DeFiSafety Quality Certificates

DeFiSafety is evolving from just publishing ratings on DeFi protocols to issuing safety certificates and we need the support of protocols like Aave. We can’t go into the next bull run expecting investors to DYOR on protocol safety. We have been reviewing Aave since we started in June 2020 then July 2021 and most recently on Mar 2022. We ask Aave to purchase a certificate and support the creation of certificates.

What are we asking for?

• Pay for the certification. It is an annual payment. At the moment we are considering US $15k per year.
• Support the DeFiSafety quality certification concept in marketing and discussions.

What do you get?

• Your site is quality certified by DeFiSafety. This certification should assist investor both retail and institutional about the safety of your protocol.
• Certification will bring customers! Not understanding risk is a big inhibitor for investors both retail and institutional. Certification brings revenue and will rapidly pay for itself.
• DeFiSafety certified badge for your website. Badge on our website and our reports
• Your rating is on the public side of the Protocol score website, not behind the paywall
• Non transferrable certificates deposited to your wallet addresses allowing wallets to declare yourself certified before users click confirm
• Ability to participate in developing the revised standards

Why Certificates?

DeFi desperately needs accepted quality standards. Asking investors to do DYOR on safety is ridiculous. It is too complex.

DeFi protocols can be immensely safe if they follow good processes and have good, mature code. Quality Certificates make determining this easy. A good protocol is transparent about these things and our reviews highlight this. But a protocol can also be designed to facilitate fraud, or just be sloppy in execution. Our reviews have been detecting relative security design and processes effectively for years.

A certificate that the industry supports is the easiest way to communicate safety.

Expecting the user to self research for technical safety is unreasonable. You don’t do it for tires, for gasoline or for mutual funds. Can you imagine reading a rubber deformation report to determine if a set of tires is good for your car in the winter. Of course not. If the snowflake badge is on the tire, you are good. Yet the Aave security page has a list of audits on it. Before the next bull run starts, we must have simple quality standards implemented.

When regulators inevitably look at DeFi, they will impose quality standards as part of the regulation. If we already have working quality standards, they will accept what we use. If we do not have a quality standard (as we are today), they will develop one without much consultation. We need standards today.

Why DeFiSafety?

DeFiSafety has been rating DeFi protocols for almost 3 years. We are an independent and ratings (using our transparent process) is our only product. This means our reputation is vital to us and we strictly maintain it.

Our process is transparent and this keeps us honest, as it does with DeFi. If we cheat, anybody can compare our report with the public data and out us, destroying our reputation.

Can’t a DeFi Protocol just buy a certificate?

Before we can offer a certificate to any protocol, it must have a passing (70%) score, based on our latest public report.

Centralization

DeFiSafety is centralized. Though we have been deep in DeFi since early DeFi summer, we chose a centralized format. DeFiSafety is a Canadian incorporated company. Just after we started, Prime Rating , of Prime DAO, tried a fully decentralized rating organization. I supported Luc in this effort. After more than a year, a centralized structure works better. Rating is a not incredibly exciting task yet needs a stable team to build consistent ratings. As a straightforward job, it works.

We are not against evolving our structure or our funding into something more decentralized.

We want to support the space. We want our ratings to become the standard for the industry. We want to be trusted. We do not have a token.

Will Aave consider this proposal?

Hi @RexShinka -

Thanks for your interest in Aave and what you’re building at DeFi Safety.

Due to the size of the request, this feels a better fit for Aave Grants, versus a full proposal.

Check it out here and submit an application!

Hi understood. More than the funding, we are asking if AAVE accepts that certificates are a good idea, that they will put the resulting DeFiSafety badge on the AAVE website and perhaps pump the idea to other protocols. What are your thoughts on this aspect?

Ah, that seems like a much bigger ask then.

Adding a “badge” on the Aave Website, although very cosmetic, may qualify as UI upgrade.

@AaveCompanies expressed a willingness to own these sorts of upgrades in the future so it may be best to talk with them. Previously, they were voted on via Snapshot.

OK, understood. Would love to here their opinion.

I have a lot of questions about your rating system but that would probably be misplaced here.

The main motivation for the protocol would be to insure potential users of the protocols safety. Yet you have a paywall in place with (in part) hefty pricing. What exactly can a normal user, who doesn’t want to pay >50$ for a subscription see? Can they see the full reports? Is there a time lag between public reporting and reporting for the subscriber base? Basically the question is how limited a non-subscribed user would be.

Also, and this is very important. You claim “independence” from the protocols on your website.

DeFiSafety is fiercely independent. We intentionally avoid any conflicts of interest that might impinge on our mandate. We do not accept payment to create or modify in any way the ratings of projects under review.

You kind of do accept payment from the protocol if you ask for a “certification fee”, though. Because at some point, because it wouldn’t be profitable otherwise, you just wouldn’t audit the protocols that are not willing to pay for certification anymore. There is also an incentive for you to manipulate the scores (to >70%) because if you do, another year of guaranteed revenue comes your way, because obviously in that case the protocol is going to extend. This is a very clear conflict of interest. Are you beholden to your paying users, who want accurate scoring, or are you beholden to the protocol, who want to have/retain their “certificate”.

All of our ratings are here. They are public. There is no time lag. The full detailed reports are available and public for every review. We maintain our integrity through transparency. This is the same as Aave. If either of us cheat, a member of the public can check and destroy our reputation. This also assures we won’t manipulate the scores to maintain revenue. Our armor is transparency, same as it is for DeFi.

“DeFiSafety is fiercely independent”, but we must have a financial model that allows us to survive. How will we pay salaries? VCs won’t touch us. Our revenue stream is too small for their investors. Gitcoin grants aren’t sufficient or stable enough to run a team. Our users and community won’t pay. They expect the product for free. Certificate payments might make a viable business model if enough protocols support it. For this reason, I am asking that Aave publicly support the certificate model after purchasing one.

We cannot expect users to read detailed reports (from DeFiSafety or auditors) to determine safety. We must develop our own quality system with a simple badge that tells users what is good. If we do not embrace a quality system quickly, what do we say when Moody’s or PWC impose their own?

Certificates are our proposal to survive, avoid conflict of interest through transparency and improve the defi space.

DefiSafety has been active in the space for a good while, providing quite detailed reports since Aave v1 and never asking for payment from our understanding.

The question should not be if it is legitimate to support the project and get a certificate, it is if the DefiSafety team applied for a grant, and if so, was it given or not?

Obviously, we advocate for the DAO to be selective on this type of engagement/support, but with the track record of DefiSafety and requesting a budget of $15k per year, our opinion is that there should not be doubts on agreeing.

Thank-you for your support. We will place a Grant up without delay. BTW I will be at EthDenver and would love to talk with AAVE about Quality Certifications and the role of quality organizations in DeFi.