Tl;DR: Astrolab mitigates potential loss of funds from farmed protocols by redirecting collected fees to affected crates, allowing them to recover over time. Liquidity is split across multiple protocols to reduce overall exposure.
Risk management is key
DeFi comes with its share of risks. According to Chainalysis, 3.2 B$ was stolen in 2021, and the trend is unfortunately on the rise.
An increasing number of bad actors have emerged—some being opportunistic, others being highly organized. Protocols that store substantial amounts of value soon become desirable targets and therefore mandate strong risk management. Because hacks are devastating for users and developers alike, avoiding them and mitigating their effects should be a top priority for every DeFi protocol.
If DeFi wants to stay free, it needs to stay safe.
Keeping Astrolab safe
Most protocols adopt optimistic measures against hacks. Examples include audits, decentralized governance, bounties and smart contract monitoring. Such measures may prove insufficient, as bugs can stay undetected for significant periods and third parties may not always be reliable.
A balanced approach to smart contract risk management should also implement pessimistic measures. In other words, how to make sure an exploit does not threaten the protocol and its users.
Insurance offers a classic solution and is a well-known measure of protection in centralized finance. In DeFi’s ultra-competitive race for the highest possible yields, however, insurance costs aren't very popular. Only 2% of protocols are currently insured, according to Bitcoinist.
Insurance protocols face several challenges concerning evaluating risks in an industry evolving at breakneck speeds, with limited regulation and an absence of law enforcement.
As protocols grow, so do insurance costs, and the lack of scalability inevitably becomes a problem. Because Astrolab’s Crates interact with multiple protocols, it would be difficult for a third party insurance protocol to accurately evaluate risks as Astrolab scales.
Astrolab's solution is thus to insure itself and use the $ASL token to protect the protocol.
If you'd like to know more, you can read those interesting takes on risk management and tokenomics:
- Protocols Don’t Capture Value, DAOs Manage Risk Multicoin Capital
- ApeCoin & the death of staking @cobie