Decentralized Finance, or DeFi, refers to a rapidly evolving suite of financial applications built on blockchain networks that aim to replicate and improve upon conventional financial services-such as lending, trading, payments, and asset management-without relying on centralized intermediaries. By using open protocols and programmable smart contracts, DeFi enables permissionless access, composable building blocks, and greater clarity, allowing anyone with an internet connection and a compatible wallet to participate in financial activity previously mediated by banks and brokerages.
Ethereum has emerged as the dominant platform for DeFi development due to its mature smart-contract infrastructure, extensive developer tooling, and wide adoption of token standards like ERC‑20. Key components of the Ethereum DeFi stack include decentralized exchanges (DEXs) for trustless token swaps, lending and borrowing protocols that use algorithmic collateralization, stablecoins that reduce volatility, and automated market makers (AMMs) that provide liquidity. The composability of these protocols-frequently enough described as “money legos”-permits complex financial products to be assembled rapidly from interoperable pieces.
While DeFi promises greater financial inclusion, innovation, and efficiency, it also introduces novel risks: smart-contract vulnerabilities, market and liquidity risk, governance challenges, and evolving regulatory scrutiny. This article will explain how DeFi works on Ethereum, survey its principal building blocks and representative projects, outline the benefits and hazards for users and the broader financial system, and offer practical guidance for evaluating DeFi opportunities.
Understanding DeFi on Ethereum: Core concepts, Ecosystem Participants and Value Propositions
Ethereum-based decentralized finance is built on permissionless, composable protocols that replace traditional intermediaries with smart contracts. These contracts automate custodial functions, enforce rules and execute transactions deterministically – creating transparent rails for lending, trading, and synthetic assets. Foundational building blocks such as ERC‑20 tokens, automated market makers (AMMs), liquidity pools and decentralized oracles together enable financial primitives that are programmable and interoperable across the ecosystem.
the network effect of DeFi emerges from distinct ecosystem participants, each supplying capital, code, or coordination. Knowing who does what helps explain incentives, revenue flows and where trust is concentrated.below, key actors are summarized to clarify roles and relationships in a single glance.
- Users: Retail and institutional participants who trade, borrow, earn yield or use wallets to access services.
- Liquidity Providers (LPs): Deposit assets into pools to earn fees and incentives, absorbing impermanent loss and price exposure.
- Traders: Use AMMs or DEX order books for spot and derivatives trading, arbitraging price differences.
- Lenders / Borrowers: Supply capital to lending protocols or take loans using crypto collateral.
- Developers / Protocol Teams: build,audit and upgrade smart contracts; design tokenomics and governance models.
- Oracles: Provide off‑chain data (prices, events) trusted by contracts to make economic decisions.
- DAOs & Governance Actors: Coordinate upgrades, parameter changes and treasury allocations through token-weighted governance.
Operationally, composability is DeFi’s superpower: protocols can be combined to create new products (e.g., a vault that uses an AMM and a lending market). Core mechanisms include AMMs for automated price revelation, overcollateralized lending markets for credit, stablecoins for unit-of-account, and derivatives/synthetics for exposure without custody. These mechanisms deliver clear value propositions - greater transparency,faster settlement,reduced counterparty risk and novel yield-generating strategies – while enabling rapid iteration by developers.
Risks are an unavoidable part of the landscape: smart contract bugs, oracle manipulation, economic exploits, user experience gaps and regulatory uncertainty. Practical mitigations include code audits, bug bounties, multisignature and timelock governance, decentralized oracle networks, formal verification for critical modules, and insurance primitives that preserve capital for users. A mature risk-management posture combines on-chain controls with off-chain oversight and community governance to align incentives.
| Participant | Primary Value |
|---|---|
| Liquidity Provider | Earns fees & liquidity mining rewards |
| Trader | Access to deep on‑chain markets |
| Developer | Composable building blocks, permissionless deployment |
| DAO | decentralized coordination and treasury management |
Leading Protocols and Use cases: Decentralized Exchanges,Lending,Derivatives and Stablecoins
Tokenized liquidity,permissionless markets and automated smart contracts have reshaped how value is exchanged on Ethereum. Decentralized exchanges (DEXs) such as Uniswap and Curve use Automated Market Makers (AMMs) to enable continual price discovery without centralized order books, while hybrid and aggregator models optimize slippage and capital efficiency. These protocols are foundational: they provide on-chain price feeds, permissionless access to markets, and composable liquidity that other DeFi services can build on.
