Decentralized Finance: On Blockchain- and Smart

Contract-Based Financial Markets

by Fabian Schär

Posted 2021-02-05

The term decentralized finance (DeFi) refers to an alternative financial

infrastructure built on top of the Ethereum blockchain. DeFi uses smart
contracts to create protocols that replicate existing financial services in a
more open, interoperable, and transparent way. This article highlights
opportunities and potential risks of the DeFi ecosystem. I propose a multi-
layered framework to analyze the implicit architecture and the various DeFi
building blocks, including token standards, decentralized exchanges,
decentralized debt markets, blockchain derivatives, and on-chain asset
management protocols. I conclude that DeFi still is a niche market with
certain risks but that it also has interesting properties in terms of efficiency,
transparency, accessibility, and composability. As such, DeFi may potentially
contribute to a more robust and transparent financial infrastructure.

Fabian Schär is a professor for distributed ledger technologies and fintech at the

University of Basel and the managing director of the Center for Innovative Finance at

the Faculty of Business and Economics, University of Basel. The author thanks two

anonymous reviewers for their valuable comments and especially Florian Bitterli,

Raphael Knechtli, and Tobias Wagner for their support with data collection and

visualization and Emma Littlejohn and Amadeo Brands for proofreading.

1 INTRODUCTION
Decentralized finance (DeFi) is a blockchain-based financial infrastructure
that has recently gained a lot of traction. The term generally refers to an
open, permissionless, and highly interoperable protocol stack built on public
smart contract platforms, such as the Ethereum blockchain (see Buterin,
2013). It replicates existing financial services in a more open and
transparent way. In particular, DeFi does not rely on intermediaries and
centralized institutions. Instead, it is based on open protocols and
decentralized applications (DApps). Agreements are enforced by code,
transactions are executed in a secure and verifiable way, and legitimate state
changes persist on a public blockchain. Thus, this architecture can create an
immutable and highly interoperable financial system with unprecedented
transparency, equal access rights, and little need for custodians, central
clearing houses, or escrow services, as most of these roles can be assumed
by "smart contracts."

DeFi already offers a wide variety of applications. For example, one can buy
U.S. dollar (USD)-pegged assets (so-called stablecoins) on decentralized
exchanges, move these assets to an equally decentralized lending platform
to earn interest, and subsequently add the interest-bearing instruments to a
decentralized liquidity pool or an on-chain investment fund.

The backbone of all DeFi protocols and applications is smart contracts. Smart
contracts generally refer to small applications stored on a blockchain and
executed in parallel by a large set of validators. In the context of public
blockchains, the network is designed so that each participant can be involved
in and verify the correct execution of any operation. As a result, smart
contracts are somewhat inefficient compared with traditional centralized
computing. However, their advantage is a high level of security: Smart
contracts will always be executed as specified and allow anyone to verify the
resulting state changes independently. When implemented securely, smart
contracts are highly transparent and minimize the risk of manipulation and
arbitrary intervention.

To understand the novelty of smart contracts, we first must look at regular

server-based web applications. When a user interacts with such an
application, they cannot observe the application's internal logic. Moreover,
the user is not in control of the execution environment. Either one (or both)
could be manipulated. As a result, the user has to trust the application
service provider. Smart contracts mitigate both problems and ensure that an
application runs as expected. The contract code is stored on the underlying
blockchain and can therefore be publicly scrutinized. The contract's behavior
is deterministic, and function calls (in the form of transactions) are processed
by thousands of network participants in parallel, ensuring the execution's
legitimacy. When the execution leads to state changes, for example, the
change of account balances, these changes are subject to the blockchain
network's consensus rules and will be reflected in and protected by the
blockchain's state tree.

Smart contracts have access to a rich instruction set and are therefore quite
flexible. Additionally, they can store cryptoassets and thereby assume the
role of a custodian, with entirely customizable criteria for how, when, and to
whom these assets can be released. This allows for a large variety of novel
applications and flourishing ecosystems.

The original concept of a smart contract was coined by Szabo (1994). Szabo
(1997) used the example of a vending machine to describe the idea further
and argued that many agreements could be "embedded in the hardware and
software we deal with, in such a way as to make a breach of contract
expensive…for the breacher." Buterin (2013) proposed a decentralized
blockchain-based smart contract platform to solve any trust issues regarding
the execution environment and to enable secure global states. Additionally,
this platform allows the contracts to interact with and build on top of each
other (composability). The concept was further formalized by Wood (2015)
and implemented under the name Ethereum. Although there are many
alternatives, Ethereum is the largest smart contract platform in terms of
market cap, available applications, and development activity.

DeFi still is a niche market with relatively low volumes—however, these

numbers are growing rapidly. The value of funds that are locked in DeFi-
related smart contracts recently crossed 10 billion USD. It is essential to
understand that these are not transaction volume or market cap numbers;
the value refers to reserves locked in smart contracts for use in various ways
that will be explained in the course of this paper. Figure 1 shows the Ether
(ETH, the native cryptoasset of Ethereum) and USD values of the assets
locked in DeFi applications.

Figure 1

Total Value Locked in DeFi Contracts (USD and ETH)

NOTE: M, million.

SOURCE: DeFi Pulse.

The spectacular growth of these assets alongside some truly innovative

protocols suggests that DeFi may become relevant in a much broader context
and has sparked interest among policymakers, researchers, and financial
institutions. This article is targeted at individuals from these organizations
with an economics or legal background and serves as a survey and an
introduction to the topic. In particular, it identifies opportunities and risks
and should be seen as a foundation for further research.

2 DeFi BUILDING BLOCKS

DeFi uses a multi-layered architecture. Every layer has a distinct purpose.
The layers build on each other and create an open and highly composable
infrastructure that allows everyone to build on, rehash, or use other parts of
the stack. It is also crucial to understand that these layers are hierarchical:
They are only as secure as the layers below. If, for example, the blockchain
in the settlement layer is compromised, all subsequent layers would not be
secure. Similarly, if we were to use a permissioned ledger as the foundation,
any decentralization efforts on subsequent layers would be ineffective.

Figure 2

The DeFi Stack

This section proposes a conceptual framework for analyzing these layers and
studying the token and the protocol layers in greater detail.1 It differentiates
between five layers, as shown in Figure 2:
the settlement, asset, protocol, application, and aggregation layers.

