Risk &
Mitigation Paper
The purpose of this Risk & Mitigation Paper is to provide a comprehensive understanding of the risks associated with Coinchange technology platform and the measures taken to mitigate and manage them. It covers main risks including cybersecurity risks, crypto-related counterparty risks, and Earn account strategy risks. The paper details the systems in place to manage these risks and helps users make informed decisions about using Coinchange's services.
Risk & Mitigation Paper
Coinchange is a technology platform that allows users to earn crypto on their holdings by facilitating yield generation through DeFi strategies. Coinchange strategies are automated systems, based on proprietary financial models that rebalance funds in the DeFi ecosystem as per changing market conditions.
This document aims to provide a clearer understanding of Coinchange’s main risk stack and the processes/systems in place to mitigate and manage those risks, mainly cybersecurity risks, crypto related counterparty risks and Earn account strategy risks. For a more comprehensive coverage of Coinchange risks on top of the ones covered here, please refer to our Risk Disclosure document.
Cybersecurity Risk
Cybersecurity risk is a crucial aspect of Coinchange's Fintech business model. Incidents can occur due to intentional or unintentional events. As technology and computer systems play a significant role in the functioning of our type of business, digital assets and platform services are at risk of operational and information security risks, including but not limited to malware attacks, denial of service attacks, coordinated attacks, and account takeovers by malicious individuals or groups. Such actions can negatively impact the Platform and Services availability.
Below is a list of risk and mitigation processes.
Cyber risk
Definition
Cyberattacks include but are not limited to gaining unauthorized access to digital systems for purposes of misappropriating assets or sensitive information, corrupting data, or causing operational disruption whether it pertains to Coinchange off-chain elements like server infrastructure or on-chain elements like smart contracts. If the logic of the smart contract is flawed, it could get exploited and give the malicious actors access to funds that it controls. Cyberattacks may also be carried out in a manner that does not require gaining unauthorized access, such as causing denial of service attacks on infrastructure.
Cyber security failures or breaches of the third party service providers (including, but not limited to, software providers, cloud services providers, index providers, the administrator and transfer agent) could have a negative impact on digital assets and Coinchange Services.
Internally the platform makes use of admin keys to access data and services. Such keys exist for off-chain (Web 2.0) and on-chain elements (Web 3) at Coinchange, and their management can be the weak link which can lead to exploits and loss of funds. Improper storage, protection and segregation of Web 2.0 and Web 3 private keys can result in malicious attackers (internal actors or external actors) gaining control and halting or stealing funds from the platform.
Migitation
Coinchange has successfully passed penetration tests of its applications and services by third party security firms, hence securing its infrastructure and communication rails across its web and mobile application. Coinchange also successfully passed security audits of its AWS servers.
Bug bounty programs and code analysis tools are used to secure the platform allowing users to have an uninterrupted and secured access to their assets.Regarding the on-chain elements, proxy contracts (type of contracts that Coinchange uses) do not carry any investment logic; they just forward the instructions to other smart contracts preventing control/power escalation.
They also prevent loss of funds since they do not have ownership rights. Finally, Coinchange uses AWS security manager to securely store Web 2.0 and certain Web 3 keys which are encrypted and can only be decrypted by specific contracts.
IT and Downtime
Definition
Coinchange or its Cloud Service providers may periodically conduct maintenance on the Platform which may cause temporary downtime and difficulties accessing the platform, causing delays or cancellation of pending orders and transfers. It may also prevent users from submitting new transactions or modifying existing ones.
Migitation
Coinchange has implemented redundancy in its infrastructure by utilizing different cloud providers located in various regions to minimize the likelihood of downtime and its impact on the Platform.
Access Risks
Definition
Using mobile and/or web-based trading and earning technologies poses risks, such as latency in prices and rates and connectivity issues (including mobile network usage).
Order prices and Earn rates displayed on the Platform are only indicative and may not reflect the actually executed price or earned rates.The Platform utilizes public communication network circuits for the transmission of messages.
