What happens when on-chain protocols rely too much on trust and relationships—with examples.

What happened

Josh caught up with Kiba over the summer and invited him to share some of his thoughts. Today’s guest post is by community member Kiba Gateaux, founder of Debt DAO (see our earlier post on Debt DAO). Thanks to Josh and John for editing.

The Iron Bank

Iron Bank (IB), was the first on-chain B2B lending protocol. It was a Compound fork dreamed up by the Yearn team to get better access to leverage on their yield farming strategies. It allowed whitelisted protocols to borrow with little to no collateral, similar to what Gearbox does today.

After integrating with Yearn, Alpha Homora (AH) was Iron Bank’s next integration in early 2021. It gave AH LP yield farmers access to the same leverage Yearn stablecoin farmers enjoyed. Unfortunately, AH got hacked for around $38M, around $32M of which was pulled as debt from IB. AH promised to pay back from 20% of protocol revenue and maintain full collateralization with ALPHA tokens.

Two years later in March 2023 and $30M of debt still outstanding, things took a dramatic turn when IB paused AH’s line of credit for failure to repay, locking the AH protocol and all user funds inside.

The AH team wrote, “Iron Bank, to our shock, has revealed itself to have centralized control of the network”. Iron Bank and Yearn were practically the same entity, and so the standards for contract clarity they set were optimized for excessive amounts of trust and shared incentives. Alpha Homora had adopted all these processes as a third-party, and when the relationship turned adversarial, those processes resulted in some shocking outcomes.

Credit lines may be opened and closed on-chain, but it doesn’t mean the actual lending process has become trustless or decentralized. Previously, the loan contracts were upgraded by IB to prevent any further interest from accruing on AH’s debt immediately after the hack while the situation was resolved. While at the time, that seemed a benefit to AH, it also showed that IB had the ability to change the terms of the agreement at any time at their will. What could possibly go wrong?

There was no protocol for basic things like management, repayment, or closing. There are some things in the IB protocol such as interest rates and opening/closing credit lines but they are not tied into the loan logic itself, as we saw with the IB team unilaterally and spontaneously closing the credit line. Unilateral control isn’t healthy, even when two unrelated parties trust each other.

We need on-chain credit protocols with trustless covenants.

On-chain credit protocols cover the entire credit lifecycle and all agreed covenants of the agreement including collateral ratios, interest rates, repayment schedule, use of funds, arbitration, liquidation, and escrowing.

This protects all stakeholders, allowing for a more robust credit market that leverages trustlessness/transparency/decentralization for efficiencies, potentially reducing interest rates while increasing lenders profits.

Was Iron Bank on-chain credit?

Yes. But was it a trustless protocol? No.

Part of the IB-AH blowout is a study in early naïveté, and part of it is a reflection that their agreement wasn’t really transparent credit or on-chain credit. It was just a contract that could be changed by a single party. Looking back now, it is pretty hard to find on-chain what the original terms even were. Maybe even they don’t remember. I have still yet to find a smart contract that encodes the 20% revenue split from AH’s protocol revenues that secures the line of credit agreement. So while AH’s borrowing + lending abilities and escrow + liquidation terms used predefined permissions, they are not cohesively managed as a single lending process.

Procedures for a default/liquidation/insolvency situation appear to be completely undefined and unenforceable on-chain or off-chain. This should concern Iron Bank, because even with their god-like control of the contract terms, ALPHA can DDOS Iron Bank anytime from withdrawing $ALPHA tokens for liquidations; the contract doesn’t check if AH is liquidatable or not. On the flip side, this also means that Iron Bank can liquidate funds even if AH isn’t undercollateralized. In fact, the escrow contract is not connected to the line of credit agreement at all. The lending agreement has no way to interact with or even view the collateral that’s supposed to be backing it.

There’s a lot of damage that these two entities can do to each other under this relatively unstructured agreement. Even when there’s trust, deleveraging through processes can be barbaric.

The AH team is proposing to fully repay their debt with seized funds and IB will only return excess user deposits on non-ETH chains. So the barbaric method of recourse does work but there are future repercussions to losing trust, lower efficiency and effectiveness from lack of automation, and other effects from manual trust-based credit process, even if put on-chain. While you may gripe about whether IB was right or wrong to pause their lending thus halting the entire AH protocol, the most important thing is that it was effective. IB’s barbaric method of recourse forced the AH team’s hand. So while Iron Bank was surely on-chain, it wasn’t quite an on-chain credit protocol.

The case for cryptonative credit

In summary, the problems with the Iron Bank <> Alpha Homora deal were:

1. Generally undefined or enforceable terms for any parts of the loan

   1. No repayment schedule

   2. No collateralization and liquidation configuration or automation

   3. No recourse for inability to pay

   4. No enforceability of revenue-based payments / fee garnering

2. Lender can unilaterally change the terms of the agreement at any time

3. Lender could request liquidation at anytime regardless of collateral ratio

4. Borrower could prevent valid liquidations

5. Final recourse option holding user funds hostage

While I was a contributor at CREAM, the DAO behind Iron Bank, over the course of the Alpha Homora deal, I decided we could do better in crypto. I started building Debt DAO as a purpose-built DeFi protocol for enabling on-chain commercial credit and business financing. Debt DAO focused on “revenue-based financing” to help bootstrapped and other profitable on-chain entities access business loans instead of only having VCs as a funding source.

Without clear protocols, on-chain credit may be easier but not necessarily safer. With the haphazard setup of their deal, Alpha Homora likely would have faced issues regardless of their hack and bad debt. And this debacle happened to a borrower that didn’t even put up capital. Using poorly orchestrated off-chain and on-chain agreements Alpha Homora effectively put their entire protocol up as collateral and got repossessed when they failed to repay their debt to Iron Bank.

Credit protocols give us more accurate risk analysis from transparent terms, reduced operational costs from standardization and automation, and better DeFi integrations from the above. With more capital deployed faster with less risk, we increase yields by making lending more efficient, possibly with lower rates in the long term.

Who’s doing on-chain credit today?

Pareto is a new credit protocol with $50M TVL that is servicing private structured credit that is probably the closest ever attempt at a full on-chain credit protocol.

Wildcat Finance uses a peer-to-pool loans with borrower defined terms with around $100M of TVL.

Some credit protocols have scaled without the full credit lifecycle on-chain. In fact the biggest one looks like this: Maple Finance has trusted pools where a single manager approves loans and signs off-chain legal contracts. These pools are a step above the Iron Bank deal but they are still not a fully on-chain protocol. This has brought in $2B in TVL earning 10% APY for depositors to Maple pools. While deposits are via smart contract, loan terms and enforcement are all in the off-chain fiat legal system. Maybe this is the optimal solution? To be continued.