Borrowing and yield products let users convert idle assets into productive capital. Leading platforms like Aave, Compound and Maker allow overcollateralized loans, variable and stable-rate borrowing, and innovative primitives such as flash loans. Common use cases include:
- Yield farming and collateralized leverage
- short-term arbitrage using flash loans
- Stablecoin generation via collateralized debt positions
Derivatives extend DeFi beyond spot trading to synthetics,perpetual futures and options. Protocols such as Synthetix, dYdX and Perpetual Protocol enable exposure to commodities, indices and leverage without centralized intermediaries. These instruments are crucial for hedging,speculation and creating synthetic exposure to off-chain assets-boosting market completeness and opening advanced risk management to on-chain users.
Stability and settlement are provided by multiple classes of stablecoins, each balancing trust, capital efficiency and decentralization. The short table below summarizes common models and examples:
| Model | Example | Trade-off |
|---|---|---|
| Fiat-collateralized | USDC | High peg stability,custodial trust |
| Crypto-collateralized | DAI | Decentralized,requires overcollateralization |
| Algorithmic | FRAX (hybrid) | Capital efficient,higher complexity |
Interoperability and composability make these protocols more powerful-but also concentrate systemic risk. Best practices for participants and builders include:
- Robust audits and bug bounties for smart contracts
- Prudent collateralization ratios and diversification
- Monitoring oracle integrity and LP exposure to impermanent loss
How Smart Contracts Work on ethereum and common Vulnerabilities with Recommended Safeguards
Smart contracts are self-executing programs compiled into EVM bytecode and deployed to an Ethereum address. When a user or another contract sends a transaction, the EVM deterministically executes that bytecode using the current state and the transaction’s input data; every operation consumes gas, and state changes are recorded on-chain only if the transaction completes without reverting. Logs and events emitted during execution provide an immutable audit trail, while transaction ordering and mempool behavior can affect how contracts behave in practice (for example, enabling front-running by miners or bots).
A number of recurring weaknesses have caused most incidents in the space: reentrancy (external calls that allow attackers to re-enter a contract), improper access control (missing onlyOwner guards or admin checks), flawed arithmetic (historically overflows/underflows), insecure upgrade patterns, oracle manipulation, unchecked external calls and returns, and gas-related Denial-of-Service possibilities. Each of these can be exploited in different ways, often combining subtle state assumptions with attacker-controlled inputs.
Preventive patterns and coding safeguards are practical and well-established. Use the checks-effects-interactions pattern to update state before external calls; apply a reentrancy guard (e.g.,nonReentrant) where appropriate; prefer audited libraries such as OpenZeppelin for ERC standards and access control; rely on built-in overflow checks in modern Solidity (>=0.8) or SafeMath for older versions; minimize and validate external calls; and explicitly specify function visibility and mutability. Also use immutable variables where feasible, and implement pull-payment patterns to avoid synchronous transfers that can fail or be exploited.
Operational safeguards complement secure code. Require multi-signature wallets and timelocks for administrative actions, run thorough unit and integration tests on multiple testnets, perform fuzzing and symbolic execution, and engage third‑party audits and formal verification for critical modules. Maintain a responsible disclosure and bug bounty program to surface issues in production, and use decentralized oracle services (or hybrid designs) rather than single, centralized price feeds to reduce manipulation risks.
Speedy practical reference:
| Vulnerability | Recommended Safeguard |
|---|---|
| Reentrancy | NonReentrant + checks-effects-interactions |
| Access Control | Role-based guards, multisig, timelock |
| oracle Attack | Use decentralized oracles + sanity checks |
| Upgrade Risks | Audit proxy patterns, restrict admin keys |
- Audit early and often - combine automated tools with manual review.
- Test under adversarial conditions – simulate gas griefing, reentrancy, and price swings.
- Minimize privileged code – reduce central points of control and document upgrade paths.
Yield Strategies Explained: Yield Farming, Liquidity Provision and Sustainable Risk Management
DeFi yield strategies range from actively farming new token incentives to quietly earning fees as a liquidity provider – each approach targets returns by putting capital to work inside smart contracts. Protocols reward participants for supplying capital, stabilizing markets, and enabling lending or trading.Understanding the incentive mechanics and where rewards actually originate (protocol emissions, trading fees, or interest spreads) is the first step to choosing an approach that aligns with your goals and timeframe.
