Underwriting Model

DeFi models use on-chain data and smart contract logic to algorithmically price risk, eliminating subjective human judgment. This involves analyzing factors like:

• Collateralization ratios and asset volatility
• Historical liquidation data from lending protocols
• Protocol-specific metrics (e.g., utilization rates, governance stability)

Examples include Aave's dynamic interest rate model, which adjusts borrowing costs based on pool utilization, and Nexus Mutual's pricing model for smart contract cover.

The dominant underwriting model in DeFi lending requires borrowers to lock cryptocurrency collateral worth more than the loan value. This creates a safety buffer (e.g., 150% collateralization ratio) to protect lenders against asset price volatility. Key aspects:

• Liquidation engines automatically sell collateral if its value falls below a threshold.
• Liquidation penalties incentivize keepers to trigger sales and protect the protocol.
• Stability is prioritized over capital efficiency, contrasting with TradFi credit-based underwriting.

Risk is distributed across a capital pool funded by liquidity providers (LPs) or stakers, who earn yields in exchange for underwriting exposure. This model underpins peer-to-protocol systems.

• In lending (Compound, Aave), LPs fund the lending pool that absorbs defaults.
• In insurance (Nexus Mutual), staked capital backs claims payouts.
• In derivatives (Synthetix), stakers collectively underwrite the debt pool backing synthetic assets. Risk is shared, not assigned to a single entity.

All underwriting rules—interest rate curves, liquidation thresholds, claim assessment criteria—are encoded in public, auditable smart contracts. This creates verifiable and predictable risk pricing.

• Users can audit the exact logic determining their loan health or insurance premium.
• Parameters are often governed by DAO votes, allowing community adjustment of risk models (e.g., adjusting collateral factors for new assets).
• This transparency reduces information asymmetry but exposes the model to potential exploitation if flawed.

Underwriting states update in real-time based on oracle-fed price data, triggering automatic responses like liquidations. This creates a dynamic, reactive system.

• Price oracle reliability is a critical point of failure; manipulation can cause unjust liquidations or protocol insolvency.
• Models can incorporate time-weighted average prices (TWAPs) to mitigate oracle flash crash risks.
• Some advanced models use keeper networks to execute complex, gas-intensive liquidation logic off-chain before settling on-chain.

Newer models aim to improve capital efficiency beyond simple overcollateralization.

• Credit Delegation: (Aave) Allows trusted entities to underwrite loans on behalf of borrowers, using their creditworthiness.
• Real-World Asset (RWA) Backing: Protocols like Centrifuge tokenize real-world invoices or assets as collateral, requiring traditional legal frameworks alongside on-chain logic.
• Identity & Reputation-Based: Systems using decentralized identity or on-chain reputation scores (e.g., credit history from previous loans) to assess trust. These models reintroduce elements of counterparty risk assessment.

A model allowing loans with less collateral than the borrowed value, relying on alternative risk assessments. Mechanisms include:

• Credit Delegation: A trusted entity (delegator) underwrites the borrower's credit risk.
• Identity-based Scoring: Using off-chain credit scores or on-chain reputation.
• Pool-based Insurance: Risk is mutualized across a pool of lenders. This model increases capital efficiency but introduces counterparty risk.

Risk is siloed into discrete, configurable lending pools. Each pool has its own set of approved collateral assets, loan-to-value ratios, and interest rate curves. This limits contagion risk; a default or depeg in one pool does not affect others. Protocols like Euler Finance (prior to its hack) and Radiant Capital employ this architecture for granular risk management.

Relies exclusively on price oracles (e.g., Chainlink) to determine the real-time value of collateral for loan health calculations. The underwriting logic is automated: if the collateral value falls below the required threshold, a liquidation is triggered. This is the standard for most DeFi protocols but introduces oracle risk, where faulty price feeds can cause unjust liquidations or bad debt.

This distinction defines the liquidity structure:

• Peer-to-Pool (P2Pool): Lenders deposit into a shared liquidity pool from which borrowers draw. The protocol itself acts as the underwriter and counterparty. (e.g., Aave, Compound).
• Peer-to-Peer (P2P): Loans are matched directly between individual participants, often with negotiated terms. The platform may facilitate but does not underwrite the risk. (e.g., early NFTfi loans).

