Llama Legal: Curve Decentralization Assessment

Llama Legal: Curve Decentralization Assessment

Llama Legal: Curve Decentralization Assessment

Aug 26, 2024

Useful Links:

Abstract

In this report, our primary objective is to conduct a comprehensive review of the Danish Financial Supervisory Authority's (DFSA) decentralized assessment techniques. Our initial focus is to gain a deeper understanding of how policymakers perceive decentralization and their approach to establishing legal boundaries. As part of this analysis, we will provide a detailed overview of how Curve currently functions at each assessment point, including an examination of its relevant features and protocol design. Through this, we aim to demonstrate that Curve has achieved the necessary level of technical and governance decentralization. Additionally, our methodology includes a test scenario to assess the protocol's ability to operate independently in the event of front-end access termination, as well as the identification of alternative access avenues to core Curve smart contracts. Finally, we will identify potential vulnerabilities that may be subject to scrutiny by competent authorities conducting a hypothetical decentralization assessment on Curve and offer recommendations to the DAO on implementing reasonable preventive measures to address any identified weaknesses.

Background

In June, the Danish Financial Supervisory Authority (DFSA) published a pivotal paper on decentralized finance (DeFi). The purpose of this briefing is to instruct participants in the crypto-asset markets about the DFSA’s principles for evaluating decentralization. Currently, many DeFi actors rely heavily on an exemption from regulatory oversight broadly outlined in MiCA’s Recital 22, which states: “Where crypto-asset services are provided in a fully decentralized manner without any intermediary, they should not fall within the scope of this Regulation”. However, this provision does not guarantee a safe exit from licensing obligations for any project claiming to be decentralized. A thorough assessment of DeFi's development and the necessity and feasibility of regulating decentralized finance is to be carried out and presented by the EU Commission by 30 December 2024, after consulting the European Banking Authority (EBA) and the European Securities and Markets Authority (ESMA).

Given this context, the DFSA document is of significant importance, providing essential guidance on the elements forming the basis for assessing when the activities of crypto market participants can be considered fully decentralized. As a first-mover, it is likely that these principles may be adopted by other competent authorities in the EU or may even influence ESMA to develop guidelines for decentralization assessment with similar scope and depth.

The paper references regulated activities in the context of MiCA, such as providing custody and administration of crypto-assets, operating a trading platform for crypto-assets, exchanging crypto-assets, and executing orders for crypto-assets on behalf of clients. The lending and borrowing of crypto-assets are not addressed by MiCA, with its eventual regulation left for further assessment. The regime under MiCA for stablecoin issuance is developed to cover fiat-backed stablecoins, leaving crypto-collateralized stablecoins in a regulatory grey area, as their design cannot fulfill the numerous MiCA requirements drafted for centralized issuers of fiat-backed stablecoins.

Decentralization Assessment

The DFSA’s evaluation framework has two main components:

  • Technical Decentralization and

  • Decentralized Governance.

I. Technical Decentralization

Firstly, we will examine the proposed techniques for assessing whether a regulated activity is offered exclusively through the use of smart contracts that a legal entity cannot control.

1. Self-executing software is a prerequisite for technical decentralisation. The Danish FSA will therefore assess whether the software used in the provision of a regulated activity can independently carry out regulated activities in the same way as natural and legal persons.

At Curve.fi, users have the freedom to choose their actions, such as swaps or pool deposits. After completing necessary steps like wallet connection, token selection, or even more sophisticated adjustments like slippage modification, the frontend communicates the order to the respective smart contract(s). There is no intermediary involved who revises the order parameters or has the power to freeze or revert transactions. Upon execution, the user receives the respective token(s)—in the provided example, either the crypto asset they swapped for or an LP token.

An important statement by the Danish authority is that the provider of the protocol front-end shall be considered an order executor “if the provider makes available to the user the software that converts the user’s trading interests into an order entry on the DEX”. The authority seeks a company with control over the interface, which also enters into an agreement with the user for placing DEX orders through the company’s software.