1. The settlement layer (Layer 1) consists of the blockchain and its native
protocol asset (e.g., Bitcoin [BTC] on the Bitcoin blockchain and ETH on the
Ethereum blockchain). It allows the network to store ownership information
securely and ensures that any state changes adhere to its ruleset. The
 blockchain can be seen as the foundation for trustless execution and serves
as a settlement and dispute resolution layer.
2. The asset layer (Layer 2) consists of all assets that are issued on top of the
settlement layer. This includes the native protocol asset as well as any
additional assets that are issued on this blockchain (usually referred to as
tokens).
3. The protocol layer (Layer 3) provides standards for specific use cases such as
decentralized exchanges, debt markets, derivatives, and on-chain asset
management. These standards are usually implemented as a set of smart
contracts and can be accessed by any user (or DeFi application). As such,
these protocols are highly interoperable.
4. The application layer (Layer 4) creates user-oriented applications that connect
to individual protocols. The smart contract interaction is usually abstracted by
a web browser-based front end, making the protocols easier to use.
5. The aggregation layer (Layer 5) is an extension of the application layer.
Aggregators create user-centric platforms that connect to several applications
and protocols. They usually provide tools to compare and rate services, allow
users to perform otherwise complex tasks by connecting to several protocols
simultaneously, and combine relevant information in a clear and concise
manner.

Now that we understand the conceptual model, let us take a closer look at
tokenization and the protocol layer. After a short introduction to asset
tokenization, we will investigate decentralized exchange protocols,
decentralized lending platforms, decentralized derivatives, and on-chain
asset management. This allows us to establish the foundation needed for our
analysis of the potential and risks of DeFi.2

2.1 Asset Tokenization

Public blockchains are databases that allow participants to establish a shared

and immutable record of ownership—a ledger. Usually, a ledger is used to
track the native protocol asset of the respective blockchain. However, when
public blockchain technology became more popular, so did the idea of
making additional assets available on these ledgers. The process of adding
new assets to a blockchain is called tokenization, and the blockchain
representation of the asset is referred to as a token.

The general idea of tokenization is to make assets more accessible and

transactions more efficient. In particular, tokenized assets can be transferred
easily and within seconds from and to anyone in the world. They can be used
in many decentralized applications and stored within smart contracts. As
such, these tokens are an essential part of the DeFi ecosystem.
From a technological perspective, there are various ways in which public
blockchain tokens can be created (see Roth, Schär, and Schöpfer, 2019).
However, most of these options can be ignored, as the vast majority of
tokens are issued on the Ethereum blockchain through a smart contract
template referred to as the ERC-20 token standard (Vogelsteller and Buterin,
2015). These tokens are interoperable and can be used in almost all DeFi
applications. As of January 2021, there are over 350,000 ERC-20 token
contracts deployed on Ethereum.3 Table 1 shows the number of tokens listed
on exchanges and the aggregated token market cap in USD per blockchain.
Almost 90 percent of all listed tokens are issued on the Ethereum blockchain.
The slight deviation in terms of market cap originates from the fact that a
relatively large portion of the USDT stablecoin has been issued on Omni.

From an economic perspective, I am more interested in the asset's nature

than in the underlying technical standard used to implement the asset's
digital representation. The main motivation for adding additional assets on-
chain is the addition of a stablecoin. While it would be possible to use the
aforementioned protocol assets (BTC or ETH), many financial contracts
require a low-volatility asset. Tokenization enables the creation of these
assets.

However, one of the main concerns with tokenized assets is issuer risk.
Native digital tokens, such as BTC and ETH, are unproblematic in this regard.
In contrast, when someone introduces tokens with a promise, for example,
interest payments, dividends, or the delivery of a good or service, the
corresponding token's value will depend on this claim's credibility. If an
issuer is unwilling or unable to deliver, the token may become worthless or
trade at a significant discount. This logic also applies to stablecoins.

Generally speaking, there are three backing models for promise-based

tokens: off-chain collateral, on-chain collateral, and no collateral. Off-chain
collateral means that the underlying assets are stored with an escrow
service, for example, a commercial bank. On-chain collateral means that the
assets are locked on the blockchain, usually within a smart contract.4 When
there is no collateral, counterparty risk is at its highest. In this case, the
promise is entirely trust-based. Berentsen and Schär (2019) have analyzed
the three categories in the context of stablecoins.

On-chain collateral has several advantages. It is highly transparent, and

claims can be secured by smart contracts, allowing processes to be executed
in a semi-automatic way. A disadvantage of on-chain collateral is that this
collateral is usually held in a native protocol asset (or a derivative thereof)
and, therefore, will experience price fluctuations. Take the example of the
Dai stablecoin, which mainly uses ETH as its on-chain collateral to create a
decentralized and trustless Dai token pegged to the value of 1 USD. Since
there is no native USD-pegged token on Ethereum, Dai tokens must be
backed by another asset. Whenever anyone wants to issue new Dai tokens,
they first need to lock enough ETH as underlying collateral in a smart
contract provided by the Maker Protocol. Since the USD/ETH exchange rate is
not fixed, there is a need for over-collateralization. If the value of the
underlying ETH collateral at any point falls below the minimum threshold of
150 percent of the outstanding Dai value, the smart contract will auction off
the collateral to cancel the debt in Dai.

Figure 3 shows some key metrics of the Dai stablecoin, including price, total
Dai in circulation, and the stability fee, that is, the interest rate that has to
be paid by anyone who is creating new Dai (see Section 2.3).
Figure 3

Dai Stablecoin Key Metrics

NOTE: M, million; SAI (discontinued) single collateral stablecoin; DSR, Dai savings rate; MCD,

multicollateral Dai stablecoin backed by ETH; SCD, single collateral stablecoin backed by ETH;

MCD WETH stability fee, MCD stablecoin interest rate in ETH; SCD PETH stability fee, SCD

stablecoin interest rate in ETH.

SOURCE: DeFi Pulse and CoinMarketCap.

There are also several examples of off-chain collateralized stablecoins. The

most popular ones are USDT and USDC, both USD-backed stablecoins. They
are both available as ERC-20 tokens on the Ethereum blockchain. DGX is an
ERC-20 based stablecoin backed by gold, and WBTC is a tokenized version of
Bitcoin, making Bitcoin available on the Ethereum blockchain. Off-chain
collateralized tokens can mitigate exchange rate risk, as the collateral may
be equivalent to the tokenized claim (e.g., USD claim, backed by real USD).
However, off-chain collateralized tokens introduce counterparty risk and
external dependencies. Tokens that use off-chain collateral require regular
audits and precautionary measures to ensure that the underlying collateral is
available at all times. This process is costly and, in many cases, not entirely
transparent for the token holders.

While I am unaware of any functional designs for unbacked stablecoins, that

is, stablecoins that do not use any form of collateral to maintain the peg,
several organizations are working on that idea. Note that rebase tokens such
as Ampleforth or YAM do not qualify as stablecoins. They only provide a
stable unit of account but still expose the holder to volatility in the form of a
dynamic token quantity.