At the operational level, yield generation typically follows a few repeatable patterns. Common techniques include:
- Staking: Locking tokens to secure or govern a protocol in exchange for emissions or fees.
- Providing liquidity: Supplying token pairs to AMMs and collecting a share of swap fees.
- Lending and borrowing: Depositing assets to earn interest from borrowers.
- Vault strategies: Automated compounding and dynamic rebalancing driven by smart-contract strategies.
Each technique differs in complexity, capital efficiency, and required monitoring.
When supplying liquidity to automated market makers, fees earned are often offset by price divergence between paired assets - the well-known impermanent loss. Modern innovations such as concentrated liquidity and active market-making strategies increase capital efficiency but add complexity and execution risk. Evaluating expected fee income versus potential divergence loss, and understanding the pool composition (stable-stable, stable-volatile, volatile-volatile), helps set realistic return expectations.
Sustainable risk management is essential for long-term participation. Practical controls include diversification across protocols and strategies, position sizing, and using audited contracts.Monitor on-chain metrics (TVL, volume, utilization), track protocol incentives that can dilute returns, and plan exit windows to minimize slippage. Consider third-party mitigations such as insurance covers and multi-sig governance for larger allocations.
| Strategy | typical APY | Primary Risk | Liquidity Horizon |
|---|---|---|---|
| Yield Farming (Vaults) | 5%-50% | Smart contract & emissions dilution | Short-Medium |
| Liquidity Provision (AMMs) | 1%-30% | Impermanent loss | short-Medium |
| Lending & Borrowing | 1%-15% | Liquidation & counterparty risk | Short-Long |
Oracles, Stablecoins and Price Stability Mechanisms with Best Practices for Risk Mitigation
Oracles are the bridge between on-chain protocols and off-chain data, delivering the price feeds that underpin virtually every DeFi primitive on Ethereum. They come in multiple flavors – from single-provider HTTP-APIs to decentralized aggregation networks – and vary by latency, security model, and resistance to manipulation. When a protocol relies on stale or easily spoofed data, liquidation engines and automated market makers become vulnerable to oracle attacks, resulting in cascading failures and user losses. Understanding the threat vectors (front-running, flash loan manipulation, feed outages) is the first step toward robust design.
Stablecoins are the practical instruments that enable unit-of-account stability in defi. There are three mainstream designs:
- Fiat-collateralized: backed by off-chain reserves and frequently enough centralized custodians.
- Crypto-collateralized: overcollateralized with on-chain assets and enforced by liquidation mechanics.
- Algorithmic/seigniorage: use smart-contracted monetary policy to maintain peg without external collateral.
Each class involves trade-offs between trust assumptions, capital efficiency, and failure modes - for instance, centralized reserves expose custodial risk while algorithmic models can experience death spirals under severe market stress.
Protocols use several price-stability mechanisms to preserve peg and protect creditors: overcollateralization, time-weighted average prices (TWAPs) to smooth volatility, auction-based liquidations to prevent undercollateralized debt, and incentive layers (keeper rewards, stability fees) to align off-chain actors.Rebase mechanisms and seigniorage-style supply adjustments are useful for some algorithmic designs, but they introduce systemic risk if confidence collapses. Well-designed liquidations and graduated buffers (e.g., debt floors, cooldown periods) reduce the likelihood of sharp, protocol-level insolvencies.
To mitigate risks effectively, implement layered safeguards and operational best practices. Recommended measures include:
- Oracle diversification – aggregate multiple independent sources and use medianization.
- TWAPs and authenticated feeds - favor time-weighted windows over spot ticks for large orders.
- Circuit breakers and pause mechanisms – allow human/DAO intervention during extreme anomalies.
- Transparent reserves and regular audits – for off-chain collateralized models.
- Formal verification and third-party security audits – plus bug bounties and staged rollouts.
- decentralized governance controls - multi-sig or timelocks for critical parameter changes.