This is clearly not the case with Curve’s technical setup, where no single entity claims the authority to enter into binding relationships with users. The frontend does not display Terms of Service or a similar document governing user access and respective rights and obligations of the interacting parties. Curve Resources also do not point to a particular legal entity that may be considered offering the interface as a service.

An ICANN data lookup for Curve.fi indicates that the domain registrant is Swiss Stake, domiciled in Switzerland. However, the extent of this entity's involvement with interface development and maintenance is not publicly disclosed.

Source: ICANN | Date: 18.07.2024

On this premise, Swiss Stake being the sole identifiable entity could potentially be targeted by a national competent authority of any EU Member State (not only the Danish FSA) if they have a valid claim that any of the "crypto-asset services" within the meaning of Article 3(16) of the Markets in Crypto-Assets Regulation (MiCA) is offered in the respective country and/or to Union residents.

‘crypto-asset service’ means any of the following services and activities relating to any crypto-asset:

(a)providing custody and administration of crypto-assets on behalf of clients;

(b)operation of a trading platform for crypto-assets;

(c)exchange of crypto-assets for funds;

(d)exchange of crypto-assets for other crypto-assets;

(e)execution of orders for crypto-assets on behalf of clients;

(f)placing of crypto-assets;

(g)reception and transmission of orders for crypto-assets on behalf of clients;

(h)providing advice on crypto-assets;

(i)providing portfolio management on crypto-assets;

(j)providing transfer services for crypto-assets on behalf of clients;

Source: MiCA

In such a case, an authorization under MiCA would be required solely for the activities controlled by the company. The more compelling the arguments the authority has that the company controls user flow and interactions with the DEX, the more likely it is that a higher-class license would be required. Respectively, penalties for conducting non-authorized activities could be imposed if the company fails to obtain the necessary authorization.

A potential solution may lie within the nuances of the Danish FSA report, which states that a “company cannot be considered a provider of a trading platform for crypto assets because it does not control the smart contracts that make up the DEX”. This implies that any entity providing an interface to Curve should ensure that it is entirely disconnected from the DEX smart contracts to avoid being classified as a provider of a trading platform for crypto assets.

2. The Danish FSA assesses the autonomy of smart contracts used in the provision of a regulated activity. The degree of decentralisation will, all else being equal, decrease as the degree of control over the smart contract increases.

The Pool Creation Interface allows any user to permissionlessly deploy a Curve pool, which can contain a variety of assets depending on the preferred pool architecture. Curve Factories facilitate the deployment of pools containing almost any combination of assets, whether they are stable or volatile, rebasing or not.

Each Factory is controlled by an admin, typically set to the Curve DAO; thus, any future changes, such as ownership transfers, require approval by the Curve DAO. Such a transfer must then be accepted by the new admin through the accept_transfer_ownership function.

Curve introduced a measurement system for users’ liquidity provisions, i.e., the gauge system. The gauge deployment can be done by anyone, either through the frontend or Etherscan. For a gauge to become eligible to receive CRV emissions, it has to be added to the GaugeController contract, which needs to be approved by Curve DAO.

The protocol offers the opportunity for any other token to be set as a reward outside the control of Curve DAO. The process is not completely permissionless, however, as only the admin or manager of the gauge can approve and add these token rewards.

Pool and Gauge proxies typically have three different admins representing different Curve DAO instances:

  • Ownership Admin: Controls most functionality; Ownership Admin votes require a 30% quorum with 51% support.

  • Parameter Admin: Authority to modify parameters on pools; Parameter Admin votes requires a 15% quorum with 60% support.

  • Emergency Admin: Limited authority to kill pools and gauges under certain circumstances.

CRV emissions are specifically managed by the Minter contract, which is responsible for the issuance and distribution of CRV tokens to liquidity providers. It acts as a mechanism to reward users who provide liquidity to Curve's pools, calculating the amount of CRV tokens to be allocated based on various factors such as the duration and amount of liquidity provided.

As demonstrated by the examples discussing protocol architecture specifics, smart contracts operate permissionlessly and autonomously without the intermediation of single or multiple entities. Once user inputs are made, the specified smart contract code is not subject to future modifications fundamentally changing its pre-programmed scope of actions. Pre-defined intervention rights are granted to Curve DAO, which itself is a decentralized and smart-contract-run organization. Nonetheless, the DAO rights are limited and cannot be exercised arbitrarily by a small group of DAO members.

