• DeFi composability allows developers to focus on their core business logic by leveraging permissionless and censorship-resistant infrastructure
  • A multitude of DeFi applications (“Money LEGOs”) can be connected in tandem to create previously unimaginable use cases and financial products
  • The traditional financial system has a limitation on practical composability due to its permissioned nature, high barrier to entry, legal costs, and more
  • Composability of DeFi applications requires due diligence on each protocol utilized to reduce systemic risk for the DeFi ecosystem as a whole

Since the launch of programmable smart contracts, the Ethereum blockchain has blossomed into a borderless and permissionless network that supports a wide array of decentralized applications (dApps) running in parallel.

The first wave of applications was focused on using the blockchain to create digital tokens and track their ownership. However, the newest wave of dApps has evolved beyond ownership to unique methods of management and transfer that resemble and expand upon current traditional financial products. Collectively known as Decentralized Finance (DeFi), this parallel financial system is worth over $3B and is made up of decentralized exchanges, collateralized loans, lending and borrowing platforms, leveraged trading, synthetic assets, prediction markets, privacy mixers, payment networks, and much more.

A key property accelerating the innovation and adoption of DeFi is the permissionless composability available to developers. Composability is a design principle that allows various different components within a system to be combined together to meet any specific use case requirements. DeFi is unique in that developers can leverage any combination of DeFi protocols together without requiring any special permissions, opening up a frictionless innovation cycle, unlike anything we have seen in traditional finance.

In this article, we examine the limitations of the current financial system, how DeFi composability provides a permissionless financial architecture through the lens of a few in-production examples, and outline how we can overcome the systemic risks that such a system may introduce.

The Status Quo vs DeFi

The composability of financial applications is not a new concept. In fact, many of the popular user-facing applications used every day such as Uber, Lyft, and Airbnb are the result of financial composability. For example, Plaid and Stripe are financial services integrated throughout a multitude of web applications that provide native payment support to users. This greatly reduces their developer workload and speeds up the go-to-market strategy, since developers don’t have to build fiat payment infrastructure from scratch.

However, this form of financial composability comes with certain limitations.

Permissioned Access

Traditional centralized financial services are inherently permission to build upon, requiring legally-binding financial contracts between the two parties. This raises the barrier to entry and makes it very difficult for developers to create fully automated or impartial financial applications because there is an ongoing possibility that access is revoked at any time. The central entity now has control over key parts of the application, putting into question the deterministic guarantees the third-party developer seeks to provide.

DeFi turns this dynamic on its head by being inherently permissionless, creating an open foundation from which any developer can get immediate access to financial infrastructure that operates with high levels of tamper-resistance and reliability. This allows for truly impartial and deterministic applications that run as coded and are incapable of being shut down. Plugging into DeFi infrastructure requires no approval from the original developers, leading to seamless innovation without any central chokepoint.

Reduced Transparency

Traditional financial services are typically opaque or subject to information asymmetry, where the public is provided much less insight into the backend infrastructure. This creates unknown levels of risk exposure and mitigates risk management to a small group of regulators. For example, financial composability enabled the creation of mortgage-backed securities by combining pre-existing consumer mortgages. Many deemed these financial products incredibly safe due to their diversification and AAA ratings given by Moody’s Investors Service, Standard & Poor’s, and Fitch Ratings. However, in 2008 it was revealed that many of these securities were backed by toxic subprime loans, triggering a global financial crisis. Had there been more transparency and visibility to a wider audience, such an implosion may have been prevented from occurring.

In contrast, DeFi products have transparency by default; as not only are they built upon open-source technology, but every transaction and interaction between users and dApps is recorded in an open, immutable ledger distributed around the world. While it might be months or years before a centralized cryptocurrency exchange is discovered to have gone insolvent (such as Mt. Gox and Quadriga), DeFi’s solvency and health is always subject to the collective observation and analysis of a large open-source community where anyone can point out fraud and systemic risk.

If a traditional financial entity wants to offer its financial services or products to citizens within a certain country, by default they will often be required to meet the compliance and regulation standards of that nation. These rules include Know Your Customer (KYC) and Anti-Money Laundering (AML) laws and regulations, among others. While regulatory standards may improve markets in certain instances, meeting standards can lead to high compliance costs (e.g. expensive legal consultation) and raise the barrier to entry to a point where only a select few well-connected and well-capitalized firms are able to compete, especially when operating across numerous different jurisdictions. Additionally, compliance tends to involve more manual processes that hinder multi-party process automation.