Operational readiness and continuous monitoring close the loop between design and safety. track metrics such as oracle feed latency, TWAP divergence, collateralization ratios, liquidation occurrences, and reserve health. Consider on-chain insurance, automated fallback oracles, and clearly documented disaster recovery playbooks.below is a concise comparison of typical oracle approaches to guide design choices:
| Oracle Type | Strength | Primary Risk |
|---|---|---|
| Decentralized Aggregator | High resistance to manipulation | Complex governance, cost |
| exchange TWAP | Low latency, simple | Vulnerable to concentrated orderbook attacks |
| Trusted Submitter | Low cost, reliable short-term | Centralization and single-point failure |
Regulatory, Compliance and Tax Considerations for Individuals and Institutions Participating in DeFi
Regulatory frameworks around decentralized finance are fluid and fragmented across jurisdictions, so participants should assume that rules could change rapidly. Regulators may treat protocols, developers, deployers, and users differently: some focus on consumer protection, others on systemic risk. Expect scrutiny from securities, commodities, and banking regulators, and note that enforcement actions often target intermediaries or entities that provide on-ramps and off-ramps to fiat currency.
Anti‑money laundering and Know‑Your‑Customer obligations present practical challenges in permissionless systems. While non‑custodial interactions are technically pseudonymous, financial institutions and centralized services connecting to DeFi must perform standard AML/KYC screening. Common compliance measures include:
- Customer due diligence: identity verification and risk profiling
- Transaction monitoring: screening for sanctions and suspicious patterns
- Recordkeeping: retention of transaction histories and wallet links
Whether a token or activity is a regulated security drives licensing and disclosure obligations. Many jurisdictions apply economic-substance tests (e.g., factors similar to Howey) to determine securities status; stablecoins and tokenized assets may attract banking or payment-service rules.Institutional participants should evaluate licensing requirements for custody,broker-dealer activities,and lending operations,and consider whether protocol governance actors could be deemed service providers under local law.
Tax treatment of DeFi activity is nuanced and varies by country, but several common taxable events recur: swaps and sales, mining or liquidity rewards, staking returns, and token airdrops.Accurate cost basis and timestamped records are essential for compliance. The table below summarizes typical treatments as a starting reference (consult local guidance):
| Activity | Typical Tax Character | Reporting Tip |
|---|---|---|
| Token swap/trade | Capital gain/loss | Track cost basis per lot |
| Liquidity mining rewards | Ordinary income on receipt | Record FMV at receipt |
| Staking rewards | Ordinary income; possible capital upon sale | Separate reward vs disposal events |
Practical risk management combines legal advice, technical audits, and operational controls. Institutions should implement
- Due diligence: protocol economic and legal reviews
- Smart‑contract audits: independent security assessments
- Compliance tooling: on‑chain analytics and sanctions screening
- Policy frameworks: internal rules for exposure limits and counterparty acceptance
Adopting these measures reduces regulatory surprise and makes engagement with DeFi both defensible and auditable.
getting Started Safely: Wallet Setup, security Checklist, Due Diligence and portfolio Construction
Begin by selecting a wallet that matches your threat model: a hardware wallet (Ledger, Trezor) for long-term holdings, a software wallet (MetaMask, Rainbow) for everyday interactions, and a separate watch-only or cold-wallet address for large positions. During setup, write your seed phrase on paper and store it in multiple secure locations-never store seeds in cloud services or plain text. Configure a strong local passphrase, enable biometric lock where available, and link the wallet to a dedicated browser profile or mobile device used only for crypto activity.
Adopt a layered security checklist to minimize single points of failure. key items include:
- Keep firmware and OS updated to patch vulnerabilities.
- Use hardware wallets for signing high-value transactions.
- Verify contract addresses and signatures on Etherscan before approving.
- Never share your seed phrase-treat it as physical cash.
- Limit wallet approvals by revoking token allowances regularly.
Before interacting with any protocol, perform focused due diligence: check for recent security audits, verify Total Value Locked (TVL) trends, review the team’s on-chain history, and scan community channels for independent reviews. Pay special attention to upgradeable contracts and multisig governance that could change the risk profile overnight.A quick reference table below helps prioritize checks when evaluating a new project.
| Metric | Why it matters | Quick check |
|---|---|---|
| Audit status | Identifies known vulnerabilities | Audit repo & recent fixes |
| TVL | Shows user trust and liquidity | DeFi Llama / on-chain charts |
| Token lockups | Reduces rug risk | Check vesting schedules |
Construct your portfolio with intentional allocation and risk controls: set clear percentage targets for stablecoins (cash buffer), blue-chip tokens (lower risk), and experimental positions (high risk). Use position sizing limits per trade and sector diversification across lending, AMMs, and derivatives to avoid correlated blowups. Define a rebalancing cadence-monthly or quarterly-and stick to it, documenting rules for profit-taking and stop-loss triggers that reflect your personal time horizon and liquidity needs.