3. The Danish FSA will assess whether one or more legal entities have immutable rights embedded in a smart contract used in the provision of regulated activities and whether these rights are of such a nature that the legal entity can be said to control the provision of the activity.

Remuneration flows are explicitly cited by the regulator, discussing a case where addresses controlled by protocol developers receive a payment for each completed trade.

Curve showcases a revenue model that dismisses any suggestion that core developers/founders benefit directly from each transaction. Curve DAO earns revenue from pools and crvUSD minting markets. Each week this revenue is collected in different tokens and exchanged for a single token (currently crvUSD), which is then distributed to veCRV holders.

An on-chain DAO vote approved setting admin fees of Curve pools to 50% of the swap fee (e.g. 0.02% of 0.04% fee). Every time a trade occurs on Curve Finance, 50% of the trading fee is collected by stakeholders who have vote-locked their CRV. The remaining 50% goes to the respective liquidity providers of the pools. All collected fees are converted to crvUSD and distributed to veCRV holders.

Besides direct exposure to revenue from protocol trading fees, veCRV holders are incentivized to vote-lock their CRV tokens to gain access to boosted CRV rewards when supplying liquidity to Curve pools.

The FeeCollector contract is the entry point for the fee burning and distribution mechanism, acting as a universal contract where all admin fees are collected. It has a flexible architecture, allowing changes to the output token into which all the various fee tokens are burned. Such a modification requires a successfully passed on-chain vote, as this contract is under the control of the Curve DAO.

The new fee collection and distribution system utilizing CowSwap's conditional orders ensures proper token burning without the need to manually add coins to burners or hardcode exchange routes. This represents a step forward in the disintermediation of revenue management, where no single party can gain control over these financial streams.

Alternative Ways to Interact with Curve Protocol

Even if Swiss Stake or any other actor with control functions over the frontend turns it off, the Curve protocol will not cease to exist. There are multiple ways to interact with core smart contracts in the absence of a primary user interface.

  1. Use Etherscan to call add_liquidity or remove_liquidity functions for depositing to/withdrawing from Curve pools. After filling in the parameters, transactions should be submitted by clicking the "Write" button.

Source: Etherscan - TricryptoUSDT | Date: 22.08.2024

  1. CoW Swap routes may be made through Curve pools. CoW Swap automatically sources the best liquidity for a trade. If Curve pools offer the best rates, CoW Swap will route through Curve. The graph below shows USDT-WETH swap routed through Curve TricryptoUSDT pool.

Source: CoW Explorer | Date: 22.08.2024

  1. 1inch integration works similarly. 1inch will automatically aggregate liquidity from various sources, including Curve, to find the best swap rate. If users want to trade stablecoins or other tokens supported by Curve, they need to choose the relevant tokens on the 1inch interface. The snapshot exemplifies crvUSD-USDC routing.

Source: https://app.1inch.io/ | Date: 22.08.2024

  1. Beefy Finance is a yield optimizer that aggregates and optimizes yield farming opportunities across various DeFi protocols, including Curve. On Beefy, users can choose a vault that corresponds to the Curve pool they are interested in, allowing them to maximize their yield efficiently.

Source: https://app.beefy.com/ | Date: 22.08.2024

  1. Yearn Finance offers automated yield farming strategies that utilize Curve pools to optimize returns for users. There is a variety of strategies built on top of Curve.

Source: https://yearn.fi/vaults | Date: 22.08.2024

  1. DeFi Saver is a DeFi management tool tailored for advanced users that also supports Curve. On the DeFi Saver platform, users can manage their Curve liquidity positions and automate relevant strategies. There are also features allowing swaps to be routed through Curve as indicated on the print screen.

Source: https://app.defisaver.com/ | Date: 22.08.2024

II. Decentralized Governance

Conditional on the technical provision of a regulated activity being evaluated as non-decentralized, the Danish FSA will assess whether the managerial control over the crypto-related activities can be attributed to a legal entity.

