Why Risk Management?

In DeFi, losses are permanent and instant. There’s no:

• FDIC insurance
• Customer support
• Transaction reversals

Hack announcement → TVL gone → Your funds gone
Time elapsed: Minutes

Risk management is survival.

---

What You’ll Learn

By the end of this lesson, you’ll understand:

1. Protocol risk factors - What to assess before depositing
2. Position sizing - How much to allocate
3. Diversification - Spreading risk intelligently
4. Monitoring - Early warning signs

---

The Foundation: DeFi Risk Categories

Category	Examples	Mitigation
Smart Contract	Bugs, exploits	Use audited protocols
Oracle	Price manipulation	Check oracle quality
Governance	Malicious proposals	Monitor voting
Economic	Bank runs, depegs	Understand mechanics
Regulatory	Sanctions, seizure	Jurisdiction research

---

The “Aha!” Moment

Here’s the key insight for DeFi risk:

Protocol risk is not independent. When one major protocol fails (FTX, Terra), it cascades. Your “diversified” positions across multiple protocols might all rely on the same oracle, the same bridge, or the same stablecoin. True diversification means checking for hidden correlations.

Diversification across protocols is not diversification across risk factors.

---

Protocol Risk Assessment

Before depositing, check:

1. Audit Status

❓ No audit
⚠️  Single audit, no bug bounty
✓  Multiple audits + active bug bounty ($1M+)
✓✓ Formal verification + track record

2. TVL and Lindy

❓ < $10M TVL, < 6 months old
⚠️  $10-100M, 6-12 months
✓  $100M-1B, 1-2 years
✓✓ $1B+, 3+ years, no exploits

3. Team and Governance

❓ Anonymous team, no governance
⚠️  Known team, token voting only
✓  Known team, timelock, multisig
✓✓ Fully decentralized, multiple checks

4. Dependency Risk

Check: What other protocols does this rely on?
- Oracles (Chainlink, Pyth)
- Bridges (Wormhole, LayerZero)
- Stablecoins (USDC, DAI)

---

Position Sizing Framework

Position Size = Risk Tolerance × Protocol Safety Score

Portfolio: $100,000

Tier 1 (Blue Chip): Up to 30% each
- Aave, Compound, Uniswap
- Max position: $30,000

Tier 2 (Established): Up to 15% each
- Curve, Convex, GMX
- Max position: $15,000

Tier 3 (Growing): Up to 5% each
- Newer protocols, <1 year
- Max position: $5,000

Tier 4 (Degen): Up to 1% each
- New, unaudited, experimental
- Max position: $1,000

---

Common Misconceptions

Myth: “Audited = safe.”
Reality: Audits are snapshots. Protocol changes after audit can introduce bugs. Ronin, Wormhole, and Nomad were all audited.

Myth: “Big TVL = safe.”
Reality: Big TVL means big target. Attackers are attracted to high-value protocols. Size ≠ security.

Myth: “Diversification across many farms protects you.”
Reality: If all your farms rely on the same oracle feed or stablecoin, you’re not diversified. One USDC depeg hits all of them.

---

Risk Monitoring

On-Chain Signals

# Monitor large withdrawals (possible insider knowledge)
def alert_whale_exit(protocol, threshold_usd=1_000_000):
    while True:
        withdrawals = get_recent_withdrawals(protocol)
        for w in withdrawals:
            if w.value_usd > threshold_usd:
                send_alert(f"Whale exit: {w.value_usd} from {protocol}")
        time.sleep(60)

Governance Signals

Monitor for:
- Proposals changing key parameters
- Emergency proposals
- Large tokenholder movements before votes

Social Signals

Twitter accounts of:
- Security researchers (@samczsun)
- Protocol teams
- On-chain analysts

Discord/Telegram for early breach reports

---

Emergency Response Plan

Have a plan BEFORE the crisis:

1. Exit Routes

Know how to withdraw from every protocol
Keep gas available for emergency exits
Test withdrawal before depositing large amounts

2. Revoke Approvals

// Revoke unlimited approvals you don't need
await token.approve(protocol, 0);

// Or use revoke.cash to audit all approvals

3. Hardware Wallet Ready

Hot wallet for active DeFi
Cold wallet for long-term holds
Practice transfers before you need them urgently

---

Portfolio Construction

Example allocation:

Total: $100,000

Stables (Low Risk): 40%
├── Aave USDC lending: $20,000
└── Curve 3pool LP: $20,000

Blue Chip DeFi: 35%
├── Uniswap ETH/USDC LP: $15,000
├── GMX staking: $10,000
└── Lido stETH: $10,000

Growth: 15%
├── Protocol X (1 year old, audited): $10,000
└── Protocol Y (6 months, good team): $5,000

Experimental: 5%
└── Various degen farms: $5,000

Not in DeFi: 5%
└── Gas reserves, emergency fund: $5,000

---

Practice Exercises

Exercise 1: Assess a Protocol

Pick a protocol you use or are considering.
Rate it on:
1. Audit quality (1-5)
2. TVL and age (1-5)
3. Team/governance (1-5)
4. Dependency risk (1-5)

Would you adjust your position size?

Exercise 2: Find Hidden Correlation

You have positions in:
- Aave (USDC lending)
- Curve (USDC/USDT/DAI pool)
- GMX (USDC perps)

What single event could hurt all three?

Exercise 3: Emergency Drill

Pretend your largest position just got exploited.
Can you:
1. Verify the exploit (where to check?)
2. Exit other related positions (how fast?)
3. Revoke approvals (do you know how?)

---

Key Takeaways

1. Assess protocol risk systematically - Audits, TVL, team, dependencies
2. Size positions by risk tier - More for blue chips, less for degen
3. Diversify across risk factors - Not just protocols
4. Monitor and plan for emergencies - React fast when needed

---

What’s Next?

🎯 Continue learning: DeFi Protocol Security

🔬 Expert content: DeFi Security

Now you can manage risk in DeFi systematically. 🛡️