Some issues in defi centralisation

Lev Livnev (Symbolic Capital Partners / dapp.org)

if running javascript downloaded from some trusted domain: (practically, most users) trust the operator with all accounts touched
also a security risk
- e.g. Dec 2017 Etherdelta website hack
decentrally-hosted frontends have struggled for some reason
- e.g. IPFS-hosted oasis frontend didn't take off
increasing use of aggregators/alternative frontends passes the baton
- auditing frontends is probably even worse than auditing contracts

potential impact quite mild
- helps if exchanges commodified/interoperable: "you had one job"!
detecting might be difficult
some ongoing work on creating tamper-resistent centralised matching engines, e.g. Nocust/TEX

evaluating the worst-case impact of USDC shutdown on defi system
- on-ramp
- makerDAO collateral
- money markets (e.g. USDC is about 20% of Compound)

oracle compromise can usually wreck the system, and sometimes even steal funds
no viable on-chain oracle designs have been deployed, but:
- growing DEX liqudity (makes on-chain sources interesting)
- advanced in verified computation (makes on-chain sources tractable)
e.g. reduced oracle reliance in MCD
- oracle compromise can possibly be catastrophic but:
  - feed delay gives a chance to escape
  - auction-based liquidations reduces profit opportunity

some are subtle
some owners aren't that privileged
- e.g. formally the oasis contract has an owner but all they can do is shut down the exchange
some definitely are
- e.g. IDEX: lock your funds indefinitely
- e.g. Compound: totally upgradeable, i.e. all funds can be drained
DAOs of "stakeholders" for protocol governance worth trying
- lack of legally binding duties seems like an issue