Curve's governance structure has been intentionally designed to mitigate any claims of centralization or suggestions that the protocol can be indirectly controlled by a small group of individuals holding the highest governance token allocation. The robustness of the governance framework ensures that decision-making power is distributed across a diverse and inclusive range of participants.

DAO Membership

To effectively participate in Curve DAO governance, users must lock their CRV tokens into veCRV (vote-escrowed CRV). veCRV represents a non-standard ERC20 implementation, where locking is irreversible, and veCRV tokens are non-transferable. Through the VotingEscrow contract, users can lock their CRV tokens for varying lengths of time, ranging from a minimum of one week to a maximum of four years, to gain voting power. Those with longer voting escrows wield more stake and therefore receive greater voting power. Users can extend an existing lock at any time, but reclaiming CRV tokens is only possible after the lock duration expires.

The locking mechanism is controlled by Curve DAO, with the CurveOwnershipAgent as the current admin of the VotingEscrow. Any further changes to contract parameters require a successful DAO vote.

Curve uses Aragon for governance and control of the protocol’s admin functionality. Based on a modified implementation of the Aragon Voting App, much of the governance functionality is accessible via the DAO section of the Curve website. However, there are interactions that can also be executed via the CLI using the Brownie console.

DAO members with voting power (veCRV holders) can exercise it through

  • Ownership votes, which control most functionality within the protocol and require a 30% quorum with 51% support, and a one-week timelock on execution, or

  • Parameter votes, which can modify pool parameters and require a 15% quorum with 60% support, and a one-week timelock on execution.

Emergency votes are executed through an Emergency DAO multisig consisting of nine members, who are reputable figures within the DeFi community, the majority of whom are not employees of the Curve core development team.

Liquid Lockers

Some protocols, notably Convex Finance, Yearn Finance, and StakeDAO, have developed liquid wrappers for CRV, offering token holders the opportunity to earn veCRV yield on these respective platforms. Importantly, converting CRV to a liquid wrapper version of CRV is irreversible due to the immutability of the vote escrowed mechanism. While users can stake and unstake the wrapped tokens on the respective platform, they cannot convert them back to CRV (although there may be a secondary market where users can swap the veCRV derivative for CRV at the market rate).

Upon capturing the user CRV deposit, the protocol typically locks the tokens for the maximum duration of four years. Continuous relocking of these tokens enables the generation of maximum rewards for users and voting power for the governance protocol.

Source: StakeDAO Docs

Bribe Marketplaces

External marketplaces may also exist that allow anyone to offer incentivizes to veCRV holders to gauge weight (i.e. increase CRV emissions) for specific swap pools or lending markets and receive rewards in return. This practice, often termed “bribing” in the DeFi glossary, is not explicitly initiated, approved, or restricted by Curve. It should be noted that additional financial motivation (often external incentives outperform weekly protocol fee gains for veCRV holders) increases their interest in and active participation in protocol governance.

The StakeDAO model, for instance, allows users who hold liquid wrappers of CRV (sdCRV) to vote on Curve proposals through a replication of the vote. This means they are eligible for vote incentives (if any) offered by individuals and DAOs. Convex, on the other hand, reassigns veCRV vote power in its control to holders of its own token (vlCVX), which is immutably locked on Convex for 16 week epochs. vlCVX can participate in Curve’s voting procedures and collect vote incentives from bribe marketplaces. In both cases, voters express their vote intent via off-chain platforms like Snapshot, and the owners of the governance protocol execute the on-chain vote on behalf of their users. Typically this process is managed by a multisig.

The described mechanism allows for the aggregation of voting power of individual token holders, thereby influencing governance decisions on Curve. By pooling CRV tokens, these protocols can maximize the yield and voting influence of their users, providing an incentive structure that benefits both the protocol and the token holders. This system also scales participation in Curve’s governance, as it creates financial incentives that distribute voting power across a broader base of participants.

Major veCRV Holders

The largest lockers by voting power have been queried via Curve Prices. According to the data,

Remaining addresses have allocations below 10%.

