Some misconceptions and paradoxes in DeFi lending: Lending is based on trust. This is the self-evident truth on which banking is built. Losing trust means losing capital, and that can cause bank runs or systemic collapses. The way to preserve trust is to create a system that is fundamentally risk-averse throughout the entire supply chain. Ignore this rule and you are effectively in the business of risk-taking, which is more akin to today’s hedge funds. DeFi lending protocols follow the same basic principles as banking. The fundamental difference between traditional finance and DeFi lending systems is that lending protocols encode trust mechanisms into the code for reasons like improving automation, capital efficiency, and liquidity provisioning etc. Some people have a flawed idea that if a lending protocol fixes parameters around trust, it will somehow improve trust. Of course, this does not make sense since you are simply moving trust from one place to another. From one market level to another, but not really improving the trust assumptions, at all in fact. You also cannot rely on fully immutable systems in dynamic marketplaces such as lending and borrowing. This is why comparing lending protocols to AMMs does not work either. Traders on AMMs do not depend on ongoing trust; their transactions are one-off trades, while borrowers and lenders maintain a relationship until the debt is repaid. Applying immutable parameters means the system cannot adapt to changing market conditions, and financial markets are nothing if not dynamic. It’s relatively straightforward to run immutable model during up cycle, however bear markets is where the true resiliency is tested out. Now, back to the idea of moving trust from one place to another. Since trust always exists in lending, and most markets will likely rely on some level of human involvement, the real question is: at what level and under what circumstances should that involvement occur? In isolated lending protocols like Aave, decision-making happens at the lowest level, close to the markets. This has benefits, such as ensuring that parameter decisions remain aligned with the protocol’s risk framework in a non-conflicted way. Risk managers are paid fixed fees to protect the protocol. If they fail, they get replaced, as we have seen before. In designs where human involvement is moved higher up and risk curators are incentivized based on fund performance, hidden issues can emerge that are highly detrimental to the system. First, the idea of risk curation as isolation is misleading. While markets may be separated, risk curators often share liquidity across markets by supplying to the same markets and comingling strategies. This means users can be exposed to the weakest curator or market in the system, with no capped protection. For example: Curator A supplies liquidity to markets B and C, while curator D supplies liquidity to markets C and E. If market E loses trust, for instance through a depeg event like xUSD or deUSD, it could trigger a bank run from market E, driving utilization to 100% and creating a race for withdrawals and even full insolvency. At the same time, LPs withdrawing from the curated vaults cause another bank run at the vault level, meaning markets B and C are affected too. As a result, curator A’s LPs, even those subscribed to less risky strategies, would also be impacted, intensifying the liquidity contagion, even if they didn’t supply the liquidity into the problematic market, creating protocl-wide bank run. This is my biggest concern with this type of design model: it leads to contagious liquidity effects that break trust while marketing some sort of risk isolation, which doesn’t in reality exist. It is especially problematic for RWAs, which require greater isolation due to their specific characteristics. The problem worsens when considering curator incentives. DeFi risk strategies are highly commoditized. Lending against ETH or BTC is not particularly profitable or exciting for degens. So curators often go on the offensive, adding new types of collateral, sometimes untested or poorly understood. Other curators then rush to copy and allocate capital to these new markets. It becomes a speed race to capture reward at the cost of additional risk, much like hedge funds today operate. It’s especially problematic for integrators that are looking to run their own strategies, knowing they would be commingled with strategies ran by riskier vault curators, making integrations more challenging. Also this design comes at the cost of liquidity segregation, without truly improving or isolating risk, while introducing potential systemic contagion on every bank run. Given the permissionless nature, we will see more events of contagions spread. It’s important for everyone to understand the mechanisms. DeFi is still relatively young, less than a decade old, and any large-scale issue could set the industry back significantly. We are close to building safe and secure DeFi, and we need to protect the users. Hope this is a good learning on how to build better DeFi. Just use Aave.