The Enterprise Ethereum Alliance (EEA) has launched Version 1 of its decentralized finance (DeFi) Risk Assessment Guidelines, a document to identify and mitigate DeFi protocol risks.

The EEA’s DRAMA Working Group developed the guidelines, collaborating with organizations such as Consensys, Hacken, CertiK, Quantstamp, OpenZeppelin, Banco Santander, Bitwave, and others.

The document serves as a resource for DeFi protocol regulators, developers, investors and users for risk identification and the provision of strategies to manage them.

Dyma Budorin, co-chair of EEA DRAMA and CEO of Hacken, explained that the guidelines offer a comprehensive standard that “resource founders and dev teams can rely on while working on their products.”

Guideline details

The DeFi Risk Assessment Guidelines cover a range of risks relating to governance, tokenomics, software, liquidity, regulatory compliance, and external market factors.

The guidelines detail specific issues affecting various software types, such as oracles, smart contracts and bridges, and they address security and interoperability issues that can arise.

The document describes DeFi best practices for risk management in the aforementioned areas, such as user education, bug bounty programs, stress tests, security updates, data encryption and more.

Speaking with Cointelegraph, Chaals Nevile, Director of technical programs at EEA, explained that “the Working Group proposes to maintain the Guidelines, publishing periodic updates as necessary.”

“This is specifically intended to respond to new threats and changes in technology, but also to deal with the fact that the standards and regulatory landscape continues to evolve."

Implications for different parties

The guidelines provide the documentation, processes, and workflows to support founders and developers in safely and reliably developing and managing DeFi protocols.

For regulators and licensing authorities, the guidelines function as a framework for assessing and licensing DeFi projects.

This framework is already being used to update requirements for DLT foundations seeking licenses from the Abu Dhabi Global Market (ADGM), the United Arab Emirates (UAE) regulator.

Why the Guidelines are needed

The attack on the Li.Fi protocol on July 16 is an example of the necessity of DeFi risk assessment and preventative measures that can be taken in the space.

The hackers exploited a specific contract address, draining over $10 million in multiple cryptocurrencies before shifting the funds through zero-knowledge (ZK) protocol Railgun.

Although the breach was quickly mitigated and the community notified to prevent further losses, it highlights the vulnerability inherent in DeFi protocols.