Lending protocols: features, indicators and dynamics

DeFi lending protocols offer services similar to those in TradFi but, thanks to blockchain technology, eliminate the intermediary, enabling instant and more transparent transactions.

DeFi protocols employ a set of software applications and smart contracts built on blockchain networks, most notably Ethereum. As DeFi continues to evolve, an increasing number of lending protocols are emerging, providing opportunities to borrow and lend without a need for a third-party. Despite facing a downturn at the end of 2022, a drive to innovate these protocols has already shown promising results in 2023. For instance, Spark Protocol, launched in May 2023, reached a TVL of $433.9 mln by August, according to DefiLlama. Similarly, Radiant, another newcomer that went online in July 2022, now boasts a TVL of $237.9 mln.

The concept of lending protocols

On lending protocols, borrowers typically use their crypto assets as collateral, and once a loan is issued, the protocol secures this collateral until repayment. In contrast, lenders can exploit the potential of their crypto assets and collect interest. For instance, two users deposit ETH and USDC, respectively, and then the ETH depositor can borrow USDC, while the USDC depositor can borrow ETH. If the collateral's value dips below the loan amount, it poses risks for borrowers. Hence, the majority of protocols encourage borrowers to over-collateralize, typically adding about 50% of the loan value, to protect lenders from losses in case of a default. In that case, the overcollateralization ratio is 150%.

Overcollateralization ratios depend on the quality and volatility of the provided collateral. Some platforms, like Aave, also allow uncollateralized flash loans that must be repaid within a single transaction.

Lending and liquidity protocols

DeFi protocols can function as lending and liquidity protocols by offering a liquidity pool feature. Liquidity pools enable users to lock assets into smart contracts for specific time periods. Borrowers then leverage their collateral assets in the pool to access instant loans. These pools combine the assets of all depositors, creating a substantial amount of tokens available for lending. Depositors are incentivized to let their funds remain in these pools as they earn interest on their deposits. The longer users keep their assets in the pool, the more interest they accumulate. Interest rates are determined through algorithmic calculations that take into account liquidity and demand. Liquidity pool (LP) tokens, representing a lender's share of deposited assets, are used to disburse interest. A dynamic mechanism automatically regulates the distribution among shareholders based on the issuance and burning of shares linked to deposits or withdrawals.

Main indicators

Indicators are essential in studying and monitoring DeFi protocols since they assist in tracking liquidation, borrowing trends, distribution and more. These metrics are publicly available, providing crucial information for users and investors to decide on participating in any lending protocol.

TVL. It's recommended to actively monitor liquidity movement as this metric can provide valuable insights into user trust dynamics on a lending protocol. A high TVL indicates substantial liquidity in the protocol.

Borrowing indicator. On the one hand, the revenue of a protocol comes from the interest paid by the borrower when repaying the loan. On the other hand, based on the incentive of the protocol’s interest rate model, an increase in borrowing amounts can attract more and more borrowers and depositors and lock more assets. Finally, the borrow amount and deposit amount reach a dynamic equilibrium point. A higher borrowing rate could signify strong demand, but it's also vital to ensure there is a manageable amount of reliance on a single asset or borrower.

Loan amount. This represents a typical loan amount procured through the protocol. A substantial loan amount suggests borrowers often secure large loans.

Interest rate. Elevated interest rates can indicate heightened risks within the protocol. If a protocol offers returns that exceed what borrowers contribute, its solvency can be compromised, and liquidity providers may not be able to access their deposits.

Whales tracking. Monitoring large players in lending protocols is essential due to their potential to create significant market shifts. This helps a protocol to anticipate market movements and refine its risk management strategies.

Decentralization. Employing this indicator helps to get a clear view of how governance tokens are distributed, ensuring the protocol's decentralization. The more centralized the token distribution, the less decentralized the protocol.

Trends and features of lending protocols

Leading lending protocols, in addition to facilitating borrowing and lending, possess distinct features and areas of focus. For instance, AAVE, one of the leading protocols with a TVL of $4.8 bln as reported by DeFiLlama, enables users to contribute to a liquidity pool, provides unique features such as flash loans and has its native token, AAVE, used for governance and other utilities. Another major lending and liquidity protocol, Compound, features real-time supply and demand. And one of the first protocols, Maker DAO, emphasizes using crypto assets as collateral to generate the stablecoin DAI.

As for emerging services, lending and borrowing of NFTs appears to be a prominent trend. For instance, Blend protocol logged a borrow volume of $308 mln in just 22 days this May, according to DappRadar.

Stablecoin lending appears to be another enduring trend. Some lending platforms are launching their own stablecoins, with crvUSD by Curve being a notable example.

Also, liquid staking tokens (LST) lending is gaining traction, with major platforms like Aave, MakerDAO and Curve now supporting it. LST refers to the form of obtaining a receipt representing ownership of staked assets.

Security risks and measures to prevent them

Lending platforms rely on smart contracts, and vulnerabilities within these contracts can expose liquidity pools to draining of funds. Vulnerabilities leading to these attacks can vary and often depend on the protocol's unique features.

For example, the Sentiment Protocol was recently compromised due to a read-only reentrancy vulnerability. An attacker used flash loans to borrow and liquidate a large number of Sentiment tokens. Prevention of such attacks requires a thorough security audit, careful code analysis and extensive testing. Additionally, understanding interactions of the entire ecosystem is crucial since the vulnerability wasn't just in the Sentiment Protocol but also involved a reentrancy vulnerability in Balancer, a liquidity protocol that Sentiment is integrated with.

A reentrancy attack allows for repeated withdrawals of funds from a smart contract. This vulnerability emerges when a contract calls an external, untrusted code. If that external code then calls back to the original contract, it can create an infinite loop. This method of exploitation lets an attacker repeatedly call a contract function, potentially resulting in a theft of funds. A notable example of this vulnerability was observed during an attack against Curve in late July. Other smart contract vulnerabilities made possible a few more recent attacks, like the one on the Exactly Protocol.

Another protocol, Euler, fell victim to one of the largest lending protocol attacks ever because of its "donation to reserves" function and generous liquidation discounts it offered. The former allowed attackers to donate eDAI (a receipt of eTokens, which represent deposited coins) to Euler's reserves, effectively reducing assets without an equivalent reduction in liabilities. This misrepresented the user's health score, making them vulnerable to liquidation. Euler's discounts offered to liquidators - which increased based on a user's insolvency level - created an exploitable loophole: attackers took advantage of flash loans and managed to liquidate themselves, turning a profit in the process.

While exploited funds were eventually returned in most of the above cases (either partially or in full), these incidents highlight the importance of comprehensive security measures.

However, protocols that offer dynamically adjusting discounts during liquidations risk attackers manipulating the system for large gains without settling debt or offering sufficient collateral.

In addition to security audits, code reviews and testing, lending protocols should consider implementing bug bounties, continuous monitoring and emergency shutdown mechanisms to ensure security.