A model that facilitates direct, matched agreements between individual risk-takers and risk-seekers, often via an order book. This allows for customized terms but requires a counterparty match and can suffer from lower liquidity. The protocol acts as a marketplace and enforcer of terms rather than a pooled risk bearer.

Examples:

• Opyn v1, Hedgey: Options protocols where writers and buyers are matched directly.
• Traditional Lloyd's of London syndicates: The analog inspiration for this model in DeFi.

This card contrasts the two primary methods for pricing risk in underwriting models.

• Actuarial Pricing: Uses historical loss data and statistical models to estimate future claims and set premiums. Requires a mature dataset. Example: Traditional insurance and some decentralized insurance protocols as they accumulate data.

• Algorithmic (Parameterized) Pricing: Uses predefined, on-chain rules and oracle inputs to automatically trigger payouts and determine costs. Prioritizes objectivity and speed over historical precision. Example: Parametric crop insurance that pays out based on verified weather data.

A method for protocols to cede risk to other capital providers, increasing their underwriting capacity and stability. This creates layers of risk absorption, similar to traditional finance.

Common Structures:

• Excess-of-Loss: A secondary protocol or entity covers losses above a certain threshold.
• Risk Tranches: Capital pools are divided into senior/junior tranches with different risk-return profiles (e.g., senior tranches have priority on capital but lower yield).

Purpose: Mitigates black swan risk and protects primary liquidity providers.

This input uses a borrower's immutable on-chain transaction history to assess creditworthiness. The model analyzes patterns such as:

• Wallet age and activity frequency
• Repayment history on previous loans
• Portfolio composition and diversification
• Governance participation and protocol loyalty Protocols like Goldfinch and TrueFi incorporate these signals to offer uncollateralized or undercollateralized loans to qualified entities.

For loans backed by tangible assets, the underwriting model requires verified off-chain data. This includes:

• Appraisal values from licensed professionals
• Legal entity verification (KYC/KYB)
• Revenue/income attestations for business loans
• Title and registry proofs for real estate Oracles like Chainlink and Pyth are often used to bring attested data on-chain, bridging the gap between traditional finance and DeFi underwriting.

A core function of DeFi underwriting is evaluating the risk profile of digital collateral. Key metrics fed into the model are:

• Price volatility (standard deviation of asset price)
• Market depth and liquidity on DEXs
• Concentration risk within the protocol's portfolio
• Oracle reliability and update frequency These inputs directly determine the Loan-to-Value (LTV) ratio and the need for liquidation bonuses to protect lenders.

This involves internal metrics that define the health and risk tolerance of the lending platform itself. The underwriting model monitors:

• Total Value Locked (TVL) concentration
• Utilization rates for specific asset pools
• Historical insolvency rates from liquidations
• Governance-controlled parameters like stability fees Protocols like Aave and Compound use these inputs to dynamically adjust global risk parameters through their governance frameworks.

Modern underwriting must account for systemic risk and interconnectedness within DeFi. This analysis includes:

• Borrower's debt positions across multiple protocols (e.g., via DeFi Saver or Zapper)
• Collateral rehypothecation risks
• Dependency on shared oracle providers
• Correlation between asset prices in a crisis Tools like Credmark and Gauntlet provide aggregated risk data to model these complex dependencies.

Underwriting models exist on a spectrum from fully algorithmic to human-in-the-loop.

• Automated (Trustless): Uses smart contracts and oracle feeds exclusively (e.g., MakerDAO vaults). Fast and permissionless, but limited to quantifiable on-chain data.
• Manual (Judgement-based): Involves off-chain committees or underwriter DAOs (e.g., Maple Finance pools). Allows for nuanced analysis of off-chain data but introduces trust and scalability trade-offs.

The core function of an underwriting model is to evaluate the probability of default or loss. This involves analyzing collateral factors (e.g., volatility, liquidity), borrower factors (e.g., on-chain history, health factor), and protocol-specific parameters. Models assign a risk score that directly influences the loan-to-value (LTV) ratio, interest rates, and collateral requirements.