Coinchange shall not be liable for any and all circumstances in which Users experience a delay in price quotation or an inability to transfer or withdraw assets caused by network transmission problems or restrictions or any other problems outside our direct control.Coinchange’s mobile applications may require Users to download and install updates to the application or to their device’s operating system as such updates are made available.
Failure to do so might lead to certain parts of the Services (including trading/Earn account functions) becoming inaccessible to Users until such an update has been successfully downloaded and installed.Coinchange on-chain elements can have specific logic and must use certain functions in different smart contracts on the blockchain.
A change in the address of which smart contract to interact with, and which function to call or wrong configuration of roles and power, can result in delay or in worse case scenario loss of funds. Specifically, when new smart contracts get deployed, malicious actors (internal actors, already having access or external actors, gaining access) could deploy flawed contract logic sending funds to a malicious controlled address resulting in loss of funds.
Migitation
Coinchange mitigates access risks by using least responsibility schemes for access to systems and data internally. It protects the platform from data leak and power escalation in case of a malicious actor gaining control of an employee's access.
We make use of VPNs for connections to internal services and platforms. Coinchange uses expiring passwords for employee access so that even if such information were to leak, the passwords would not work anyway. Coinchange configuration smart contracts (mentioned above) are verified before deploying on chain and it constrain the execution environment to a specific set of functions. Even if a malicious actor were able to gain access to these contracts, they would not be able to withdraw or send funds to their own address.
This is because the contract’s interaction uses the concept of operator/deployer/beneficiary where funds are secured by multi-sig ownership. It is important to note that this framework represents a universal bytecode execution machine where the bytecode is any strategy-level complex action. On-chain smart contracts are fully auditable and thoroughly tested.
Crypto-Related Counterparty Risk
Crypto-related counterparty risk comes from the protocols, the crypto assets and the blockchains (i.e counterparties) Coinchange interacts with. It is important to note that the risks of interacting with DeFi protocols, assets and blockchains as a standalone user are relatively similar to those faced by Coinchange. The main difference is the mitigation processes in place and the expertise of the agent interacting with them.
Risk list: Coinchange deploys strategies on four blockchains: Ethereum, Binance Smart Chain, Avalanche and Polygon. Coinchange strategies accept and deploy client assets to various DeFi protocols (AAVE v2-3, Uniswap v3, TraderJoe, Pancakeswap, Curve, Venus, BenQi, 1Inch, Pangolin, Lido and Alpaca Finance), where each strategy has an algorithm and a set of currencies that it works with. The strategy is able to convert and deploy the assets, and later return them to the original asset upon withdrawal, mainly: USDT, USDC, DAI, ETH, BTC. To learn more about how we diversify their allocation, read our Asset Allocation Report of December.
Below is a detailed list of the crypto- related counterparty risks that Coinchange carries when interacting with DeFi.
Smart Contract Risk
Definition
A smart contract vulnerability can be caused by bugs (intentional or unintentional) or mis-configuration which if exploited by an attacker, can lead to loss of funds if the attacker steals the funds controlled by the smart contract. Specifically, smart contract risk can come from oracle vulnerabilities, flash loan vulnerabilities, and unpatched bugs/exploits in forked code. When exploited, smart contracts can lose all or some of the assets they control,which ultimately depends on the operational risk that the protocol carries.
Operational Risk
Definition
It relates to the team, the protocol’s ability to execute on its vision, its business model and its ability to react to unforeseen events. Some business models are not viable in the long term or have been known to fail. Operational risk for Decentralized application and blockchain have some overlap with cybersecurity risk for Web 2.0 Fintech companies.
For example, theft of funds may occur through the creation of backdoor or unauthorized use of admin control over the smart contract by team members or employees. This can also happen through connecting to a phishing attack website or a hacked web domain allowing malicious actors to take funds for themselves while appearing to use the legitimate website (which doesn't apply to Coinchange since it directly interacts with the protocol’s smart contracts instead of the website).
It can also be the team’s inability to deliver or insufficient expertise in blockchain development or devOps leading to poorly deployed code increasing the smart contract risk or Liquidity/Financial risk.