Operational discipline reduces human error: maintain separate wallets for different purposes (staking, trading, cold storage), always send a small test transaction to new contracts or bridges, and keep a recovery plan (redundant seed backups, trusted emergency contacts). Practical starter actions:
- Revoke old approvals using an allowance manager.
- Test with small amounts on mainnet or use testnets.
- monitor gas and front-running risk with priority fees.
- Document key actions and keep an offline incident checklist.
Q&A
Q&A: What is DeFi? Decentralized Finance on Ethereum
Q1: What is DeFi?
A1: DeFi (Decentralized Finance) is a set of financial applications built on blockchain networks-predominantly Ethereum-that replicate and extend traditional financial services (lending, trading, payments, derivatives, insurance) using smart contracts. DeFi aims to be permissionless, transparent, and composable, enabling anyone with an internet connection to access financial services without intermediaries.
Q2: Why is Ethereum central to DeFi?
A2: Ethereum pioneered a programmable blockchain with a robust smart contract platform (the EVM) and widely adopted token standards (eg, ERC‑20). Its large developer ecosystem, liquidity, and composability of protocols made it the dominant platform for DeFi innovation. Many DeFi primitives and most liquidity still reside on Ethereum or Ethereum-compatible chains.
Q3: How do DeFi smart contracts work?
A3: Smart contracts are self-executing code deployed on the blockchain. They define rules for transferring assets, managing collateral, or automating trades. When users interact with these contracts (via a wallet), transactions are recorded on-chain and executed deterministically by the network, without centralized intermediaries.
Q4: What are common DeFi applications?
A4: Core categories include:
- Decentralized exchanges (DEXs) for token swaps (eg, Uniswap)
- Lending and borrowing platforms (eg, Aave, Compound)
- Stablecoins (eg, USDC, DAI)
- Asset management and yield strategies (yield farming, vaults)
- Derivatives and synthetic assets (eg, Synthetix)
- Automated market makers (AMMs) and liquidity pools
- Decentralized insurance and prediction markets
- Governance DAOs that manage protocol parameters
Q5: What is composability?
A5: Composability means protocols can interoperate like financial “lego” pieces-one protocol’s output can be another’s input. This enables rapid innovation and complex, permissionless financial products, but it also creates systemic interdependencies and risk propagation.
Q6: What are governance tokens?
A6: Governance tokens grant holders voting rights over protocol changes-parameter adjustments, treasury spending, or upgrades. They decentralize decision-making, though token distribution and voting power can raise concentration and coordination challenges.
Q7: What are the main benefits of DeFi?
A7: Benefits include:
- Permissionless access (no bank account or KYC required for many services)
- Transparency (on‑chain transactions and open-source code)
- Programmability (automated, composable financial services)
- Innovation speed and new financial products unavailable in traditional finance
Q8: What are the primary risks of defi?
A8: Key risks:
- Smart contract vulnerabilities and bugs (loss of funds)
- Rug pulls and malicious token contracts
- Oracle risk (faulty or manipulated price feeds)
- Liquidity risk and slippage on trades
- Impermanent loss for liquidity providers
- Custody risk (loss/theft of private keys)
- Regulatory and compliance uncertainty
- Systemic risks from composability and leverage
Q9: What is impermanent loss?
A9: Impermanent loss occurs for liquidity providers in AMMs when the relative prices of pooled tokens diverge. compared to simply holding the tokens, a liquidity provider can end up with less value when withdrawing. It’s “impermanent” because if token prices return to their prior ratio, the loss can be reduced or eliminated.
Q10: What are flash loans?
A10: Flash loans are uncollateralized loans that must be borrowed and repaid within a single transaction block. They enable arbitrage, liquidation strategies, and complex on‑chain trades, but have also been used in exploit chains and market manipulation.
Q11: How do stablecoins work in DeFi?