Accurate, real-time pricing is critical. Underwriting models rely on price oracles (e.g., Chainlink, Pyth) to determine collateral value. Key risks include:

• Oracle manipulation: Flash loan attacks to skew prices.
• Staleness: Delayed updates during high volatility.
• Asset-specific risks: Illiquid or volatile collateral requires higher liquidation penalties and lower LTVs.

A robust model must define clear, executable liquidation triggers to protect lenders. This includes:

• Liquidation threshold: The LTV level at which a position becomes eligible for liquidation.
• Liquidation bonus: The discount offered to liquidators.
• Auction design: Ensuring liquidations are capital-efficient and resistant to MEV extraction. Failures here can lead to undercollateralization and protocol insolvency.

Model parameters (LTV, liquidation threshold, reserve factors) are not static. They are often governed by DAO votes or a multisig. Risks include:

• Governance attacks: Malicious proposals to alter parameters for exploitation.
• Parameter misconfiguration: Overly aggressive settings can increase defaults; overly conservative settings reduce capital efficiency. Continuous monitoring and stress testing are essential.

• Overcollateralized Lending (e.g., MakerDAO, Aave): Requires collateral value > loan value. Mitigates default risk but limits capital efficiency.
• Undercollateralized Lending / Credit Delegation (e.g., Aave Credit Delegation, Maple Finance): Relies on identity/credit scoring or pool-specific covenants. Introduces counterparty risk and requires sophisticated off-chain legal frameworks or on-chain reputation systems.

Effective models are tested against historical and hypothetical black swan events. This includes simulating:

• Extreme market volatility (e.g., March 2020, LUNA collapse).
• Oracle failure modes.
• Liquidity crunches in collateral markets.
• Correlated asset depeggings. The goal is to ensure the protocol's solvency and the liquidity of its safety reserves (e.g., protocol-owned bad debt) under adverse conditions.

A risk-mitigation model where a borrower must lock collateral worth more than the loan value. It is the foundational model for most decentralized lending protocols like MakerDAO and Aave.

• Primary Use: Securing loans against volatile assets like ETH.
• Key Metric: Loan-to-Value (LTV) Ratio, which caps borrowing power (e.g., 80% LTV means a $100 collateral secures an $80 loan).
• Purpose: Protects lenders from market volatility and liquidation delays.

The core process of evaluating a borrower's credit risk to set loan terms like interest rates and collateral requirements. In TradFi, this is manual; in DeFi, it's executed by smart contracts.

• TradFi: Analyzes credit history, income, and debt-to-income ratio.
• DeFi: Analyzes on-chain data, wallet history, collateral volatility, and oracle prices.
• Output: Determines the borrowing capacity and liquidation thresholds for a position.

A specialized oracle that provides real-time, verifiable data feeds specifically for risk assessment. It is a critical infrastructure component for sophisticated underwriting models.

• Data Provided: Asset volatility, correlation matrices, probability of default, and liquidation cost estimates.
• Function: Enables dynamic adjustment of LTV ratios and liquidation penalties based on market conditions.
• Example: Chainlink's suite of data feeds can power these calculations.

An algorithmic assessment of a wallet's or borrower's creditworthiness based on their immutable on-chain history. This enables under-collateralized or identity-based lending.

• Data Sources: Transaction history, repayment track record, wallet age, asset diversity, and DeFi protocol interactions.
• Goal: To generate a trust score that can lower collateral requirements.
• Protocol Example: Goldfinch uses this model for real-world asset (RWA) lending by assessing off-chain entity credibility.

The automated mechanism that enforces the rules of an underwriting model by seizing and selling a borrower's collateral when their position becomes undercollateralized.

• Trigger: Activated when the collateral value falls below a predefined liquidation threshold.
• Process: Liquidators repay part of the debt in exchange for the collateral at a discount (liquidation bonus).
• Purpose: Ensures the protocol remains solvent, protecting lenders from bad debt.

The specific, quantifiable variables set by a protocol's governance that define its underwriting model. These are the levers for managing systemic risk.

• Common Parameters: Maximum LTV, Liquidation Threshold, Liquidation Penalty, Debt Ceilings per asset, and Interest Rate Model settings.
• Governance: Typically adjusted via decentralized autonomous organization (DAO) votes based on market analysis.
• Impact: Directly determines the safety, capital efficiency, and usability of a lending market.