Liquidity/Financial Risk
Definition
This risk pertains to the liquidity of the protocols and pools for strategies. Lack or poor liquidity can lead to adverse effects when running strategies and even cause loss of funds in some cases. Examples include high slippage, inability to exit position or avoid liquidation, pool draining, and hyperinflation of token value.
Here we also have the stabilization mechanism of certain assets that can break due to imbalanced supply/demand mechanisms or simply unavailability of stabilization mechanisms at one point in time which can lead to liquidation or liquidity crunch forcing an agent to lose funds.
Decentralization Risk
Definition
Decentralization risk refers to the effective control that any party has over the protocol and is closely tied to operational risk related to the team. This type of risk can also apply to blockchains. It arises when someone (either the team or a malicious actor) gains power over the smart contract by using the governance-related “admin” smart contracts for nefarious actions.
Main risks include stakeholder power over the governance process, the consensus method, threshold requirements, control and lack of disclosure.
Mitigation of Crypto Related Counterparty Risk
The DeFi research team has created 3 (soon 4) frameworks for risk assessment and analysis of the protocols, assets and blockchains it interacts with. These frameworks form the DeFi Risk Assessment Frameworks (DRAF) which guide Coinchange Framework for Algorithmic Yield Strategies (FAYS) when deciding which protocol to select for strategy prioritization and deployment by providing risk estimates. Three out of the four frameworks assess the risk pillars highlighted above. The fourth framework (Crypto Asset Risk Assessment Framework) has different risk considerations and puts a lot of emphasis on the regulatory aspect of the crypto asset. Below is a list of those frameworks and which counterparty risk it focus on:
1. The Protocol Risk Assessment Framework is the key here to first analyze and decide what steps are required to safely interact or not interact at all with a protocol. It assesses up to 85 individual data points and up to 28 graded questions to provide a numerical risk score to smart contract, operational, liquidity/financial and decentralization risk of protocols1.
2. The Blockchain Risk Assessment Framework allows Coinchange to analyze and decide which blockchain should be prioritized for deployment and which should not be interacted with. It assesses up to 90 individual data points and up to 32 graded questions to provide a numerical risk score to smart contract, operational, liquidity/financial and decentralization risk of blockchains.
3. The Crypto Asset Risk Assessment Framework enables Coinchange to only allow best in class assets on its platform and to its users by thoroughly vetting them.
4. The soon to be finalized Bridge Risk Assessment Framework will allow Coinchange to analyze and decide which bridge to favor in the crosschain ecosystem where Coinchange deploys its strategies.
Earn Account Strategy Risk
Coinchange strategies are automated systems, based on proprietary financial models that rebalance funds in the DeFi ecosystem as per changing market conditions. As such Coinchange yield products carry cyber risk and crypto related counterparty risk (see sections above).Coinchange earns yield income from trading fees, lending, staking and liquidity mining. This income is often increased using automated leverage.
Liquidity Provisioning (LP) Strategies
Strategy description
LP strategies are based on participation in DEX/AMM protocols (Decentralized Exchange/Automated Market Maker). LP plays an important role in Coinchange yield generation vision as it generally provides stable and uncorrelated returns, agnostic to the direction of the market. DeFi protocols involved in Coinchange LP strategies include Uniswap, PancakeSwap, TraderJoe; Pangolin. Currently those strategies run on Binance Smart Chain, Ethereum and Avalanche.Our strategies maximize yield while keeping the market exposure neutral. Complex hedging and proprietary algorithms are used to maintain the position and eliminate the risks associated with LP pools that involve volatile currencies such as Ethereum. Additionally, Coinchange strategies take advantage of the staking of reward tokens provided by associated AMM protocols.
Risk Explained
Below is a table summarizing the risk exposure that the underlying protocol and liquidity provisioning strategies carries.
Risk Pillars
Protocol risk
Strategy risk
Smart Contract Risk
Unintended bug is exploited by malicious actors allowing funds to get stolen.