Source: Curve Prices | Date: 17.08.2024

The dominant position of Convex has recently been solidified with additional CRV locks, pushing them over the majority threshold of 50%. This development raises concerns about whether a single entity may now possess the ability to dictate core decisions in Curve governance. However, it is important to note that Convex Finance is a decentralized protocol, not a conventional legal entity for which beneficial ownership and managerial rights can be traced to a number of individuals. Consequently, Curve's centralization risk in terms of governance is rooted in the decentralized control of Convex.

Convex Finance's 3/5 multisig has the authority to perform a wide array of functions, including voting on Curve DAO proposals and gauge weight proposals. Despite this significant influence, it should be emphasized that the multisig members do not exercise their power arbitrarily. Instead, the multisig commits to relaying the votes of vlCVX (Convex's native token) holders regarding Curve proposals. It has also previously agreed to transmit votes proportionally based on the amount of yes/no votes, to convey the interests of its complete set of stakeholders more accurately. The multisig retains the right to vote against proposals that are perceived as blatant attacks that could harm either Curve or Convex. Therefore, the voting power granted to liquid lockers (this property extends to StakeDAO and Yearn as well) amounts to a soft agreement that ultimately requires trust in the honest and reliable execution by the multisig signers.

While the analysis of Convex’s level of decentralization is beyond the scope of this article, it is an important area that should be further explored. For the present evaluation, it is critical to acknowledge that the majority of Curve's voting power being concentrated within Convex poses a centralization risk related to the Convex multisig, which has the authority to override community votes and act according to the will of the multisig members.

However, it is our judgment that the probability of conspiracy among multisig members to engage in malicious actions is very low. This assessment is based on several factors, including the reputations of the individuals involved, their longstanding presence in the DeFi space, and their overall contributions to the development and stability of the DeFi economy. Members of the Convex team furthermore make up a minority of the current multisig signers configuration. These factors collectively mitigate the risks associated with the concentration of voting power in Convex, although they do not eliminate them entirely.

Crosschain Governance

Governance voting is exclusively conducted on Ethereum mainnet. The design choice ensures that all critical decisions are anchored in the most secure and decentralized network available, minimizing the risk of attack vectors or governance manipulation that might be more prevalent on less secure networks. This creates challenges since Curve manages pool deployments on 16 chains, sidechains, and L2s. Due to limitations in cross-chain governance capability, the Curve team has historically undertaken the admin role on L2 deployments. The admin can not freeze pools or otherwise tamper with user deposits, making its role quite restrictive, although it does possess the power to set the fee receiver address and modify pool parameters.

Curve has, however, established a sophisticated cross-chain governance framework that extends DAO governance capabilities beyond Ethereum, encompassing multiple Layer 2 (L2) networks and sidechains, including Arbitrum, Optimism, Avalanche, Base and others. Reliance on such a governance system poses a dependency risk on the bridge, which if compromised, could allow an exploiter to make malicious governance actions, for example, to steal funds from a DAO-controlled vault on an L2. To date, Curve xgov has had limited use, having been used to manage token airdrops and grants on Optimism and Arbitrum.

Xgov operates such that once a proposal is passed on Ethereum, the outcome is transmitted to other networks via the L1-Broadcaster. This contract is responsible for broadcasting the voting results to the respective sidechains and Layer 2 networks. The message is then received byL2-Relayers, which are responsible for executing the approved actions on these networks.

Each L2 or sidechain has its own Agent contracts, charged with critical roles:

  • Ownership Agent - Manages the ownership of various contracts and assets on the network.

  • Parameter Agent - Manages certain pool parameters as dictated by governance decisions.

  • Emergency Agent - Executes urgent actions in response to critical events, ensuring the protocol’s resilience.

Source: Curve Technical Docs

Pure DAO Model

Building on the findings discussed above, we consider Curve’s governance structure to be leaning towards a pure DAO model:

arrangements implemented through smart contracts with very limited off-chain activity, no incorporated legal structure and, often, a rejection of dependence on law and legal institutions for their existence (although they may well still attract legal and regulatory consequences)

Source: UK Law Commission - DAOs Scoping Paper

One of the fundamental arguments supporting this assertion is the design of the governance token, CRV. Simply holding CRV does not automatically entitle the token holder to a share of protocol profits, the right to submit proposals, or the ability to vote on proposals. Instead, these rights are conferred only upon taking a voluntary action—locking CRV for veCRV, a non-transferable token, for a specified period. This mechanism ensures that the rights to governance and benefits remain with the user who initially locked the tokens, thereby preventing speculative trading of governance rights on secondary markets.

