Part 1 — Decentralized

MakerDAO

Description: MakerDAO is the project behind the Dai stablecoin system. The Dai Stablecoin is a collateral-backed cryptocurrency whose value is stable relative to the US Dollar. We believe that stable digital assets like Dai are essential to realizing the full potential of blockchain technology. Unlike other Stablecoins, Dai is completely decentralized. Users can obtain Dai by buying it from brokers or exchanges, and Dai holders can utilize a special mechanic known as the Dai Savings Rate to earn a steady, low-risk return on their holdings. Maker is a smart contract platform on Ethereum that backs and stabilizes the value of Dai through a dynamic system of Collateralized Debt Positions (CDPs), autonomous feedback mechanisms, and appropriately incentivized external actors. Maker enables anyone to leverage their Ethereum assets to generate Dai on the Maker Platform. Once generated, Dai can be used in the same manner as any other cryptocurrency: it can be freely sent to others, used as payments for goods and services, or held as long term savings. Importantly, the generation of Dai also creates the components needed for a robust decentralized lending platform.

Launch Date: 17 December 2017

Supported Assets: ETH, DAI, MKR (More assets with the release of Multi-collateral DAI)

Borrow APR: DAI — 19.5%

Total ETH Locked: 1,791,044 ETH/$448,038,639.00

Total DAI Supply: 81,211,832 DAI

(As of 20/05/2019)¹

Custody: Open-source smart contracts

Security Measures: MakerDAO Single-Collateral Dai has gone through smart contract audits by 3 independent organizations: Whitehat, et al., Trail of Bits and Bok Consulting. All security reports have been published: here.

Smart contract security and best security practices have been the absolute highest priority of Dai development effort since its inception. The codebase has already undergone three independent security audits by some of the best security researchers in the blockchain industry. Beyond just good engineering and best practices, the strongest tool to defend against hacks is formal verification. Formal verification means creating mathematical specifications of the intended behaviour of the system, alongside mathematical proofs that the codebase implements behaviour that is identical to the intended behaviour, with no unintended side effects. The Dai codebase is the first ever codebase of a decentralized application that has been formally verified. A short term goal is to also create a completeness proof, which is a mathematical proof that shows it is impossible to create any other behaviour than exactly the behaviour of the mathematical specification of the system.²

Rune Christensen — CEO of MakerDAO comments on security and formal verification.

Overview: There’s a reason why MakerDAO is one of the most reputable crypto projects and it comes as no surprise that they take smart contract security very seriously. With over 1.5% of ETH (~ $430,000,000) locked in CDPs (collateralized debt positions) any breach of the smart contracts would be the most catastrophic event for the Ethereum ecosystem since the DAO hack, and a big taint for the reputation of crypto altogether. With such high stakes involved, the Maker team are doing a stellar job in mitigating the risks in regards to smart contract hacks by completing multiple audits and publicly releasing them, open-sourcing the code, engaging with the community through different mediums (e.g. Rocketchat) and conducting formal verification of MCD (Multi-Collateral Dai) before release. Furthermore, to encourage proper smart contract safety, they intend to publish educational material on their formal verification technology so that blockchain developers can reuse it. This is a huge contribution to the whole ecosystem and the type of positive practice which makes this industry move forward. Since the launch of Single-Collateral DAI in December 2017, the system has run properly without any significant risk to users’ funds. Earlier this month, Zeppelin found a critical vulnerability in the Maker governance voting contract putting at risk MKR locked within this specific contract, but at no point jeopardising the security of the DAI stablecoin system. To minimize risks even further, MakerDAO uses other mechanisms such as the debt ceiling mechanic and global settlement as a means to stop the system from becoming too big to fail.

Global Settlement stops the normal functionality of the system, and instead allows Dai and CDP holders to claim a fixed amount of ETH equivalent to the net value of their Dai or CDPs in the block Global Settlement is activated.³

Compound

Description: Compound is a money market protocol on the Ethereum blockchain — allowing individuals, institutions, and applications to frictionlessly earn interest on or borrow cryptographic assets without having to negotiate with a counterparty or peer. Each market has dynamic interest rates, which float in real-time as market conditions adjust.