Smart Contract Risk
Operational Risk
Loss of funds due to exploited contract upgrade by the team
Inherited from protocol risk
Liquidity
/Financial Risk
Trading volume and pool TVL dry up; lack of liquidity for token being exchanged
Impermanent loss if CCF hedging does not work; inability to withdraw liquidity
Decentralization Risk
Admin key or token holder vote to change AMM parameters adversely
Admin key change/token holder vote to change parameters adversely; i.e: change in trading fee schedule or withdrawal process
Strategy Risk & Mitigation detail
Impermanent Loss (IL) risk exists for strategies involving half-stablecoin or non-stablecoin pools. Stablecoin-only pools do not have such risk. Complex hedging and proprietary algorithms are used to maintain a market-neutral position almost eliminating the risk of IL. LP strategies are prone to pool liquidity draining risk coming from the agent depositing and the token the pool contains.
Coinchange mitigates liquidity risk by deploying funds to pools with high liquidity on top of other metrics and thresholds guiding the selection process. Part of the yield for such strategies comes from token rewards which are volatile in nature. The strategy compounds the rewards by frequently re-depositing these rewards back to the underlying pools token to prevent loss of yield due to price volatility.
Lend/Borrow and Arbitrage Strategies
Strategy description
DeFi lending protocols (Money Market Protocols - MMP) such as AAVE, Venus and others are at the core of this family of strategies. Coinchange strategies are able to maximize earnings using proprietary financial models to maintain optimal collateral levels (with respect to liquidations), stack multiple borrow/lend cycles, and include reward tokens in the yield cycle. Coinchange also utilizes complex strategies that earn on arbitrage opportunities in the lend/borrow protocols. These strategies benefit from faster markets with higher levels of activity and volatility.
Risk Explained
Below is a table summarizing the risk exposure that the underlying protocol and lending/borrowing strategies carries.
Risk Pillars
Protocol risk
Strategy risk
Smart Contract Risk
Unintended bug is exploited by malicious actors; liquidation not working as intended
Unintended bug in the proxy contract Coinchange use for deployment or function to call in target smart contract
Operational Risk
Loss of funds due to exploited contract upgrade by the team
Loss of fund due to delay in Coinchange algo for exiting position
Liquidity/
Financial Risk
Oracle price feeds report collateral prices that force the position to get liquidated. Lack of borrowing demand leads to low yields
Liquidation of position if CCF algo does not work; inability to remove liquidity because of high utilization rate
Decentralization Risk
Admin key or token holder vote to change MMP parameters adversely (accept risky asset with lenient parameters)
Admin key change /token holder vote to change parameters adversely; i.e: change in lend/borrow rate
Strategy Risk & Mitigation detail
Strategies using MMPs are prone to liquidations under extreme market conditions. Our strategies make use of proprietary financials models and algorithms that automatically manage borrow positions based on their health factor mitigating liquidation risks while maximizing return. All strategies in this category earn in the same token as the deposited one, which protects assets from volatility mismatch if strategy were to earn with a volatile token when the deposit token is a stablecoin (SBC).
Arbitrage opportunities suffer the risk of interest rate and price fluctuation that can quickly turn an open position unprofitable as borrowing cost eats up the profit and price volatility can liquidate your position. Coinchange strategies perform those arbitrages atomically within one block leaving no chance to the market to catch the strategy off guard with higher interest rate or price while performing the trade.
Staking Strategies
Strategy description
Staking strategies take advantage of specialized opportunities where staking is the primary mechanism for yield generation. One such strategy takes advantage of the pegged nature of staked Ethereum and uses it to boost the returns of regular Proof-of-Stake (PoS) Ethereum staking. The strategy applies to all liquid staking derivatives of PoS blockchain token, provided certain thresholds and requirements are met during analysis and modeling.
Risk Explained
Below is a table summarizing the risk exposure that the underlying protocol and staking strategies carries.