Moreover, Curve’s decentralized and autonomous nature is not solely defined by the absence of legal entities within its structure. Rather, it is characterized by its reliance on smart contracts that establish the rules governing interactions among participants and automate certain processes and functions. These elements are reliable benchmarks for effective decentralization in this case.

As demonstrated earlier, the ability of token holders to participate in governance is determined by smart contracts and is subject to a two-stage condition: the requirement to lock CRV for veCRV and the subsequent act of casting votes. This ensures that governance participation is deliberate and considered, aligning voting power with a long-term commitment to the protocol. Additionally, any alterations to the protocol’s smart contracts or changes to product offerings are automatically enacted based on the outcomes of governance votes.

Curve’s governance processes are intentionally designed to facilitate decentralized decision-making, ensuring that authority within the organization is dispersed among its participants rather than concentrated within a central decision-making body.

Alternative Ways to Interact with Curve Governance

Curve's smart contracts are self-executing, meaning the protocol will automatically execute an order as soon as it is communicated to the smart contracts. Interaction with the interface is just one of many ways to relay an order to the smart contracts—this can also be achieved by directly calling functions on Etherscan or through various protocols that route orders through Curve.

Following the same scenario tested in Section I (i.e deactivated front-end access), we outline below alternative routes to participate in Curve governance in the event that Curve official voting page is non-existent:

  1. Direct Contract Interaction via Etherscan: Users can directly interact with VotingEscrow contract on Etherscan by calling the create_lock function to lock their CRV tokens and obtain veCRV. After obtaining veCRV, users can exercise their voting rights by calling the vote function on the DAO voting contract. During this process, adjustments to parameters such as value, unlock_time, proposalId, and support will be required to ensure proper execution of the vote. The image below shows a sample 4-year lock of 5,000 CRV.

Source: Etherscan - VotingEscrow | Date: 22.08.2024

  1. Command-Line Interface Access: For users familiar with command-line tools, the Brownie console connected to the Ethereum Mainnet can be used to interact with DAO contracts directly. A model script available on Curve's GitHub may be utilized to create new votes. By entering a specific set of commands in the Brownie console, users can place and execute a vote without relying on the front-end interface. Below is shown a successful vote with its vote ID and 3 simulated txns to check for proper execution.

Source: Create a DAO vote guide

  1. Exposure to Curve Governance via Convex, Yearn, or StakeDAO: Users who hold CRV liquid wrappers through protocols like Convex, Yearn, or StakeDAO do not directly participate in the governance processes. Instead, their participation is intermediated by these protocols, which vote on behalf of the liquid wrapper holders. These protocols ensure that the interests of their users are represented in Curve’s governance decisions and subsequently distribute any rewards generated through participation in Curve’s governance.

Source: https://vote.convexfinance.com/ | Date: 23.08.2024

Source: https://app.stakedao.org/governance | Date: 23.08.2024

  1. Voting on CurveMonitor: an independent third-party platform with a focus on tracking proposal details and voting status. It’s designed to give the user a quick overview and direct access to DAO votes.

Source: https://curvemonitor.com/dao/proposals | Date: 23.08.2024

  1. Voting on CRVHub: an independent third-party aggregator, offering a more detailed experience with richer proposal descriptions and links to external resources, incl. vote simulations.

Source: https://crvhub.com/governance | Date: 23.08.2024

Concluding Thoughts

Curve smart contracts are autonomous, performing pre-programmed actions without any possibility of adjusting the inputs specified in the code. The remuneration flow within Curve is transparent and disintermediated, with any modifications subject to governance decisions. This ensures that no single entity can unilaterally alter the financial streams generated by the protocol. While the Curve DAO holds limited intervention rights, these can only be exercised under specific, predefined circumstances.