Although stablecoins serve a vital role in the DeFi ecosystem, it would not do
justice to the subject of tokenization to limit the discussion to these assets.
There are all kinds of tokens that serve a variety of purposes, including
governance tokens for decentralized autonomous organizations (DAO),
tokens that allow the holder to perform specific actions in a smart contract,
tokens that resemble shares or bonds, and even synthetic tokens that can
track the price of any real-world asset.

Another distinct category are so-called non-fungible tokens (NFTs). NFTs are
tokens that represent unique assets, that is, collectibles. They can either be
the digital representation of a physical object such as a piece of art, making
them subject to the usual counterparty risk, or a digitally native unit of value
with unique characteristics. In any case, the token's non-fungibility attributes
ensure that the ownership of each asset can be individually tracked and the
asset precisely identified. NFTs usually are built on the ERC-721 token
standard (Entriken et al., 2018).

The following sections discuss the protocol layer and examine how tokens
can be traded using decentralized exchanges (Section 2.2), how they can be
used as collateral for loans (Section 2.3) and to create decentralized
derivatives (Section 2.4), and how they can be included in on-chain
investment funds (Section 2.5).

2.2 Decentralized Exchange Protocols

As of September 2020, there are over 7,092 cryptoassets5 listed on

exchanges. While most of them are economically irrelevant and have a
negligible market cap and trading volume, there is a need for marketplaces
where people can trade the more popular ones. This would allow owners of
such assets to rebalance their exposure according to their preferences and
risk profiles and adjust portfolio allocations.

In most cases, cryptoasset trades are conducted through centralized

exchanges. Centralized exchanges are relatively efficient, but they have one
severe problem. To be able to trade on a centralized exchange, traders must
first deposit assets with the exchange. They thereby forfeit direct access to
their assets and have to trust the exchange operator. Dishonest or
unprofessional exchange operators may confiscate or lose assets. Moreover,
centralized exchanges create a single point of attack and face the constant
threat of becoming the target of malicious third parties. The relatively low
regulatory scrutiny intensifies both problems and the immense scaling efforts
many of these exchanges had to go through within a short time. Accordingly,
it is no surprise that some centralized cryptoasset exchanges have lost
customer funds.

Decentralized exchange protocols try to mitigate these issues by removing

the trust requirement. Users no longer must deposit their funds with a
centralized exchange. Instead, they remain in exclusive control of their
assets until the trade is executed. Trade execution happens atomically
through a smart contract, meaning that both sides of the trade are
performed in one indivisible transaction, mitigating the counterparty credit
risk. Depending on the exact implementation, the smart contract may
assume additional roles, effectively making many intermediaries such as
escrow services and central counterparty clearing houses (CCPs) obsolete.

Early decentralized exchanges such as EtherDelta have been set up as walled

gardens with no interaction between the various implementations. The
exchanges had no shared liquidity, leading to relatively low transaction
volumes and large bid/ask spreads. High network fees, as well as
cumbersome and slow processes to move funds between these decentralized
exchanges, have rendered supposed arbitrage opportunities useless.

More recently, there has been a move toward open exchange protocols.
These projects try to streamline the architecture of decentralized exchanges
by providing standards on how asset exchange can be conducted and
allowing any exchange built on top of the protocol to use shared liquidity
pools and other protocol features. However, most importantly, other DeFi
protocols can use these marketplaces and exchange or liquidate tokens when
needed.

In the following subsections, I compare various types of decentralized

exchange protocols, some of which are not exchanges in the narrow sense
but have been included in the analysis, as they serve the same purpose. The
results are summarized in Table 2.

Decentralized Order Book Exchanges. Decentralized order book

exchanges can be implemented in a variety of ways. They all use smart
contracts for transaction settlement, but they differ significantly in how the
order books are hosted. One has to distinguish between on-chain and off-
chain order books.

On-chain order books have the advantage of being entirely decentralized.

Every order is stored within the smart contract. As such, there is no need for
additional infrastructure or third-party hosts. The disadvantage of this
approach is that every action requires a blockchain transaction. Therefore, it
is a costly and slow process for which even the declaration of the intent to
trade results in network fees. Considering that volatile markets will require
frequent order cancellations, this disadvantage becomes even more costly.

For this reason, many decentralized exchange protocols rely on off-chain

order books and only use the blockchain as a settlement layer. Off-chain
order books are hosted and updated by centralized third parties, usually
referred to as relayers. They provide takers with the information they need
to select an order they would like to match. While this approach indeed
introduces some centralized components and dependencies to the system,
the relayers' role is limited. Relayers are never in control of the funds and
neither match nor execute the orders. They simply provide ordered lists with
quotes and may charge a fee for that service. The openness of the protocol
ensures that there is competition among the relayers and mitigates potential
dependencies.

The dominant protocol that uses this approach is called 0x (Warren and
Bandeali, 2017). The protocol uses a three-step process for trades. First, the
maker sends a pre-signed order to the relayer for inclusion in the order book.
Second, a potential taker queries the relayer and selects one of the orders.
Third, the taker signs and submits the order to the smart contract, triggering
the atomic exchange of the cryptoassets.

Constant Function Market Maker. A constant function market maker

(CFMM) is a smart contract-liquidity pool that holds (at least) two
cryptoassets in reserve and allows anyone to deposit tokens of one type and
thereby to withdraw tokens of the other type. To determine the exchange
rate, smart contract-based liquidity pools use variations of the constant
product model, where the relative price is a function of the smart contract's
token reserve ratio. The earliest implementation I am aware of was proposed
by Hertzog, Benartzi, and Benartzi (2017). Adams (2018) has simplified the
model, and Zhang, Chen, and Park (2018) provide a formal proof of the
concept. Martinelli and Mushegian (2019) generalized the concept for cases
with more than two tokens and dynamic token weights. Egorov (2019)
optimized the idea for stablecoin swaps.
Figure 4

Visualization of Liquidity Pool Token Reserves in a Constant Product Model

In its simplest form, the constant product model can be expressed as xy = k,

where x and y correspond to the smart contract's token reserves and k is a
constant. Considering that this equation must hold, when someone executes
a trade, we get (x + Δx) · (y + Δy) = k. It can then be easily shown that
Δy = (k/x + Δx) – y. Consequently, Δy will assume negative values for any
Δx > 0. In fact, any exchange corresponds to a move on a convex token
reserve curve, which is shown in Figure 4A. A liquidity pool using this model
cannot be depleted, as tokens will get more expensive with lower reserves.
When the token supply of either one of the two tokens approaches zero, its
relative price rises infinitely as a result.