Launch Date: 27 September 2018

Supported Assets: BAT, DAI, ETH, REP, USDC, ZRX (Compound v2)

Borrow APR: BAT — 2.33%, DAI — 13.11%, ETH — 1.55%, REP — 2.03%, USDC — 8.94%, ZRX — 2.3%

Lend APR: BAT — 0.02%, DAI — 7.98%, ETH — 0.11%, REP — 0.00%, USDC — 3.59%, ZRX — 0.02%

(As of 24/05/2019 Compound v2)

Total Supply Volume: $30,734,385

Total Borrow Volume: $5,542,339

(As of 20/05/2019 Compound v1)⁴

Custody: Open-source smart contracts

Security Measures: Compound Protocol has gone through 2 smart contract audits by independent organizations. (Compound v1)

Prior to deploying the protocol to the Ethereum mainnet, the protocol was audited by Trail of Bits (which also audited MakerDao) and Certora. All contract code and balances are publicly verifiable.⁵

Overview: Compound was one of the first credit platforms to introduce decentralised lending and borrowing crypto-assets on the Ethereum blockchain. It was quick to gain in popularity for offering a simple way to engage with money markets, ideal for anyone looking to access a liquidity pool without the need of creating an account and verification. The dynamic interest rate and regular block payments enticed many users to deposit funds, and just 8 months post-launch there’s around $24million crypto-assets held in the smart contract. Thus far there have been no loss of funds reported, however in December 2018 it was discovered that the protocol did have a technical bug leading to a halt of borrowing. Alerted by an honest community member, the Compound team was quick to react and eliminated the risk for users’ funds without any losses. One of Compound’s key strengths lies in their open and transparent communication with the community. The team is regularly active on Discord and welcomes feedback on their product and development. As a disclaimer they state multiple times that the protocol is experimental technology, the risks are not fully understood yet and users should not put more than they can afford to lose.⁶ With only one incident on record since launch, it appears as though Compound are using all necessary means to keep users’ funds safe. Although the code is publicly available, a release of the security audits would be a plus. With v2 having launched recently, it’s expected that the protocol will experience further growth, so security is of paramount importance.

As of 23/05/2019: Compound v2 has launched.

Compound v2 was audited by Trail of Bits, and the protocol was formally verified in partnership with Certora. As with all smart contract platforms, there may be undiscovered issues — Compound offers a significant bug bounty, if you find anything amiss.

Caution is advised with the release of any new software as unidentified bugs can be present especially in the early stages.

Dharma

Description: Dharma is a peer-to-peer lending marketplace that enables users to easily borrow and lend cryptocurrency from anywhere in the world, instantly and affordably, all the while retaining full control over their funds.

Launch Date: 8 April 2019 (Public launch)

Supported Assets: ETH, DAI, USDC

Borrow APR: ETH — 2.5%, DAI — 11%, USDC — 8%

Lend APR: ETH — 2.5%, DAI — 11%, USDC — 8%

Available Supply Volume: $1,687,000⁷

Outstanding Borrow Volume: $8,300,000

971 loans have been issued in the past 30 days with principal amount of $4,407,005

(As of 20/05/2019)⁸

Custody: Open-source smart contracts

Security Measures: Dharma has gone through 3 smart contact audits by independent organizations.

Lenders do face technical risks by sending their money to our smart contracts. These contracts have been audited by Zeppelin, Trail of Bits, and ZK Labs.⁹

Overview: Dharma is relatively similar to Compound in being a decentralized Ethereum-based credit market accessible to anyone. By simply creating an account users can borrow or lend crypto-assets immediately. However there are key differences within the design of each protocol. Dharma utilizes a peer-to-peer model where a debtor and creditor will enter a debt agreement through the Dharma smart contracts.¹⁰ Essentially, once there is a match between both parties, the mechanisms built into the smart contracts will ensure that the terms of the loan are enforced and that the debtor’s collateral is taken under custody. Currently Dharma supports a 90-day maximum duration and fixed interest rates (will change in the future to offer more flexibility to users).¹¹ Whereas Compound has a pooled contract address where all funds are stored, Dharma gives each user a personal contract address that interacts with the protocol. This offers some degree of security for users because if a vulnerability is found and exploited, the funds will be distributed on multiple contract adresses. This makes the process of emptying them much more complicated than having it all on one address. However this comes with trade-offs, as there’s a degree of centralization in the way the system is designed.

This Medium by Kyle J Kistner explains it very well:

When a borrower or lender sends assets to a supplied address to initiate a Dharma loan, the receiving address contains a contract that interacts with a watcher script located on a centralized Dharma server. If the watcher process goes offline or fails to use the correct gas price when redirecting the funds, the assets can be stuck until the transaction is resubmitted, which is currently done by the Dharma team. While this entails a temporary potential loss of control of funds for Dharma users, as their assets may sit in the smart contract system waiting to be processed, the Dharma team cannot steal the funds as they do not control users’ private keys. At a future date Dharma plans to publish documentation allowing users to process transactions themselves if they so desire.

This signifies that there currently is a single point of failure within the system design. In the event that Dharma’s servers or team are unable to resubmit a transaction, there is a potential risk to users’ funds. This risk should be eliminated once they publish a way for users to transact by themselves. Since launch, Dharma has been operational without issues and has processed millions of dollars worth of loans. The team is very responsive and active on Telegram. Aside from the technical risks outlined above, they’ve managed to build a reliable and user-friendly platform which explains their quick rise in popularity.