Risk Pillars
Protocol risk
Strategy risk
Smart Contract Risk
Unintended bug is exploited by malicious actors; slashing of the validator stake
Unintended bug in the proxy contract Coinchange use for deployment or function to call in target smart contract
Operational Risk
Loss of funds due to exploited contract upgrade by the team; centralization of control in the team
Loss of fund due to delay in Coinchange algo for exiting position
Liquidity/
Financial Risk
Oracle price feeds report collateral prices that force the position to get liquidated. Lack of liquidity for token being exchanged
Liquidation of position if CCF algo does not work; inability to remove liquidity because of high utilization rate
Decentralization Risk
Admin key or token holder change liquid staking protocol parameter adversely (unavailability of funds or reward for certain period of time - cooldown)
Admin key change /token holder vote to change parameters adversely; i.e: change in reward distribution schedule
Strategy Risk & Mitigation detail
These strategies have exposure to the de-peg risk of the underlying liquid staking derivative (the asset). However measures are in place to mitigate such risk like hedging the market exposure on top of algorithmic threshold and triggers for exiting the position. The strategy is also exposed to liquidation from MMPs which are mitigated with our proprietary algorithms - which are a variation of the one used for lending/borrowing strategies - that automatically manage and rebalance the position to avoid liquidations and maximize the earnings.
Glossary Terms
DeFi
Decentralized Finance is a system of financial applications and services built on top of a blockchain.
Smart Contract
A "smart contract" is a self-executing piece of code that runs on EVM-compatible blockchains such as Ethereum, and resides at a specific address on the blockchain. Smart contracts can have balances of funds, can execute functions based on trigger events or arbitrary execution at a certain point in time. User accounts interact with a smart contract by submitting transactions that execute predefined functions.
Off-chain & On-chain
Off-chain literally means any computation or logic happening outside of blockchain on centralized servers be it Microsoft Azure, Amazon Web Services or any other cloud server provider. On-chain literally means any computation or logic taking place on a blockchain. On-chain elements for the most part consist of smart contracts, proxy smart contracts and externally Owned Addresses (EOA - address not controlled by a smart contract but an individual or a group).
Centralized Decentralized Finance
A centralized company operating solely in DeFi, most often to generate yield (passive income). The company is considered centralized because it can enable fiat money to be on-ramped to crypto or have a major part of its infrastructure and legal entities in the “real world” and not on-chain.
FAYS
Framework for Algorithmic Yield Strategies (FAYS) consists of a set of tools, templates, and processes with the objective to quickly create and manage effective, secure and fully automated strategies for yield generation. The capabilities of the FAYS are demonstrated by the robust data-backed portfolio of sophisticated strategies currently in operations.
DRAFs
DeFi Risk Assessment Frameworks (DRAFs) consist of framework templates for risk assessment and analysis of the protocols, assets and blockchains that Coinchange interacts with. The DRAFs guide our Framework for Algorithmic Yield Strategies (FAYS) when deciding which protocol to select for strategy prioritization and deployment.
Impermanent Loss
Impermanent Loss (IL) refers to the incurred loss by a Liquidity Provider in an Automated Market Maker liquidity pool due to the price fluctuation of one token relative to the other, caused by the constant product curve used by such protocol to allow automated trading/rebalancing of the pool’s liquidity.
Coinchange Financials, Inc.
261-250 University Avenue
Toronto, Ontario M5H 3E5 CANADA
Coinchange Financials Inc.
Corporation Trust Center 1209 Orange St.Wilmington,
DE 19801 USA
Coinchange Financials Sp. z o.o.
3 Romana Dmowskiego Street, Office 9,
Wrocław 50-203, POLAND
Note: Crypto assets are not legal tender, are not backed by the government, and crypto accounts held with Coinchange are not subject to FDIC or SIPC protections. The value of crypto assets are not static and can fluctuate substantially. Not all products and services are available in all geographic areas and are subject to Coinchange’s applicable terms and conditions. Eligibility for particular products and services is subject to final determination by Coinchange. Rates for our products are subject to change. Nothing on this website should be construed as a recommendation for any action. Coinchange is registered as a Money Services Business (MSB) number 31000185193236 with the US Financial Crimes Enforcement Network (FinCEN).