It is important to point out that smart contract-based liquidity pools are not
reliant on external price feeds (so-called oracles). Whenever the market price
of an asset shifts, anyone can use the arbitrage opportunity and trade tokens
with the smart contract until the liquidity pool price converges to the current
market price. The implicit bid/ask spread of the constant product model (plus
a small trading fee) may lead to the accumulation of additional funds.
Anyone who provides liquidity to the pool receives pool share tokens that
allow them to participate in this accumulation and to redeem these tokens
for their share of a potentially growing liquidity pool. Liquidity provision
results in a growing k and is visualized in Figure 4B.

Prominent examples of smart contract-based liquidity pool protocols are

UniSwap, Balancer, Curve, and Bancor.
Smart Contract-Based Reserve Aggregation. Another approach is to
consolidate liquidity reserves through a smart contract that allows large
liquidity providers to connect and advertise prices for specific trade pairs. A
user who wants to exchange token x for token y may send a trade request to
the smart contract. The smart contract will compare prices from all liquidity
providers, accept the best offer on behalf of the user, and execute the trade.
It acts as a gateway between users and liquidity providers, ensuring best
execution and atomic settlement.

In contrast to smart contract-based liquidity pools, with smart contract-

based reserve aggregation, prices are not determined within the smart
contract. Instead, prices are set by the liquidity providers. This approach
works fine if there is a relatively broad base of liquidity providers. However,
if there is limited or no competition for a given trade pair, the approach may
result in collusion risks or even monopolistic price setting. As a
countermeasure, reserve aggregation protocols usually have some
(centralized) control mechanisms, such as maximum prices or a minimum
number of liquidity providers. In some cases, liquidity providers may only
participate after a background check, including KYC (know your customer)
verification.

The best-known implementation of this concept is the Kyber Network (Luu

and Velner, 2017), which serves as a backbone protocol for a large variety of
DeFi applications.

Peer-to-Peer Protocols. An alternative to classic exchange or liquidity pool

models are peer-to-peer (P2P) protocols, also called over-the-counter (OTC)
protocols. They mostly rely on a two-step approach, where participants can
query the network for counterparties who would like to trade a given pair of
cryptoassets and then negotiate the exchange rate bilaterally. Once the two
parties agree on a price, the trade is executed on-chain via a smart contract.
In contrast to other protocols, offers can be accepted exclusively by the
parties who have been involved in the negotiation. In particular, it is not
possible for a third party to front-run someone accepting an offer by
observing the pool of unconfirmed transactions (mempool).

To make things more efficient, the process is usually automated.

Additionally, one can use off-chain indexers for peer discovery. These
indexers assume the role of a directory in which people can advertise their
intent to make a specific trade. Note that these indexers only serve to
establish a connection. Prices are still negotiated P2P.

AirSwap is the most popular implementation of a decentralized P2P protocol.

It was proposed by Oved and Mosites (2017).

2.3 Decentralized Lending Platforms

Loans are an essential part of the DeFi ecosystem. There are a large variety
of protocols that allow people to lend and borrow cryptoassets. Decentralized
loan platforms are unique in the sense that they require neither the borrower
nor the lender to identify themselves. Everyone has access to the platform
and can potentially borrow money or provide liquidity to earn interest. As
such, DeFi loans are completely permissionless and not reliant on trusted
relationships.

To protect the lender and stop the borrower from running away with the
funds, there are two distinct approaches: First, credit can be provided under
the condition that the loan must be repaid atomically, meaning that the
borrower receives the funds, uses, and repays them—all within the same
blockchain transaction. Suppose the borrower has not returned the funds
(plus interest) at the end of the transaction's execution cycle. In this case,
the transaction will be invalid and any of its results (including the loan itself)
reverted. These so-called flash loans (Wolff, 2018; Boado, 2020) are an
exciting but still highly experimental application. While flash loans can only
be employed in applications that are settled atomically and entirely on-chain,
they are an efficient new instrument for arbitrage and portfolio restructuring.
As such, they are on track to become an essential part of DeFi lending.

Second, loans can be fully secured with collateral. The collateral is locked in a
smart contract and only released once the debt is repaid. Collateralized loan
platforms exist in three variations: Collateralized debt positions, pooled
collateralized debt markets, and P2P collateralized debt markets.
Collateralized debt positions are loans that use newly created tokens, while
debt markets use existing tokens and require a match between a borrowing
and a lending party. The three variations are discussed below.

Collateralized Debt Positions. Some DeFi applications allow users to

create collateralized debt positions and thereby issue new tokens that are
backed by the collateral. To be able to create these tokens, the person must
lock cryptoassets in a smart contract. The number of tokens that can be
created depends on the target price of the tokens generated, the value of the
cryptoassets that are being used as collateral, and the target collateralization
ratio. The newly created tokens are essentially fully collateralized loans that
do not require a counterparty and allow the user to get a liquid asset while
maintaining market exposure through the collateral. The loan can be used for
consumption, allowing the person to overcome a temporary liquidity squeeze
or to acquire additional cryptoassets for leveraged exposure.

To illustrate the concept, let us use the example of MakerDAO, a

decentralized protocol that is used to issue the USD-pegged Dai stablecoin.
First, the user deposits ETH in a smart contract classified as a collateralized
debt position (CDP) (or vault). Subsequently, they call a contract function to
create and withdraw a certain number of Dai and thereby lock the collateral.
This process currently requires a minimum collateralization ratio of 150
percent, meaning that for any 100 USD of ETH locked up in the contract, the
user can create at most 66.66 Dai.6

Any outstanding Dai is subject to a stability fee, which in theory should

correspond to the Dai debt market's maximum interest rate. This rate is set
by the community, namely the MKR token holders. MKR is the governance
token for the MakerDAO project. As shown in Figure 3, the stability fee has
been fluctuating wildly between 0 and 20 percent.

To close a CDP, the owner must send the outstanding Dai plus the
accumulated interest to the contract. The smart contract will allow the owner
to withdraw their collateral once the debt is repaid. If the borrower fails to
repay the debt, or if the collateral's value falls below the 150 percent
threshold, where the full collateralization of the loan is at risk, the smart
contract will start to liquidate the collateral at a potentially discounted rate.

Interest payments and liquidation fees are partially used to "burn" MKR,
thereby decreasing the total MKR supply. In exchange, MKR holders assume
the residual risk of extreme negative ETH price shocks, which may lead to a
situation in which the collateral is insufficient to maintain the USD peg. In
this case, new MKR will be created and sold at a discounted rate. As such,
MKR holders have skin in the game, and it should be in their best interest to
maintain a healthy system.
It is important to mention that the MakerDAO system is much more
complicated than what is described here. Although the system is mostly
decentralized, it is reliant on price oracles, which introduce some
dependencies, as discussed in Section 3.2.

