2019 was a breakout year for Synthetix. The emergence of DeFi brought significant awareness to the project creating excitement about the potential of synthetic assets on Ethereum. Combined with the revised tokenomics and incentives in March, engagement accelerated throughout the year. Of course increased scrutiny often brings a mix of both positive and negative perspectives. There was skepticism about a number of aspects of the system, and while most of this skepticism was justified, some of it reflected a misunderstanding of the stage of the project. We have said from the beginning that Synthetix is a highly experimental protocol and there are a number of assumptions about how it will function at maturity that are still untested. Synthetix employs a novel mechanism that has little precedent, so it is difficult to reason about how the market will respond to it. This post will attempt to discuss the current state of the project, the risks that still exist and the mitigation strategies planned for dealing with them. Hopefully this will establish a shared framework from which to discuss the progress of the project and the prioritisation of the areas of focus for 2020. As always we welcome criticism, particularly when that criticism is well reasoned and reflects an understanding of the trade-offs that Synthetix embodies. Helping to illuminate these trade-offs and design decisions can only benefit the long term viability of the project.
If we are being generous, Synthetix is likely less than 50% implemented. This can often be confusing to people new to the project, because on the surface it looks like it is a complete and functioning system. You can go to Synthetix.Exchange and trade over twenty different assets including novel tokens like the sDeFi index as well as inverse (short) indexes of assets like LINK and XTZ which are difficult to short typically. Yet despite appearances of completeness there are more things not yet implemented than in production. These deficits range from simple features to deeper issues like centralised protocol control. This post will address these thematic issues at a high level with a few examples, but it should be treated as a companion post to our proposed 2020 roadmap which can be found here, which covers in detail the specific aspects of the system yet to be implemented.
“An entrepreneur is someone who jumps off a cliff and builds a plane on the way down.” — Reid Hoffman
This is a great quote, but building a plane while jumping off a cliff, is fairly trivial compared to what a crypto projects typically deal with, when you jump off the cliff in crypto you can't simply build the plane, because you have to invent it first.
This is why there is still so much to be addressed for Synthetix to succeed, these issues are not only wide but deep as well. They extend not just to simple features but down to architecture, and even further to fundamental issues like governance. When you start a company you typically create a Delaware LLC and adopt a boilerplate corporate charter. In crypto, to succeed you need to be willing to experiment with and implement novel and untested forms of governance. In startups it is often what you don’t know that kills you, this massively increased surface area makes the challenge of building a successful crypto startup that much harder. This problem is so large that it would not be unreasonable to state that there are maybe only a few dozen successful crypto startups — and all of these are at the periphery: exchanges, payment processors, custody services, etc. (with the possible exceptions of Bitcoin and Ethereum) — that manage to generate enough fees (excluding block rewards) to truly provide a viable and in-demand service.
Synthetix Thematic Challenges
Below is the list of themes we will be tackling this year, prioritised based on recent community feedback. What is most interesting, and reinforces the need for this post, is that even within the Synthetix community growth and adoption is the highest priority.
- Mechanism/Incentive Design
- User Experience
- Protocol Security
- System Optimisation
The issue is that driving growth and adoption before reaching product market fit can create an illusory sense of success. This tweet makes the case for why stuffing users into a leaky funnel can trick you into believing you have a working product when in reality no one actually sticks around. There is an additional level of danger when you are building a crypto protocol though, because before you begin to generate a monetary premium no one will attack you, and this can lull you into a false sense of security. The instant you become ‘real,’ the attacks will begin and they will be unrelenting. So deliberately constraining the attack surface and slowly expanding the protocol allows a project to shore up gaps while the stakes are smaller. Ironically one of the most dangerous things that happened to Synthetix in 2019 was how effective the change in monetary policy was in creating project awareness, this combined with our rapid rise on DefiPulse meant we were caught flatfooted as we thought we had more time to resolve structural issues in the system. The worst of these was the rise in frontrunning attacks which quickly became an existential threat to the protocol over the course of only a few weeks.
