Why Risk Management?

In DeFi, losses are permanent and instant. There’s no:

• FDIC insurance
• Customer support
• Transaction reversals

Hack announcement → TVL gone → Your funds gone
Time elapsed: Minutes
```bash

Risk management is survival.

---

## DeFi Risk Categories

| Category | Examples | Mitigation |
|----------|----------|------------|
| **Smart Contract** | Bugs, exploits | Use audited protocols |
| **Oracle** | Price manipulation | Check oracle quality |
| **Governance** | Malicious proposals | Monitor voting |
| **Economic** | Bank runs, depegs | Understand mechanics |
| **Regulatory** | Sanctions, seizure | Jurisdiction research |

---

Protocol risk is not independent. When one major protocol fails (FTX, Terra), it cascades. Your "diversified" positions across multiple protocols might all rely on the same oracle, the same bridge, or the same stablecoin. True diversification means checking for hidden correlations.

Diversification across protocols is not diversification across risk factors.

---

## Protocol Risk Assessment

Before depositing, check:

### 1. Audit Status
```text
❓ No audit
⚠️  Single audit, no bug bounty
✓  Multiple audits + active bug bounty ($1M+)
✓✓ Formal verification + track record
```text

### 2. TVL and Lindy
```text
❓ < $10M TVL, < 6 months old
⚠️  $10-100M, 6-12 months
✓  $100M-1B, 1-2 years
✓✓ $1B+, 3+ years, no exploits
```text

### 3. Team and Governance
```text
❓ Anonymous team, no governance
⚠️  Known team, token voting only
✓  Known team, timelock, multisig
✓✓ Fully decentralized, multiple checks
```text

### 4. Dependency Risk
```yaml
Check: What other protocols does this rely on?
- Oracles (Chainlink, Pyth)
- Bridges (Wormhole, LayerZero)
- Stablecoins (USDC, DAI)
```diff

---

## Position Sizing Framework

```text
Position Size = Risk Tolerance × Protocol Safety Score

Portfolio: $100,000

Tier 1 (Blue Chip): Up to 30% each
- Aave, Compound, Uniswap
- Max position: $30,000

Tier 2 (Established): Up to 15% each
- Curve, Convex, GMX
- Max position: $15,000

Tier 3 (Growing): Up to 5% each
- Newer protocols, <1 year
- Max position: $5,000

Tier 4 (Degen): Up to 1% each
- New, unaudited, experimental
- Max position: $1,000
```diff

---

## Common Misconceptions

**Myth:** "Audited = safe."
**Reality:** Audits are snapshots. Protocol changes after audit can introduce bugs. Ronin, Wormhole, and Nomad were all audited.

**Myth:** "Big TVL = safe."
**Reality:** Big TVL means big target. Attackers are attracted to high-value protocols. Size ≠ security.

**Myth:** "Diversification across many farms protects you."
**Reality:** If all your farms rely on the same oracle feed or stablecoin, you're not diversified. One USDC depeg hits all of them.

---

## Risk Monitoring

### On-Chain Signals
```python
# Monitor large withdrawals (possible insider knowledge)
def alert_whale_exit(protocol, threshold_usd=1_000_000):
    while True:
        withdrawals = get_recent_withdrawals(protocol)
        for w in withdrawals:
            if w.value_usd > threshold_usd:
                send_alert(f"Whale exit: {w.value_usd} from {protocol}")
        time.sleep(60)
```text

## Governance Signals
```text
Monitor for:
- Proposals changing key parameters
- Emergency proposals
- Large tokenholder movements before votes
```text

### Social Signals
```text
Twitter accounts of:
- Security researchers (@samczsun)
- Protocol teams
- On-chain analysts

Discord/Telegram for early breach reports
```diff

---

## Emergency Response Plan

Have a plan BEFORE the crisis:

### 1. Exit Routes
```sql
Know how to withdraw from every protocol
Keep gas available for emergency exits
Test withdrawal before depositing large amounts
```text

### 2. Revoke Approvals
```javascript
// Revoke unlimited approvals you don't need
await token.approve(protocol, 0);

// Or use revoke.cash to audit all approvals
```text

### 3. Hardware Wallet Ready
```text
Hot wallet for active DeFi
Cold wallet for long-term holds
Practice transfers before you need them urgently
```diff

---

## Portfolio Construction

Example allocation:

```yaml
Total: $100,000

Stables (Low Risk): 40%
├── Aave USDC lending: $20,000
└── Curve 3pool LP: $20,000

Blue Chip DeFi: 35%
├── Uniswap ETH/USDC LP: $15,000
├── GMX staking: $10,000
└── Lido stETH: $10,000

Growth: 15%
├── Protocol X (1 year old, audited): $10,000
└── Protocol Y (6 months, good team): $5,000

Experimental: 5%
└── Various degen farms: $5,000

Not in DeFi: 5%
└── Gas reserves, emergency fund: $5,000
```diff

---

## Practice Exercises

### Exercise 1: Assess a Protocol
```text
Pick a protocol you use or are considering.
Rate it on:
1. Audit quality (1-5)
2. TVL and age (1-5)
3. Team/governance (1-5)
4. Dependency risk (1-5)

Would you adjust your position size?
```text

### Exercise 2: Find Hidden Correlation
```text
You have positions in:
- Aave (USDC lending)
- Curve (USDC/USDT/DAI pool)
- GMX (USDC perps)

What single event could hurt all three?
```text

### Exercise 3: Emergency Drill
```sql
Pretend your largest position just got exploited.
Can you:
1. Verify the exploit (where to check?)
2. Exit other related positions (how fast?)
3. Revoke approvals (do you know how?)

---

Key Takeaways

1. Assess protocol risk systematically - Audits, TVL, team, dependencies
2. Size positions by risk tier - More for blue chips, less for degen
3. Diversify across risk factors - Not just protocols
4. Monitor and plan for emergencies - React fast when needed

---

What’s Next?

Continue learning: DeFi Protocol Security