MakerDAO has recently switched to a multi-collateral system, with the goal

to make the protocol more scalable by allowing a variety of cryptoassets to
be used as collateral.

Collateralized Debt Markets. Instead of creating new tokens, it is also

possible to borrow existing cryptoassets from someone else. For obvious
reasons, this approach requires a counterparty with opposing preferences. In
other words: For someone to be able to borrow ETH, there must be another
person willing to lend ETH. To mitigate counterparty risk and protect the
lender, loans must be fully collateralized, and the collateral is locked in a
smart contract—just as in our previous example.

Matching lenders with borrowers can be done in a variety of ways. The broad
categories are P2P and pooled matching. P2P matching means that the
person who is providing the liquidity lends the cryptoassets to specific
borrowers. Consequently, the lender will only start to earn interest once
there is a match. The advantage of this approach is that the parties agree on
a time period and operate with fixed interest rates.

Pooled loans use variable interest rates that are subject to supply and
demand. The funds of all borrowers are aggregated in a single, smart
contract-based lending pool, and lenders start to earn interest right when
they deposit their funds in the pool. However, the interest rates are a
function of the pool's utilization rate. When liquidity is readily available, loans
will be cheap. When it is in great demand, loans will become more expensive.
Lending pools have the additional advantage that they can perform maturity
and size transformation while maintaining relatively high liquidity for the
individual lender.
Figure 5

Weighted Dai Collateralized Debt Market Rates and the MakerDAO Stability Fee

SOURCE: DeFi Pulse.

There is a large variety of lending protocols. Some of the most popular ones
are Aave (Boado, 2020), Compound (Leshner and Hayes, 2019), and dYdX
(Juliano, 2017). Figure 5 shows the asset-weighted borrowing and lending
rates for Dai and ETH. For Dai, the figure also includes the MakerDAO
stability fee, which should always be the highest rate in the system.
Surprisingly, this is not always the case, meaning that some people have
paid a price premium in the secondary market. As of September 2020, Dai
accounts for almost 75 percent of all loans in the DeFi ecosystem.

2.4 Decentralized Derivatives

Decentralized derivatives are tokens that derive their value from an

underlying asset's performance, the outcome of an event, or the
development of any other observable variable. They usually require an oracle
to track these variables and therefore introduce some dependencies and
centralized components. The dependencies can be reduced when the
derivative contract uses multiple independent data sources.

We differentiate between asset-based and event-based derivative tokens. We

call a derivative token asset-based when its price is a function of an
underlying asset's performance. We call a derivative event-based when its
price is a function of any observable variable that is not the performance of
an asset. Both categories will be discussed in the following sections.
Asset-Based Derivative Tokens. Asset-based derivative tokens are an
extension of the CDP model described in Section 2.3. Instead of limiting the
issuance to USD-pegged stablecoins, the locked collateral can be used to
issue synthetic tokens that follow the price movements of a variety of assets.
Examples include tokenized versions of stocks, precious metals, and
alternative cryptoassets. The higher the underlying volatility, the larger the
risk of falling below a given collateralization ratio.

A popular derivative token platform is called Synthetix (Brooks et al., 2018).

It is implemented so that the total debt pool of all participants increases or
decreases depending on the aggregate price of all outstanding synthetic
assets. This ensures that tokens with the same underlying assets remain
fungible; that is, redemption does not depend on the issuer. The flip side of
this design is that users assume additional risk when they mint assets, as
their debt position will also be affected by everyone else's asset allocation.

A particular case of asset-based derivative tokens are inverse tokens. Here,

the price is determined by an inverse function of the underlying assets'
performance within a given price range. These inverse tokens allow users to
get short exposure to cryptoassets.

Event-Based Derivative Tokens. Event-based derivative tokens can be

based on any objectively observable variable with a known set of potential
outcomes, a specified observation time, and a resolution source.7 Anyone can
buy a full set of sub-tokens for a given event by locking 1 ETH in a smart
contract. A complete set of sub-tokens consists of 1 sub-token for each
potential outcome. These sub-tokens can be traded individually. When the
market resolves, the smart contract's cryptoassets will be split among the
sub-token owners of the winning outcome. In the absence of market
distortions, each sub-token's ETH price should, therefore, correspond to the
probability of the underlying outcome.

Under certain circumstances, these prediction markets may serve as

decentralized oracles for the likelihood of a future outcome. However, market
resolution (and therefore the price) greatly depends on the trustworthiness
of the resolution source. As such, event-based derivative tokens introduce
external dependencies and may be unilaterally influenced by a malicious
reporter. Potential attack vectors include flawed or misleading question
specifications, incomplete outcome sets that may render the event
unresolvable, and the choice of unreliable or fraudulent resolution sources.

The most popular implementation is called Augur (Peterson et al., 2019). It

uses a multi-stage resolution and disputing process that should minimize the
dependency on a single reporting source as much as possible. If the token
holders do not agree with the designated reporter, they may start a dispute,
which should eventually lead to the correct outcome.

2.5 On-Chain Asset Management

Just like traditional investment funds, on-chain funds are mainly used for
portfolio diversification. They allow users to invest in a basket of cryptoassets
and employ a variety of strategies without having to handle the tokens
individually. In contrast to traditional funds, the on-chain variant does not
require a custodian. Instead, the cryptoassets are locked up in a smart
contract. The investors never lose control over their funds, can withdraw or
liquidate them, and can observe the smart contracts' token balances at any
point in time.

The smart contracts are set up in such a way that they follow a variety of
simple strategies, including semi-automatic rebalancing of portfolio weights
and trend trading, using moving averages. Alternatively, one or multiple fund
managers can be selected to manage the fund actively. In this case, the
smart contract ensures that asset managers adhere to the predefined
strategy and act in the investors' best interest. In particular, asset managers
are limited to actions in accordance with the fund's ruleset and the risk
profile stipulated in the smart contract. The smart contract can mitigate
many forms of the principal-agent problem and incorporate regulatory
requirements by enforcing them on-chain. As a result, on-chain asset
management may lead to lower fund setup and auditing costs.

Whenever someone invests in an on-chain fund, the corresponding smart

contract issues fund tokens and transfers them to the investor's account.
These tokens represent partial ownership of the fund and allow token holders
to redeem or liquidate their share of the assets. For example, if an investor
owns 1 percent of the fund tokens, this person would be entitled to 1 percent
of the locked cryptoassets. When the investor decides to close out the
investment, the fund tokens get burned, the underlying assets are sold on a
decentralized exchange, and the investor is compensated with the ETH-
equivalent of their share of the basket.