A11: Stablecoins are tokens pegged to a stable asset (commonly USD). They can be fiat‑backed (eg, USDC), crypto‑collateralized (eg, DAI), or algorithmic. Stablecoins provide on‑chain liquidity and a unit of account for DeFi transactions.
Q12: How do Layer 2 solutions affect Ethereum DeFi?
A12: Layer 2 (L2) rollups and sidechains increase throughput and reduce transaction costs by batching transactions off‑chain and settling on Ethereum. L2 adoption improves user experience and makes DeFi more accessible, though bridging assets between L1 and L2 introduces additional complexity and risk.
Q13: What is a bridge and are cross‑chain bridges safe?
A13: Bridges transfer tokens and data across blockchains.Many bridges are custodial or use smart contracts and relayers; they can be vulnerable to hacks and smart contract bugs. Bridge security varies-use reputable bridges and be aware of custodial trade‑offs.
Q14: how should a beginner get started with DeFi safely?
A14: Steps to start:
- Learn the basics: wallets, gas fees, token standards, common protocols.
- use a reputable non‑custodial wallet (eg, MetaMask) and securely store private keys/seed phrases offline.
- Start small-use small amounts to learn interfaces and transaction flows.
- Use audited, widely used protocols with critically important TVL (total value locked).
- Monitor gas costs and use hardware wallets for larger positions.
- Keep software updated and beware phishing links.
Q15: How do I evaluate the safety of a DeFi protocol?
A15: Consider:
- Audit history and reputable auditors
- Age and track record of the protocol
- Total value locked and active user base
- Open‑source code and transparent governance
- Insurance options or multisig timelocks for upgrades
- Tokenomics and incentive sustainability
Q16: What are the regulatory and tax considerations?
A16: DeFi exists in a shifting regulatory landscape.Many jurisdictions treat crypto transactions as taxable events (capital gains, income). Anti‑money laundering (AML) and securities rules may apply to certain tokens and services. Consult a qualified tax or legal advisor for jurisdiction‑specific guidance-this Q&A is not legal or tax advice.
Q17: How is custody different in DeFi vs traditional finance?
A17: In DeFi, users typically control custody through private keys-“not your keys, not your coins.” This offers sovereignty but places obligation for key management, backups, and securing hardware wallets. Centralized services custody keys on behalf of users, trading convenience for custodial risk.
Q18: What is MEV and why does it matter?
A18: Miner/Maximal Extractable Value (MEV) refers to profit opportunities for block proposers or validators who can reorder, include, or censor transactions. MEV can cause frontrunning, sandwich attacks, and increased transaction costs, though research and mitigations are evolving.
Q19: What trends will shape the future of DeFi on Ethereum?
A19: Key trends:
- Layer 2 scaling and UX improvements
- Institutional participation and regulated on‑ramps
- Improved composability with safer primitives and better tooling
- Cross‑chain interoperability and standardized security practices
- More on‑chain identity and compliant/privacy-preserving primitives
- Integration of traditional finance rails and tokenization of real‑world assets
Q20: Where can I learn more?
A20: Reliable resources include protocol documentation (whitepapers, docs), reputable crypto education platforms, developer blogs, community governance forums, and research reports from established blockchain analytics firms. Always cross‑check information and prioritize sources with transparent methodology.
Disclaimer: This Q&A is informational and educational only and not financial, legal, or tax advice. Conduct your own research and consult licensed professionals for decisions that require specialized expertise.
Concluding Remarks
Decentralized finance on Ethereum represents a fundamental shift in how financial services can be created and accessed: open, programmable, and composable protocols replace many traditional intermediaries, enabling lending, trading, payments, and more through smart contracts. While DeFi offers clear advantages-greater accessibility, transparency, and rapid innovation-it also brings material risks, including smart‑contract vulnerabilities, oracle and liquidity risks, regulatory uncertainty, and usability challenges. For anyone considering participation,the essentials are to understand the underlying protocols,prioritize security (private key management,audited contracts),start conservatively,and keep informed as the ecosystem evolves.
Looking ahead, scaling solutions, improved interoperability, stronger standards and auditing practices, and clearer regulatory frameworks are likely to shape DeFi’s next phase of growth. Whether you are a curious newcomer, an experienced developer, or an industry observer, approaching DeFi with informed caution and ongoing diligence will be critical to realizing its potential while managing its risks.