Governance tokens (veCRV) can only be obtained voluntarily and are subject to locking requirements. Decision-making power lies independently with each token holder, including those associated with liquid locking protocols, which have become top veCRV holders. While the concentration of voting power with a single stakeholder, i.e. Convex (which now holds over 50% of the voting power) raises concerns, this does not necessarily signal a shift back to centralization. Convex and other liquid locking platforms operate as a proxy governing body, meaning decision-making is distributed among a broader community rather than being controlled by a single actor.

Nevertheless, a notable point of concern is the reliance on multisig setups by Convex, StakeDAO, and Yearn. These DAOs use multisignature wallets, each with different numbers of signatories, to relay the votes of their native token holders (e.g., vlCVX, sdCRV, yCRV) to Curve’s governance. While this approach maintains a level of decentralization, the dependency on multisig structures introduces potential risks, particularly if the signatories were ever to act in a coordinated manner contrary to the broader community's interests or if the signing keys were to be lost or compromised.

Recommendations

Front-end Decentralization

The Danish FSA considers the provider of an interface to be an order executor if the provider makes available software that converts a user’s trading interests into an order entry on the DEX. Although Curve does not designate a specific interface provider, the domain registrant is an identifiable legal entity that could become a target for competent authorities. In such a case, the interface might be considered as a service offering, making the interface provider subject to MiCA regulations—even if the service provided is merely an integration with a fully decentralized service.

To further decentralize Curve's front-ends and mitigate the risks associated with a single point of regulatory focus, it is advisable to include multiple user-facing portals. While the protocol itself is sufficiently decentralized, the front-end currently represents a potential point of failure due to the fact that regulatory scrutiny could be directed at the single identifiable entity involved, such as SwissStake, which is presently only a domain registrant and has not undertaken explicit interface operating functions.

To address this vulnerability, it would be beneficial to encourage the development and use of external interfaces that are private. These could include integrations developed by private users or third-party software that allows users to interact with the blockchain. Under the Danish FSA's guidance, an interface can only be considered private if the user has control over the software. By promoting the creation and utilization of such private interfaces, Curve can reduce its reliance on any single front-end provider, thereby enhancing its resilience against regulatory actions.

Enhanced Governance Protection

In parallel, it is worth exploring opportunities to fully automate the process of liquid lockers' vote replication to eliminate the current dependency on multisig setups. This could involve developing smart contracts that autonomously replicate votes according to predefined rules, removing the need for manual intervention by multisig signatories. This would reduce the risks associated with centralized control, namely the possibility of certain actors acting against the interests of the community, or signing keys becoming compromised or lost.

Alternative solutions for these platforms may be beneficial to explore, which aim to strike a balance between security and cheap, convenient access to DAO governance for their users. Optimistic governance solutions that allow tokenholders to change the protocol admin in extraneous circumstances may give users the assurance of recourse in worst-case scenarios. Such assurances furthermore have implications for Curve's own governance, which has 75% of its governance power concentrated in three liquid locking platforms.

Cross-Governance Maturity

The vast majority of Curve-related activity, including TVL and revenue generation, occur on Ethereum mainnet. However, Curve has a long history of embracing cross-chain deployments. There presents a challenge in unifying the governance structure across all chain deployments that has no simple answer. A lesson from history is the previous bridge integration with Multichain to manage CRV emissions and revenue collection between mainnet and L2s. A massive exploit resulted in the deprecation of the bridge and losses to a number of tokens bridged by Multichain. Fortunately, Curve's bridge integration involved restrictive interactions with the bridge, but this and other bridge hacks serve as a warning to unrestricted trust in bridge protocols.

It is, however, essential to Curve's long-term decentralization strategy to determine a cross-chain governance solution. Currently, admin operations on L2s are managed by the Curve team, albeit with somewhat restrictive capabilities that importantly preclude the ability to tamper directly with user funds by freezing or diverting deposits to the protocol. There is a xgov system designed for extending governance capability to potentially all chain deployments, but a suitably trusted bridge remains a pain point.

© 2023 Llama Risk. All rights reserved.