There are several implementations of on-chain fund protocols, including the

Set Protocol (Feng and Weickmann, 2019), Enzyme Finance (formerly Melon)
(Trinkler and El Isa, 2017), Yearn Vaults (Cronje, 2020), and Betoken (Liu
and Palayer, 2018). All of these implementations are limited to ERC-20
tokens and Ether. Moreover, they heavily depend on price oracles and third-
party protocols, mainly for lending, trading, and the inclusion of low-volatility
reference assets such as the Dai or USDC stablecoins. Consequently, there
are severe dependencies, which will be discussed in Section 3.2.

Both Enzyme Finance and Set Protocol allow anyone to create new
investment funds. Enzyme Finance has a focus on building an infrastructure
for decentralized funds, using smart contract-based rulesets to ensure that
fund managers stick to the funds' strategies. Trading restriction parameters
such as maximum concentration, price tolerance, and the maximum number
of positions, as well as user and asset whitelists and blacklists, are enforced
by these smart contracts. The same is true for the fund's fee schedule. Set
Protocol is mainly designed for semi-automated strategies with deterministic
portfolio rebalancing triggered by predefined threshold values and timelocks.
However, the protocol is also used for active management. Betoken operates
as a single fund of funds managed by a community of asset managers
through a meritocratic system. The more successful an individual fund
manager is, the greater their future influence on allocating the collective
resources. UniSwap's liquidity pool (see Section 2.2) also has some
characteristics of an on-chain investment fund. The constant product model
creates the incentives for a semi-automatic rebalancing of portfolio weights,
while the trading fees generate passive income for the investors.

Yearn Vaults are collective investment pools designed to maximize yield for a
given asset. Strategies are quite diverse but usually involve several steps
and active management. In many cases, these actions would be too
expensive (in terms of transaction fees) for smaller amounts. Moreover, they
require that the investor is vigilant and well-informed. Yearn Vaults mitigate
these issues by employing the knowledge of the masses and using collective
action to split network fees proportionally among all participants. However,
the deep integration of the protocol also introduces severe dependencies.
3 OPPORTUNITIES & RISKS

In this section, we analyze the opportunities and risks of the DeFi ecosystem.
It lays the foundation for the discussion in Section 4.

3.1 Opportunities

DeFi may increase the efficiency, transparency, and accessibility of the

financial infrastructure. Moreover, the system's composability allows anyone
to combine multiple applications and protocols, thereby creating new and
exciting services. We discuss these aspects in the following subsections.

Efficiency. While much of the traditional financial system is trust based and
dependent on centralized institutions, DeFi replaces some of these trust
requirements with smart contracts. The contracts can assume the roles of
custodians, escrow agents, and CCPs. For example, if two parties want to
exchange digital assets in the form of tokens, there is no need for
guarantees from a CCP. Instead, the two transactions can be settled
atomically, meaning that either both or neither of the transfers will be
executed. This significantly decreases counterparty credit risk and makes
financial transactions much more efficient. Lower trust requirements may
come with the additional benefit of reducing regulatory pressure and
reducing the need for third-party audits. Similar efficiency gains are possible
for almost every area of the financial infrastructure.

Additionally, token transfers are much faster than any of the transfers in the
traditional financial system. Transfer speed and transaction throughput can
be further increased with Layer 2 solutions, such as sidechains or state- and
payment-channel networks.

Transparency. DeFi applications are transparent. All transactions are

publicly observable, and the smart contract code can be analyzed on-chain.
The observability and deterministic execution allow—at least in theory—an
unprecedented level of transparency.

Financial data are publicly available and may potentially be used by

researchers and users alike. In the case of a crisis, the availability of
historical (and current) data is a vast improvement over traditional financial
systems, where much of the information is scattered across a large number
of proprietary databases or not available at all. As such, transparency of DeFi
applications may allow for the mitigation of undesirable events before they
arise and help provide much faster understanding of their origin and
potential consequences when they emerge.

Accessibility. By default, DeFi protocols can be used by anyone. As such,

DeFi may potentially create a genuinely open and accessible financial system.
In particular, the infrastructure requirements are relatively low and the risk
of discrimination is almost inexistent due to the lack of identities.

If regulation demands access restrictions, for example, for security tokens,

such restrictions can be implemented in the token contracts without
compromising the settlement layer's integrity and decentralization
properties.

Composability. DeFi protocols are often compared with Lego pieces. The
shared settlement layer allows these protocols and applications to
interconnect. On-chain fund protocols can make use of decentralized
exchange protocols or achieve leveraged positions through lending
protocols.

Any two or more pieces can be integrated, forked, or rehashed to create

something entirely new. Anything that has been created before can be used
by an individual or by other smart contracts. This flexibility allows for an
ever-expanding range of possibilities and unprecedented interest in open
financial engineering.

3.2 Risks

DeFi also has certain risks, namely, smart contract execution

risk, operational security, and dependencies on other protocols and external
data. We discuss these aspects in the following subsections.

Smart Contract Execution. While the deterministic and decentralized

execution of smart contracts does have its advantages, there is risk that
something may go wrong. If there are coding errors, these errors may
potentially create vulnerabilities that allow an attacker to drain the smart
contract's funds, cause chaos, or render the protocol unusable. Users have to
be aware that the protocol is only as secure as the smart contracts
underlying it. Unfortunately, the average user will not be able to read the
contract code, let alone evaluate its security. While audits, insurance
services, and formal verification are partial solutions to this problem, some
degree of uncertainty remains.

Similar risks exist in contract execution. Most users do not understand the
data payload they are asked to sign as part of transactions and may be
misled by a compromised front-end. Unfortunately, there seems to be an
inherent trade-off between usability and security. For example, some
decentralized blockchain applications will ask for permissions to transfer an
infinite number of tokens on behalf of the user—usually to make future
transactions more convenient and efficient. Such permission, however, puts
the user's funds at risk.

Operational Security. Many DeFi protocols and applications use admin

keys. These keys allow a predefined group of individuals (usually the
project's core team) to upgrade the contracts and to perform emergency
shutdowns. While it is understandable that some projects want to implement
these precautionary measures and remain somewhat flexible, the existence
of these keys can be a potential problem. If the keyholders do not create or
store their keys securely, malicious third parties could get their hands on
these keys and compromise the smart contract. Alternatively, the core team
members themselves may be malicious or corrupted by significant monetary
incentives.

Most projects try to mitigate this risk with multisig and timelocks. Multisig
requires M-of-N keys to execute any of the smart contract's admin functions,
and timelocks specify the earliest time at which a transaction can be
(successfully) confirmed.