So part of the purpose of this post is to realign expectations. We obviously want adoption — without adoption, this whole exercise is pointless. But we want to ensure the adoption we generate is organic, sustainable, and secure.
The Trader/Staker dichotomy
Broadly, there are two groups of players in the Synthetix system, stakers who provide a service to traders who consume that service. Within the system, value flows from traders to stakers, so it is important to balance the incentives of these two groups. Closing attack vectors reduces the risk of staking for SNX holders, but this can impact the user experience for traders. Similarly, adding additional asset classes and leverage increases risk to stakers but increases utility for traders. Additional complexity arises from the fact that adding features for potential stakers introduces new attack vectors that can be exploited by malicious users so it is critical to slowly roll out new features to ensure the risk/reward ratio for staking does not turn negative. The more we reduce the attack surface while delivering new features the more successful the platform will become, because it will be more profitable for a staker to join the system allowing for the expansion of the protocol creating a virtuous cycle for all participants. But this trade-off between the incentives of both sides of the market, traders and stakers, is the lens through which we must assess all changes to the protocol. Maintaining a balance is critical. Some of the priorities below are more focussed on user experience for traders, but many of them are about providing a solid foundation that generates trust for both stakers and traders, because if the system is unstable both groups are at risk. A final point: even after all of these priorities have been delivered, there is still a huge task ahead of the team and the community in building awareness and driving trading growth. Once all of these features are live there is no doubt Synthetix will compete with even the largest CEXs but a ‘build it and they will come’ philosophy will never allow the project to capture market share from incumbents. We will still require a robust growth strategy, but this must come after the delivery of a stable and feature rich platform not precede it.
Defining the attack surface
To help frame our current challenges we need to review each of the themes below to identify the areas of attack related to each of them. Only once these issues are addressed can we align our other priorities to ensure we are building a sustainable protocol, and that our growth initiatives are successful and self-reinforcing. Broadly there are a few major attack vectors which need to be addressed:
Centralisation of the protocol
- Price oracles
- Protocol upgrade governance
- Public goods funding
- Front-ends (dApps)
- Spot market manipulation
- Spot market closures
- Reduced claim window
- Continuous rewards calculations
- Peg maintenance
- Market neutral debt pool and hedging mechanisms
All of these are being addressed at the highest priority, and many of them are dependencies for launching some of the additional functionality later this year. As one example, both price oracles and protocol upgrade governance are dependencies for launching new asset classes like equities and leverage.
All of the above protocol deficiencies represent an existential threat to the long term success of the protocol, and while we believe we have viable solutions to all of them, empirical data and time are the only true measure of the success of these risk mitigation solutions.
In addition to addressing these critical risk factors we also have a number of other priorities within the themes listed below. Ultimately we must look at the entire protocol holistically as well as each component discretely to be able to identify the interdependencies in our priorities.
This is without a doubt the end to which everything we are building is aimed. One of the reasons why Synthetix has been so successful at generating excitement is the market opportunity we are addressing is both tangible and enormous. It is obvious that a trustless and permissionless derivatives trading platform at feature parity with existing centralised platforms will not only capture a significant fraction of market share, but has the potential to expand the market considerably. The potential size of an exchange with the ability to offer leveraged derivatives trading on multiple asset classes in a single platform that’s accessible to anyone in the world is essentially immeasurable. That said, before we can focus on adoption we absolutely must close the gaps and reduce the attack surface of the protocol. Essentially every low level growth priority has a dependency on another aspect of the system that must be resolved first. This includes resolving front-running to enable the addition of new synths and leverage, and increasing decentralisation to enable the addition of new asset classes like equities. We can't launch something like sAAPL until the system is significantly more decentralised and resistant to capture.
Improvements to the mechanism design of the system are predominantly inward facing, meaning they mainly deliver lower risk for SNX stakers by removing or reducing attack vectors, or tightening incentives to reduce platform risk for sX traders. Improving these incentives and tightening the feedback loops in the system is critical for providing confidence in the system for potential traders. Examples of priorities here are Fee Reclamation to close the front-running attack vector, which has been exposing stakers to undue risk for almost a year as we worked to progressively close this exploit. Another priority is Ether collateral which will introduce a more diverse collateral pool and make access to the exchange far safer for traders. In addition, a number of features are designed to tighten incentives around maintaining the peg and ensuring the system is fully collateralised.
