DeFi with Decentralised Finance

Not blogged for a while now. Been a little busy :) gearing up towards Trustology's global launch of our insured custodial wallet TrustVault app with support for BTC, ETH and ERC-20 tokens. Now that's launced, wanted to share my thoughts on the latest topic I have been pondering on - DeFi, short for decentralised finance.

DeFi is gaining momentum. It started, as most blockchain things do, with Bitcoin. Bitcoin provided new decentralised value transfer rails. However, everything else remained centralised, like exchanges and lending. Also, launching new coins was hard. Forking alt coins is easy, but creating a vibrant network is hard.

Then Ethereum popularised the idea of utility tokens, and created a platform to easily launch new ones with smart contracts, without having to create a new network. Still, in the beginning, it was mostly used for value transfer i.e. creating and transferring ERC-20 tokens.

But, smart contracts can codify any type of business logic, not just logic that governs asset issuance and transfer rules. So people started to experiment. First came decentralised exchanges and prediction markets, later came lending platforms and stable coins.

So now you can setup and manage your company with Aragon. Issue security tokens with Daonomic, Polymath, Tokeny and Nivaura. Manage funds with BeToken, MelonPort, MoatFund and Set. Give grants with Moloch. Create stable coins with MakerDAO. Issue derivatives with VariabL. Borrow and lend with Compound Finance, Dharma, EthLend, Salt and b0x. Exchange assets with KyberSwap, AirSwap, UniSwap, RadarRelay, and DyDx. Predict with Augur and Gnosis. Collect with OpenSea and RareBits. And play CryptoKitties.

Is this not just re-inventing the wheel? Don't we have all of this already in the traditional markets? Yes we do! But with two crucial differences. Transparency and Resiliency.

Regulators have for decades been trying to improve financial market transparency, especially after the 2008 financial crisis. And yet a lot still needs to be done. Can exchanges prove their order matching rules are fair? Can traditional custodians prove that assets are still there? Are trades logged in a trade repository. Remarkably pretty much all of these concerns are solved when the all of the asset's lifecycle events are on-chain.

IMO we have a massive opportunity to improve transparency and resiliency of our financial infrastructure by migrating towards crypto assets and DeFi. This is what the G20 have been pushing for since 2008.

So what are the challenges to adoption? Well the usual blockchain barriers e.g. performance, latency, privacy, regulation. If you talk to crypto funds, their biggest concern around DeFi right now is lack of KYC/AML/Custody solutions that work with DeFi smart contracts. If you talk to banks, they need a path forward from DEV to PRD i.e. their innovation teams knock up cool DeFi DApps and demo them with MetaMask, but get stuck due to lack of a PRD grade custodial wallet that can be used to sign their TXs.

Skip next few paragraphs if you know how DeFi DApps work!

BTC and ETH transactions are relatively simple to sign and submit from a wallet point of view. There is a finite number of operations possible on these assets. But with Ethereum smart contracts, any developer can create any smart contract with any number of different callable operations. In this case conventional custodians does not work, since they would need to extend their UI or operational procedures for every new contract that someone else has developed.

To cope with this, Ethereum has adopted a different pattern. To use DeFi DApps, users navigate to DApp's website. JavaScript code on the web page, often written by the smart contract developer, requests access to something like MetaMask Chrome browser extension.

Once granted, the code interacts with the extension to discover user's addresses, fetch their balances, and sign transactions generated by code. So it's like using a normal web site, but whenever the web page is about to submit a transaction to Ethereum, MetaMask window pops up and asks you to sign it.

This separation of concern, the UI code in the web page, the business logic code and data on blockchain, and the wallet software and keys in the browser, is very scalable from a design point of view.

However, MetaMask stores your private keys in the browser. And that's a security risk. For better security, it's possible to integrate MetaMask with hardware wallets. This changes the flow a bit. When MetaMask window pops up, it asks the user to attach the hardware wallet. Once attached, it sends the transaction to the hardware wallet. As soon as the user signs the transaction in the hardware wallet, it sends the signature back to MetaMask, which submits it to Ethereum.

This improves security a lot, but what happens if you loose your hardware wallet? Well, you loose your assets, unless you have been careful to backup your keys. The other issue of course is the lack of KYC/AML on DeFi transactions.

So, we have started work on MetaMask with TrustVault integration. Once users switch on the integration, when the MetaMask window pops up, it will send the transaction for signing to TrustVault. The user will be prompted to sign the transaction in the TrustVault iOS app. Once signed, MetaMask takes over again. If you want to try it out in beta, please just ping me!