As an alternative, some projects rely on voting schemes, where the

respective governance tokens grant their owners the right to vote on the
protocol's future. However, in many cases, the majority of governance
tokens are held by a small group of people, effectively leading to similar
results as with admin keys. Some projects have tried to mitigate this
concentration of voting power by rewarding early adopters and users who
fulfill specific criteria, which range from simple protocol usage to active
participation in the voting process and third-party token staking (yield
farming). Nevertheless, even when a launch is perceived as being relatively
"fair," the actual distribution often remains highly concentrated.

Governance tokens may lead to undesirable consequences. In fact, a high

concentration of power may be even more problematic when these rights are
tokenized. In the absence of vesting periods, malicious founders can pull the
rug by dumping their entire token holding on a CFMM, causing a massive
supply shock and undermining the project's credibility. Moreover, yield
farming may lead to centralization creep by allowing an already well-
established protocol to assume a significant portion of a relatively new
protocol's governance tokens. This may create large meta protocols whose
token holders essentially control a considerable portion of the DeFi
infrastructure.

Dependencies. As described in Section 3.1, some of the most promising

features of the DeFi ecosystem are its openness and composability. These
features allow various smart contracts and decentralized blockchain
applications to interact with each other and to offer new services based on a
combination of existing ones. On the flip side, these interactions introduce
severe dependencies. If there is an issue with one smart contract, it may
potentially have wide-reaching consequences for multiple applications across
the entire DeFi ecosystem. Moreover, problems with the Dai stablecoin or
severe ETH price shocks may cause ripple effects throughout the whole DeFi
ecosystem.

The problem becomes apparent when illustrated by an example. Let us

assume that a person locks ETH as collateral in the MakerDAO contract to
issue Dai stablecoins. Let us further assume that the Dai stablecoins are
locked in a compound lending smart contract to issue interest-bearing
derivative tokens, called cDai. The cDai tokens are subsequently moved to
the UniSwap ETH/cDai liquidity pool, along with some ETH, allowing the
person to withdraw UNI-cDai tokens representing a share of the liquidity
pool. With every additional smart contract, the potential risk of a bug
increases. If any of the contracts in the sequence fail, the UNI-cDai tokens
could potentially become worthless. These "token on top of a token on top of
a token" scenarios, which create wrapper tokens, can entangle projects in
such a way that theoretical transparency does not correspond to actual
transparency.

External Data. Another point worth mentioning is the fact that many smart
contracts are reliant on external data. Whenever a smart contract depends
on data that are not natively available on-chain, the data must be provided
by external data sources. These so-called oracles introduce dependencies
and may, in some cases, lead to heavily centralized contract execution. To
mitigate this risk, many projects rely on decentralized oracle networks with a
large variety of data provision schemes.

Illicit Activity. A common concern among regulators is that cryptoassets

may be used by individuals who want to avoid records and monitoring. While
the inherent transparency of DeFi is a deterrent to this use case, the
network's pseudonymity may provide some privacy. However, this may not
necessarily be a bad thing, and the situation is more complicated than it may
seem at first glance. On the one hand, pseudonymity can be abused by
actors with dishonest intentions. On the other hand, privacy may be a
desirable attribute for some legitimate financial applications.
Correspondingly, regulators should act with great care, trying to find
reasonable solutions that allow them to step in where necessary without
stifling innovation. Moreover, one has to be aware that regulating a
decentralized network may not be feasible.

While it is questionable whether regulators can (or should) regulate a

decentralized infrastructure, there are two areas that deserve special
attention, namely, fiat on- and off-ramps and the decentralization theater.

Fiat on- and off-ramps are the interface to the traditional financial system.
Whenever people want to move assets from their bank account to the
blockchain-based system or the other way, they have to go through a
financial service provider. These financial service providers are regulated and
may require background checks on the origin of the funds.

In a similar vein, it is important to differentiate between legitimate

decentralized protocols and projects that only claim to be decentralized but
are in fact under the exclusive control of an organization or a few individuals.
The former may provide exciting new possibilities and remove some
dependencies, while the latter may essentially introduce the worst of two
worlds, that is, de facto dependencies on a centralized operator with limited
supervision. Keeping this in mind, regulators should watch closely and
analyze carefully if a given DeFi protocol is indeed decentralized or if the DeFi
label is just for show in an attempt to get around regulation.

Scalability. Blockchains face the ultimate trade-off between

decentralization, security, and scalability. While the Ethereum blockchain is
generally regarded as relatively decentralized and secure, it struggles to
keep up with the great demand for block space. Escalating gas prices
(transaction fees) and long confirmation times adversely affect the DeFi
ecosystem and favor wealthy individuals who can conduct large trades.

Potential solutions to this problem include base-layer sharding, as well as

various Layer 2 solutions, such as state channels, ZK (zero knowledge)
rollups, and optimistic rollups. However, in many cases, scalability efforts
weaken composability and general transaction atomicity—two of DeFi's most
prominent features. On the other hand, moving DeFi to a more centralized
base layer does not seem to be a reasonable approach either, as it would
essentially undermine its main value proposition. Thus, it remains to be seen
if a truly decentralized blockchain can keep up with the demand and provide
the foundation for an open, transparent, and immutable financial
infrastructure.

4 CONCLUSION

DeFi offers exciting opportunities and has the potential to create a truly
open, transparent, and immutable financial infrastructure. Because DeFi
consists of numerous highly interoperable protocols and applications, every
individual can verify all transactions and data is readily available for users
and researchers to analyze.

DeFi has unleashed a wave of innovation. On the one hand, developers are
using smart contracts and the decentralized settlement layer to create
trustless versions of traditional financial instruments. On the other hand,
they are creating entirely new financial instruments that could not be realized
without the underlying public blockchain. Atomic swaps, autonomous liquidity
pools, decentralized stablecoins, and flash loans are just a few of many
examples that show the great potential of this ecosystem.

While this technology has great potential, there are certain risks involved.
Smart contracts can have security issues that may allow for unintended
usage, and scalability issues limit the number of users. Moreover, the term
"decentralized" is deceptive in some cases. Many protocols and applications
use external data sources and special admin keys to manage the system,
conduct smart contract upgrades, or even perform emergency shutdowns.
While this does not necessarily constitute a problem, users should be aware
that, in many cases, there is much trust involved. However, if these issues
can be solved, DeFi may lead to a paradigm shift in the financial industry and
potentially contribute toward a more robust, open, and transparent financial
infrastructure.