DeFi takes a different approach, wherein it can be made compliant without sacrificing innovation. Blockchain infrastructure is inherently open-source and decentralized, meaning it’s not owned by a for-profit company and transactions are easy to verify and audit on-chain. The composability of each protocol means that compliance tools don’t have to be built-in but instead can be plugged-in to allow any user or enterprise to be fully compliant. The combination of the public ledger and pluggable modular compliance support allows end-users to meet regulatory standards without stifling innovation.

Overall, the traditional financial world tries to achieve market efficiency through a more controlled structure where they attempt to regulate away inefficiencies, while DeFi looks to create market efficiency through an open-source framework where permissionless innovation naturally removes inefficiencies.

DeFi Composability

The modular composability of the DeFi ecosystem enables developers to focus on their core business logic, knowing they can always access key infrastructure without any permission required. With DeFi, when a developer creates a new token, they do not have to build their own exchange or pay to get it listed on some proprietary platform in order to support trading and the creation of liquidity. Instead, they can list their token on a pre-existing decentralized exchange (DEX) that has been thoroughly audited and contains an existing user base. This grants token holders immediate access to liquidity and different financial use cases with it, greatly expanding the utility of their token.

Some of the decentralized infrastructure in the background making DeFi applications possible include:

  • Smart contract enabled blockchains (Ethereum)
  • Tamper-resistant oracle networks (Chainlink)
  • Persistent data storage/web hosting (IPFS)
  • Censorship-resistant domain names (ENS)
  • Reliable data queries and indexing (The Graph)

Listing a token on a DEX is a quite simple example of composability, but this structure can be extended by connecting new DeFi applications to existing applications like.

Some different money LEGOs in DeFi include:

These are just some of the many building blocks that can be connected in various combinations to create a structure that is greater than the sum of its parts. To note, many of the above-listed applications actually fall under multiple categories meaning the same applications can connect in various ways to create differing combinations.

“One of the biggest value propositions of DeFi is the interoperability by default. We have a financial system, which is accessible to the wider ecosystem. This means that anyone can build a product by combining two protocols, such as Aave and Synthetix, and provide a new user experience. If that product is good, it will get network effects quickly since liquidity moves in an interoperable fashion as well. That’s something that is far more powerful than we have in current financial systems.”

Stani Kulechov, Founder and CEO of Aave

Composability Squared

A key property of DeFi composability is that it enables a chain of decentralized applications to be connected together in tandem. This increases capital efficiency as assets can be used within multiple applications at a time, with near-zero friction costs and no permission required. It also fosters a growing network effect where every new DeFi application makes every other pre-existing DeFi application even more powerful and useful.

For example, while a user can gain working capital by minting decentralized stablecoins via opening an overcollateralized loan, these stable coins become even more useful when deposited into a decentralized money market and tokenized to become non-custodial interest-bearing stable coins. This means while the underlying stablecoins in the money market are being lent out to borrowers and actively earning interest, the newly created interest-bearing tokens, which represent ownership of the stable coin deposit, can be used within other DeFi applications or even used to pay for goods and services.

This composability can be further extended by multiple users pooling their interest-bearing stablecoins together to create a permissionless no-loss savings game — a dApp where all the interest earned on the pooled stablecoins within a certain time period is awarded to one lucky winner, where afterward everyone can withdraw the value of their original deposit. This no-loss savings game can tokenize user deposits into tradable tickets (a claim on the deposit) and continue the cycle of DeFi composability.

The entire process above already exists within DeFi, involving a combination of Ethereum, Chainlink, MakerDAO, Compound, and PoolTogether. By leveraging Maker’s DAI stablecoin, Compound’s money market cTokens, and Chainlink’s VRF, PoolTogether was able to create a new innovative decentralized application without having to build a stable coin, bootstrap a money market protocol, or figure out how to get a verifiable on-chain source of randomness.

Money Legos powering DeFi's permissionless composability
A set of Money Legos showcasing DeFi’s permissionless composability

DEX Aggregation

A DeFi application that also makes heavy use of composability is 1inch.exchange. This is a decentralized exchange (DEX) aggregator that fetches liquidity from across all DEXs on Ethereum, allowing users to swap tokens on-chain at the lowest slippage possible. 1inch splits large trades into multiple orders that can then be settled across multiple DEXs within a single transaction to achieve the most optimal exchange rate.

1inch creates a superior experience for users; instead of needing to check and compare many different DEXs for their current exchange rates, users can only have to navigate to a single application and immediately get access to all the liquidity residing on Ethereum.

Flash Loans

Another application harnessing composability is the decentralized money market Aave, which increases the capital efficiency and yield of deposits by enabling superfluidity of assets through flash loans. These are temporary uncollateralized loans that must be paid back (plus a small fee) within the same transaction. If a flash loan borrower is unable or does not pay back their loan immediately, then the transaction as a whole reverts, protecting the protocol and its lenders from any defaults.

