summing Up
The risks in Defi are as wide-ranging as the apps themselves and not all risks may be immediately obvious. As always in crypto do some research and understand what it is you are putting your money into, keep positions small in relation to your portfolio and before entering into any Defi position ask yourself this: IS IT WORTH IT?
Oh yeah, and HAVE FUN!
Is it theoretically possible to build a friend.tech style plugin for @lensprotocol ? So you could essentially buy a piece of your favourite creator?
I find friend.tech itself clunky and on its own is pretty dull but as a plug-in to a wider social app like Lens it could be really interesting.
Anyone working on that??
Solo Staking Project - Day 6
Installed the Rocket Pool software - no issues! And now… It's decision time. Which clients am I going to run? 🤷🏼♂️
I've been seeing a lot of talk recently about client diversity and how important it is so I've decided to rule out Geth as my execution client and Prism & Lighthouse as my consensus client. I know, my one little node isn't going to tip the scales but why choose to run these when you can help with diversity by choosing a minority client.
With Geth ruled out I'm left with Besu or Nethermind. As Nethermind uses much more RAM I'm picking Besu. Consensus wise I'm left with Nimbus, Lodestar or Teku. I choose Nimbus purely because it aims to be as lightweight as possible in regards to resources used and resource consumption, I like the sound of that. Not the most scientific of reasons but as good as any I guess.
Clients picked, it’s time to start syncing! Exciting!
3…2…1… go!! And… wait. And wait. And wait some more. 🫠
I notice now that RP mentions BESU has a slow sync. Man, I didn’t realise how slow it would be. Made the mistake of not using checkpoint sync and it took…. drum roll….
1 WHOLE WEEK to sync!!!
😵💫🤯
Maybe use checkpoint sync guys. Anyway, it’s done, I have a node!
Now… to make it a validator 💪
Solo Staking Project - Day 5
I've now worked through the many security recommendations in the Rocket Pool docs and implemented all their suggestions, so far so good. My one concern was the suggestion that I should get a static IP address. The reason being if you have a dynamic IP and the address suddenly changes it will screw up your SSH settings. So I contacted my internet service provider... only to be informed that they don't offer static IP to retail plebs like myself. ☹️
After ponding the issue for a few minutes I thought it was probably time to go track down someone more knowledgable on a discord forum. Here I will plug two great discord servers.
Rocket Pool Official Discord: discord.gg/5EYTy5B3
Eth Staker Discord: discord.gg/RsJQDw78Both
Both these servers were filled with helpful, very knowledgable communities and I heartily recommend them (thanks @sassal.lens for recommending EthStaker 👍). After chatting with some folks on the discords my mind was put at ease about my dynamic IP. It would potentially be a mild ball-ache but only from having to sit back on the floor re-configuring my SSH, not an existential issue.
Node security done, next up setting up the Rocket Pool software itself! Let's have it!
Solo Staking Project - Day 4 - SSH
So I've started working through the Rocket Pool docs and I have to say, they are great! Even for someone with limited technical ability (like me) they are really easy to follow and very comprehensive. Props to the Rocket Pool intern responsible. 👌
Revelation. I love SSH. Call me a naive noob but I had no idea about SSH. There was me sitting on the floor squinting at my TV punching badly copied code into my fledgling node via my cheap-ass eBay keyboard thinking "There must be a better way to do this!" Well there is. It's called SSH, and it's a game changer. Thankfully SSH came up early in the RP docs so I wasn't sitting on the floor for too long. In a nutshell it allows you to access/edit your node via a pop-up terminal window on another computer on your network. Which means, along with numerous other benefits, I can now copy/paste code directly from the RP docs, making things 100x better/faster. I can also now do this whilst sat on my couch! 🤙
I could use my regular laptop for this but for security purposes it's preferable to have a dedicated machine (apparently) and as it happens I have an old Thinkpad gathering dust on a shelf. It was only going to get sold on eBay for next to nothing so glad to have a better use for it. Slapped on a fresh install of Ubuntu then got on with setting up the SSH keys. This was the trickiest bit so far but I followed the instructions and everything seems to be working... 🤞
Onwards!
Solo Staking Project - Day 3
OK it's built. Opened up the base unit, replaced the memory, took out the SSD and replaced with the NVMe, unplugged the Wifi card (going to be using an ethernet cable) screwed it back up. Done. Why do people buy pre-built NUCs?!
FYI I'm just using my TV as a monitor at this stage. The modem/router is positioned next to the TV so it's a logical place to keep the node and the TV works perfectly well as a makeshift monitor.
Installing Linux OS. The Rocket Pool docs suggest using Debian 11, it's stable and battle-tested so I'll go with that. Pretty simple, just downloaded the software and then created a bootable USB stick as per the instructions. So far so good.
All installed fine. As per the instructions I'm disabling the GUI (graphical user interface) so everything will be controlled by the command line. I'm entering unchartered waters here, I've never used a system without a full-blown OS before. Wish me luck!
Solo Staking Project - Day 2 - Hardware
So according to Rocket pool these are considered the minimum hardware requirements:
Quad core CPU (or dual-core hyperthreaded)
8 GB of RAM (preferably DDR4)
2 TB of free SSD Disk Space
Linux or macOS Operating System
I looked into buying a ready made set up like the ones Dappnode offer but that was going to set me back around £1300 and I thought I could do better than that. Even a ready made NUC was going to cost close to 1k so I thought I'd see if I could pick up the individual pieces I need and build a unit myself. I went to eBay and this is what I got.
CPU & Base unit: Acer N4660G Mini Micro with a i5-9500T (9th gen i5 with 6 cores) - £160
RAM: 32GB of Crucial DDR4 RAM (2x16GB) - £75
2TB NVMe SSD - £110
Keyboard - £7.37
Total cost: £352.37
Boom!
Feel like this setup has plenty of power for my needs and should future proof it for a good few years to come. Now I just need to assemble it!
Solo Staking Project - Day 1
So I don't have 32ETH and even if I did I'm not sure I'd want to risk it with my limited technical abilities. This reduces my options quite drastically. In fact, it looks like I have one option. A Rocket Pool minipool. Well that makes things easy I guess.
Apparently I can spin up a node with 16ETH or now even just 8ETH and some RPL. Actually, quite a lot of RPL, currently for an 8ETH minipool you need 2.4ETH worth of RPL. The rest of the ETH is made up from people doing regular staking with Rocket Pool. You also earn some extra rewards from that ETH for hitching a ride on your validator.
As it happens using Rocket Pool seems like a great place for a beginner like me to start. Not only is the ETH requirement smaller but Rocket Pool seems to have some great step-by-step guides to help get this thing going. We'll see how fool proof they are later I guess.
So, as there is a non-zero chance that I lose this ETH with some tech catastrophe I'll take the least risky option and go with an 8ETH minipool. Decision made, looks like I'll need to acquire some RPL.
Next the bit I'm looking forward to: Getting my hand on some hardware! eBay here I come!
#staking #rocketpool #solostaking #minipool
Hey Lens! so I'm going to attempt something that I am totally unqualified for but that I've wanted to try for a long time: Solo staking
I don't work in tech, I have zero coding knowledge, I barely know where to find the Terminal window... I'm not sure how this is going to go.
I'll document my experience here on Lens. Might be funny... or perhaps tragic. But if I can do it maybe it'll inspire some others among you to give it a go. BIG IF.
OK, let's find out whether this stuff is as hard/easy as they make out.
Wen block function for nonsense scams like this?? We need to deal with this crap .asap