NOTES

1
An alternative approach can be found here: https://medium.com/pov-crypto/ethereum-the-

digital-finance-stack-4ba988c6c14b.
2
For readers who wish to understand the settlement layer better and want to read a general

introduction to blockchain and cryptocurrencies, see Berentsen and Schär (2018).

3
Etherscan (2021).
4
UTXO-based blockchain implementations such as Bitcoin allow sophisticated unlocking conditions

through their scripting language. Although most people would not call these locking scripts a smart

contract, they achieve similar goals in terms of the blockchain's custodial capabilities.
5
CoinMarketCap (2019).
6
In practice, the collateralization must be much larger, as any credit position with collateralization

below 150 percent is liquidated.

7
For example, such a token was created in regard to the outcome of the recent U.S. presidential

election.

REFERENCES

Adams, Hayden. "UniSwap." 2018; https://hackmd.io/@HaydenAdams/HJ9jLsfTz.

Berentsen, Aleksander and Schär, Fabian. "A Short Introduction to the World of Cryptocurrencies."

Federal Reserve Bank of St. Louis Review, 2018, 100(1), pp. 1-

16; https://doi.org/10.20955/r.2018.1-16.
Berentsen, Aleksander and Schär, Fabian. "Stablecoins: The Quest for a Low-Volatility

Cryptocurrency," in Antonio Fatás, ed., The Economics of Fintech and Digital Currencies. London:

CEPR Press, 2019, pp. 65-71.

Boado, Ernesto. "Aave Protocol Whitepaper (v1.0)." 2020; https://github.com/aave/aave-

protocol/blob/master/docs/Aave_Protocol_Whitepaper_v1_0.pdf.

Brooks, Samuel; Jurisevic, Anton; Spain, Michael and Wawrick, Kain. "Havven: A Decentralised

Payment Network and Stablecoin."

2018; https://www.synthetix.io/uploads/havven_whitepaper.pdf.

Buterin, Vitalik. "A Next-Generation Smart Contract and Decentralized Application Platform."

2013; https://blockchainlab.com/pdf/Ethereum_white_paper-

a_next_generation_smart_contract_and_decentralized_application_platform-vitalik-buterin.pdf.

CoinMarketCap. coinmarketcap.com, accessed September 15, 2019

Cronje, Andre. "Introduction to Yearn." 2020; https://docs.yearn.finance/.

Egorov, Michael. "StableSwap – Efficient Mechanism for Stablecoin Liquidity."

2019; https://www.curve.fi/stableswa...

Entrinken, William; Shirley, Dieter; Evans, Jacob and Sachs, Nastassia. "ERC-721 Non-Fungible

Token Standard." 2018; https://github.com/ethereum/EIPs/blob/master/EIPS/eip-721.md.

Etherscan. "Token Tracker." etherscan.io/tokens, accessed January 22, 2021.

Feng, Felix and Weickmann, Brian. "Set: A Protocol for Baskets of Tokenized Assets (v1.2)."

2019; https://www.setprotocol.com/pdf/set_protocol_whitepaper.pdf.

Hertzog, Eyal; Benartzi, Guy and Benartzi, Galia. "Bancor Protocol: Continuous Liquidity and

Asynchronous Price Discovery for Tokens Through Their Smart Contracts; aka 'Smart Tokens.'"

2017; https://whitepaper.io/document/52/bancor-whitepaper.

Juliano, Antonio. "dYdX: A Standard for Decentralized Margin Trading and Derivatives."

2017; https://whitepaper.dydx.exchange/.

Leshner, Robert and Hayes, Geoffrey. "Compound: The Money Market Protocol."

2019; https://compound.finance/documents/Compound.Whitepaper.pdf.

Liu, Zebang and Palayer, Guillaume. "Betoken Whitepaper: A Meritocratic Hedge Fund Built on

Ethereum." 2018; https://github.com/Betoken/Whitepaper/blob/master/BetokenWhitepaper.pdf.

Luu, Loi and Velner, Yaron. "KyberNetwork: A Trustless Decentralized Exchange and Payment

Service." 2017; https://whitepaper.io/document/43/kyber-network-whitepaper.

Martinelli, Fernando and Mushegian, Nikolai. "A Non-Custodial Portfolio Manager, Liquidity

Provider, and Price Sensor." 2019; https://balancer.finance/whitepaper/.

Oved, Michael and Mosites, Don. "Swap: A Peer-to-Peer Protocol for Trading Ethereum Tokens."

2017; https://www.airswap.io/whitepa...
Peterson, Jack; Krug, Joseph; Zoltu, Micah; Williams, Austin K. and Alexander, Stephanie. "Augur:

A Decentralized Oracle and Prediction Market Platform (v2.0)."

2019; https://www.augur.net/whitepaper.pdf.

Roth, Jakob and Schär, Fabian and Schöpfer, Aljoscha. "The Tokenization of Assets: Using

Blockchains for Equity Crowdfunding." 2019; http://dx.doi.org/10.2139/ssrn.3443382.

Szabo, Nick. "Smart Contracts."

1994; http://www.fon.hum.uva.nl/rob/Courses/InformationInSpeech/CDROM/Literature/LOTwinter

school2006/szabo.best.vwh.net/smart.contracts.html.

Szabo, Nick. "The Idea of Smart Contracts." 1997; https://nakamotoinstitute.org/the-idea-of-

smart-contracts/.

Trinkler, Reto and El Isa, Mona. "Melon Protocol: A Blockchain Protocol for Digital Asset

Management." 2017; https://github.com/melonproject/paper/blob/master/melonprotocol.pdf.

Vogelsteller, Fabian and Buterin, Vitalik. "ERC-20 Token Standard."

2015; https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20.md.

Warren, Will and Bandeali, Amir. "0x: An Open Protocol for Decentralized Exchange on the

Ethereum Blockchain." 2017; https://0x.org/pdfs/0x_white_paper.pdf.

Wolff, Max. "Introducing Marble: A Smart Contract Bank."

2018; https://medium.com/marbleorg/introducing-marble-a-smart-contract-bank-c9c438a12890.

Wood, Gavin. "Ethereum: A Secure Decentralised Generalised Transaction Ledger."

2015; https://ethereum.github.io/yellowpaper/paper.pdf.

Zhang, Yi; Chen, Xiaohong and Park, Daejun. "Formal Specification of Constant Product (x times y

= k) Market Maker Model And Implementation."

2018; https://github.com/runtimeverification/verified-smart-contracts/blob/uniswap/uniswap/x-y-

k.pdf.

© 2021, Federal Reserve Bank of St. Louis. The views expressed are those of the author(s) and do

not necessarily reflect official positions of the Federal Reserve Bank of St. Louis or the Federal

Reserve System.