└── README.md /README.md: -------------------------------------------------------------------------------- 1 | # Discussion Draft DeFi Principles 2 | ## 1. Introduction 3 | 4 | Traditional financial regulation largely is based on pursuing policy objectives via the regulation of financial intermediaries that typically custody assets or clear transactions. Because the decentralized finance (DeFi) ecosystem establishes trust via rules-based, encoded protocols maintained by numerous independent parties around the world instead of intermediating financial institutions, this traditional regulatory approach does not transpose onto, or account for the features of, the DeFi ecosystem. 5 | 6 | Thus, achieving long-standing policy objectives in the DeFi ecosystem necessitates updating current regulatory frameworks and methodologies—a critical and challenging task. Reaching mutual appreciation of core policy objectives and the functionality of this new technology and successfully modernizing existing regulatory approaches will require the cooperation and coordination of policymakers, market participants, and other stakeholders inside and outside the DeFi ecosystem. 7 | 8 | DeFi ecosystem participants’ pro-active adherence to principles that vindicate long-standing policy objectives could meaningfully contribute to this critical endeavor. The principles listed in this document are intended to start a conversation to that end, not only among DeFi users, developers, and investors, but also between the ecosystem and policymakers. 9 | 10 | *These principles, put together by a group of DeFi participants, are an attempted “first shot” at this effort. They're intended to foster discussion of and debate over these ideas and the premise more broadly. The success of efforts like this one requires a spirited competition of ideas and broad buy in. Together, wgmi.* 11 | 12 | ## 2. Illicit Activity Prevention 13 | 14 | DeFi market participants should commit to adopting a risk-based approach to preventing illicit financial activity that leverages and supports the distinctive innovations of distributed ledgers and decentralized finance. A risk-based approach should include the development and implementation of advanced technological solutions that effectively deter, detect, and disrupt illicit activity, such as money laundering, terrorist financing, and other national security threats, while preserving individuals’ privacy and enabling greater access to financial products. Market participants’ commitment to a risk-based approach to mitigating the illicit use of DeFi protocols should recognize that privacy is essential to security and the minimization of vulnerabilities, including the potential for identity theft and exploitation. 15 | 16 | ## 3. Development & Launch 17 | 18 | ### A. Code Review, Audits, and Testing 19 | 20 | Before deploying a DeFi protocol on the mainnet of a blockchain network, development teams should ensure the protocol’s code has undergone testing according to current best practices and consistent with the level of risk involved in an application's use. Currently, development teams may wish to consider ensuring: 21 | 22 |       *(1) the code is reviewed internally;* 23 | 24 |       *(2) a full peer code review is performed, recommended changes to the code are made, and steps 1-2 are completed on any changes;* 25 | 26 |       *(3) if an independent security review is performed, the changes reviewers mark as severe are made, other recommended changes are considered, and steps 1-3 are completed on any changes;* 27 | 28 |       *(4) both individual smart contracts and the interactions between smart contracts are thoroughly tested; and* 29 | 30 |       *(5) the on-chain state of contracts are validated following each phase of deployment.* 31 | 32 | ### B. Blockchain Standards 33 | 34 | A DeFi protocol should be deployed on a permissionless blockchain network, the consensus rules of which are not modifiable by a single person, entity, or coordinated group of persons or entities known to one another that do not act independently. 35 | 36 | ### C. Governance Decentralization 37 | 38 | A DeFi protocol’s governance structure (if any) should ensure that no single person, entity, or coordinated group of persons or entities that do not act independently can unilaterally control governance or block or approve transactions on the protocol. 39 | 40 | ### D. “Guarded” Launch 41 | 42 | A DeFi protocol should consider initially launching with controls in place appropriate for the nature of the protocol, such as liquidity caps, to allow for use of the protocol without significant risk of capital loss to users. If any bugs or potential attack vectors are discovered during the “guarded” launch, then the development team should address such bugs and attack vectors. 43 | 44 | ### E. Deployment of New Code 45 | 46 | Before any changes to a DeFi protocol’s deployed code are implemented, the new code should follow the same procedures set forth in this section. 47 | 48 | ## 4. Transparency and Disclosures 49 | 50 | The information set forth in this section, and any material changes to the information set forth in this section, should be made available on a freely accessible public website as soon as practicable. Conspicuous hyperlinks to the information will satisfy these requirements. “Verifiability” means the ability to independently ascertain the truth of the information disclosed. To the extent that information regarding trades executed through a protocol is made available, it should be provided on a non-discriminatory basis. Avoid making inaccurate or misleading statements regarding trade volumes or available liquidity, and if such volumes or liquidity is disclosed, the methodology for calculating the same. 51 | 52 | ### A. Open Source Code and Transaction Verifiability 53 | 54 | Before deploying a DeFi protocol’s audited source code on a blockchain network, a text listing of commands to be compiled or assembled into an executable computer program used by participants to access the protocol, amend the code, and confirm transactions, as applicable, should be published pursuant to an open source license. All transactions on the protocol should be publicly verifiable, and a narrative description of the steps necessary to independently access, search, and verify the transaction history of the protocol, as applicable. 