Flash loans are a powerful concept; not only are they atomic (either succeeds or reverts, no in-between), but they allow anyone to temporarily access a large amount of capital to take advantage of inefficiency or leverage up an opportunity, ultimately leveling out the playing field for DeFi. Flash loans can be used to perform profitable arbitrage between DEXs, seamlessly leverage up a loan, switch out the collateral and/or debt in a loan, and numerous other use cases all within a single transaction.

Money LEGOs as Collateral

In addition to the above, Aave has also rolled out support for unique collateral types that take advantage of tokens generated from other DeFi applications. For example, the first new unique collateral type is liquidity pool shares from Uniswap, an Automated Market Maker (AMM) DEX. Aave was able to roll this feature out in a manner of only a few weeks, due to the fact they utilized Chainlink oracles which already supported the price feeds required. By connecting to Chainlink’s price reference feeds, Aave was able to seamlessly implement advanced forms of composability in a secure manner.

For context, when a user deposits funds into a liquidity pool on Uniswap (where each pool requires two tokens), they receive back UNI pool tokens which represent a claim on their funds. These UNI pool tokens can then be transferred and deposited into the Aave money market and used as collateral within a loan. This enables a high degree of capital efficiency for market makers as they are now able to provide liquidity and earn trading fees on Uniswap, while at the same time borrow against that capital. They can then even use those borrowed funds to deposit even more liquidity onto Uniswap, creating leveraged long exposure to Uniswap trading fees and the assets within the pool.

Risks of Composability

Even with all the benefits, developers should be careful to not construct a house of cards on a foundation of quicksand when utilizing the property of composability. The risks involved with the development of DeFi composability can be refined down to four core properties. The first is the inherent protocol level risk of the blockchain network that decentralized applications operate upon, such as Ethereum. If this baselayer is unable to come to a consensus or gets attacked by malicious attackers, then everything that runs on top is vulnerable to manipulation as well. This is not entirely unique to DeFi composability but is something always in consideration regarding decentralized application risk.

The second is the unique implementation risks of each smart contract application individually on its own. Every application is based on its own design trade-offs in order to meet specific needs for each desired use case. This can involve the usage of an admin key for upgradability, an oracle mechanism used for pricing data, a distributed token governance system, or other key attributes of a contract modification. Additionally, there is potential for software bugs in the source code of the smart contract itself that could cause a decentralized application to behave in an unexpected manner. To mitigate these vulnerabilities, the Chainlink protocol has undergone multiple smart contracts security audits, including audits on each new product feature, as well as offering generous bug bounties and having fully open-source code. This ensures users have full confidence before they even begin to integrate oracles into their applications.

The third risk involves the expansion of the attack surface of all of the above when composing multiple smart contracts together. While two particular decentralized applications may be secure in isolation, the combination of the two may not. An increase in an application’s composability increases the attack surface in such a way that is greater than the sum of its parts. This creates more edge cases that need to be preeminently mitigated against to ensure a smooth operation. This composability risk can also take the form of utilizing potentially subpar collateral within another Defi application such as a money market, for which is only as strong as its weakest collateral token supported.

Lastly, the fourth risk involves user knowledge and accessibility. A user who doesn’t understand the application they are utilizing is more likely to take on more risk than they realize. It is, for this reason, user education and transparency about risk is so important to ensuring a healthy ecosystem. DeFi composability can quickly get highly complex so it is key that each step in the process is broken down to a level that users can understand what they are putting their money into.

For all of the risks above, it is critical that those in the open-source community actively participate in the analysis of DeFi applications and the composability being used in order to preemptively mitigate any issues before they arise. Composability enabled applications to have lots of moving pieces that each needed to be ensured to be of the highest quality. In addition, it is key to set and implement industry-wide standards to ensure best practices across the ecosystem and bolster this security through bug bounties, audits, hackathons, and other forms of developer engagement. By doing so, a stronger and more resilient financial ecosystem is created and user funds are safeguarded in the best manner possible.


In summary, DeFi has been built as a new financial ecosystem that operates alongside the current traditional financial system, yet offers unique advantages of permissionless composability, censorship-resistant access, and full transparency. In particular, DeFi composability opens up the ability for any developer to launch new innovative financial applications at an accelerated rate because they don’t rebuild core infrastructure or have to rely on the centralized and permissioned financial services of today.

The open-source, permissionless nature of DeFi facilitates a level playing field, which fosters an environment that requires constant innovation to retain market share. The DeFi applications that make use of composability today are setting the foundation for the next generation of dApps that will utilize even more advanced forms of composability. There are limitless use cases to discover and applications to be built. The future of a permissionless modular financial future looks bright indeed.


Please enter your comment!
Please enter your name here