The user experience of the platform is currently far better for stakers than traders. This was by design, as ensuring that staking complexity and ease of use was high meant that as demand grew the system would be ready to scale and onboard new stakers. Without this, high growth in demand for Synths could have hit a bottleneck in supply that significantly undermined confidence in the system. That said, there is still friction for SNX stakers, and it will be important to provide more information and better interfaces, including allowing delegation of minting to mobile devices so stakers can keep their funds in cold storage and still interact with Mintr. The largest gains will come from focusing on improving the experience for traders to gather feedback on the improved experience. This includes the launch of sX v2, as well as demonstrating the power of layer two and adding triggered orders to close the gap between CEX’s and sX in terms of features.
Securing the protocol while not undermining decentralisation is non-trivial. There will always be a trade-off between protecting user funds and exposing funds to risk through the addition of complexity to the contracts that enable pausing and other safety valves. There are two components to securing the protocol. The first is open community oversight, meaning providing timely and accurate data about how the system is being used to enable the community to make rapid decisions to prevent or stop an attack. The second is limited functionality that can be triggered by the community or a distributed group of token holder representatives to halt an attack. There is an additional component which is to ensure robust testing and auditing of all code deployed to mainnet.
This is the aspect of the roadmap which is clearly the most misunderstood, so it is critical we advocate the need for a more decentralised protocol, as without implementing additional community oversight and control at the protocol level many of the most important features of the system are blocked. The two most important examples are the ability to deploy new asset classes and ensuring that the interfaces are uncensorable. The first requires that all data feeds are being published to mainnet by a distinct entity, in this case Chainlink it also requires the community being the arbiter of which asset feeds are requested from Chainlink. There is an additional issue which is interface centralisation. By upgrading TheGraph to ensure all data that feeds the dApps is decentralised, it will be possible for the community to directly host alternate interfaces that can support a wider range of assets and functionality.
This is probably the least noticeable area of focus, but the upgrades described will pave the way for a much smoother user experience. The most critical items in this category are the deployment upgrades and the contract address resolver both of which enable the migration to the ProtocolDAO enabling community control of the protocol upgrade process and de-risking the centralised control of the system that exists currently. While this may be seen as merely an optical improvement that addresses criticisms from some more ardent decentralisation advocates, it is also a practical improvement that will reduce the regulatory and technical attack surface of the project.
This is another area which may feel less important than some of the other themes, however, it is likely to be composability that delivers the killer app for Synthetix. The integration of Synth trading into wallets and other interfaces will expose Synthetix to an audience that will be orders of magnitude larger than the current DeFi user base. Many crypto wallets have hundreds of thousands and even millions of users, and they are all looking for new features to implement to drive engagement for their users. Access to permissionless versions of every conceivable asset class is a powerful new feature set to deliver to these users.
By the end of the year we expect to have addressed all of the major issues described above, however, it is very likely new issues will arise that will need to be addressed as the platform gains traction. One of the fundamental questions that remains to be demonstrated is whether we can attract enough organic trading activity and establish the right incentives to ensure the debt pool is both representative of the wider market as well as more market neutral. We must also ensure that the gap that remains between a market neutral system can be hedged externally by stakers that are composed of a mixture of professional market makers, staking pool managers and individual users all competing to hedge their exposure to the debt pool and remain as close to market neutral as possible, ensuring fees generated by the exchange are generating net revenue for stakers. Should this prove to be challenging it is possible we may begin to trial a hybrid model which relies on both a pooled collateral as well as counterparty based trading for large positions. Irrespective of the eventual solution to these and other issues, we believe Synthetix is positioned to be the dominant decentralised derivatives exchange by the end of 2020 and that sX capture marketshare from centralised services by providing a compelling and trustless alternative to these centralised services.
If there's anything in here you wish to talk about further, come join the conversation in Discord!