55 | 56 | ### B. Token Economics 57 | 58 | The economics of a DeFi protocol’s associated token, if any, should be disclosed and independently verifiable. This information should include the token’s launch process, generation process, supply cap, release schedule, initial allocation, total outstanding amount, and how changes can be made to the protocol’s token economics, if applicable. 59 | 60 | ### C. Earnings 61 | 62 | Disclosures should include an explanation of the potential earnings of a user, including through mining, staking, liquidity provision, liquidations, funding rates, or any other way in which a user may produce earnings using the protocol. This information should include an explanation specifying the common circumstances that could result in a user not receiving those earnings. 63 | 64 | ### D. Fees 65 | 66 | Disclosures should include an explanation of the potential fees a user may incur, including through mining, staking, borrowing, liquidity provision, effecting liquidations, being liquidated, or any other way in which taking an action on the protocol may result in a user receiving less value than a typical user would otherwise expect to receive should be disclosed, including the common circumstances that could result in such user incurring those fees. 67 | 68 | ### E. Equity Financings, Prior Token Sales, and Related Commitments 69 | 70 | Prior token allocations, sales, or commitments—and any limitations or restrictions (e.g. vesting schedules) associated with them—should be disclosed and, to the extent possible, independently verifiable. 71 | 72 | Any restrictions or commitments (e.g. development limitations, prior equity holder approval right before launch, protections tied to protocol activity, etc.) associated with equity financings that affect the development or operation of a protocol should be disclosed and, to the extent possible, independently verifiable. 73 | 74 | ### F. Governance Rights and Process 75 | 76 | Information related to the following should be disclosed: 77 | 78 |       *(1) whether and the extent to which a DeFi protocol is governable;* 79 | 80 |       *(2) what powers governance can exercise over the protocol;* 81 | 82 |       *(3) how the terms and the scope of governance powers can be modified;* 83 | 84 |       *(4) how any single person, entity, or coordinated group of persons or entities can unilaterally control may modify the protocol, including the effect of those changes on users, any required time delays when making those changes, and the manner in which those changes may be made;* 85 | 86 |       *(5) how governance rights are distributed and exercised;* 87 | 88 |       *(6) how the governance process works;* 89 | 90 |       *(7) how a person can participate in governance;* 91 | 92 |       *(8) how a person can exit a protocol and governance; and* 93 | 94 |       *(9) the identity of any person or entity, or group of persons or entities under common control, holding more than 1 percent of the voting power of the governance mechanism, a description of any limitations or restrictions on the transferability of tokens held by such persons to participate in governance, and a description of any rights held by such persons to obtain tokens in the future in a manner that is distinct from how any third party could obtain tokens.* 95 | 96 | ### G. Negative Events 97 | 98 | Any event or situation that materially affects in any way the normal and expected functionality of a DeFi protocol should be promptly disclosed and information to independently verify such an event or situation should be made available. Developers of DeFi protocols should develop and test predefined procedures for responding to such an event or situation. 99 | 100 | ### H. Third-Party Networks, Protocols, and Oracles 101 | 102 | A list of all third-party blockchain networks, protocols, or oracles on which the DeFi protocol relies to function as disclosed to users and a link, if available, to information regarding that third-party blockchain network, protocol, or oracle. 103 | 104 | ### I. Risks 105 | 106 | Inform users of the DeFi protocol that a high degree of risk exists when using the protocol, which may result in a loss of funds. Conduct periodic reviews of risk, including reviews of underlying risk assumptions. 107 | 108 | ### J. Communications 109 | 110 | The information hub should include information about any official communication channels, including for discussion of technical matters related to the protocol. 111 | 112 | ## 5. Market Integrity 113 | 114 | ### A. Manipulation and Fraud Prevention 115 | 116 | DeFi market participants should not: 117 | 118 |       *(1) engage, or attempt to engage, in any manipulative conduct or scheme to defraud;* 119 | 120 |       *(2) make, or attempt to make, any untrue or misleading statement with respect to material information or omit to state any material information in order to make information made available not untrue or misleading;* 121 | 122 |       *(3) engage, or attempt to engage, in any act, practice, or course of business to, or to attempt to, defraud or deceive any person; or* 123 | 124 |       *(4) deliver, cause to be delivered, or attempt to deliver or cause to be delivered false, misleading or inaccurate information that affect or tend to affect the price of any asset, knowing or acting in reckless disregard of the fact that such information is false, misleading or inaccurate.* 125 | 126 | ### B. “White Hat” Incentivization 127 | 128 | Developers of DeFi protocols should incentivize benign testing and auditing of the code they write, such as by implementing a “bug bounty” program. 129 | --------------------------------------------------------------------------------