Private Law Aspects of Liquidity Pools in Decentralized Finance (DeFi)

Nicolas Curchod / Bruno Pasquier *

Liquidity pools are essential for the functioning of decentralised finance. Nevertheless, the legal issues they raise have found little attention in legal scholarship. This article explains how liquidity is provided in decentralised finance, as opposed to centralised finance, and introduces the relevant stakeholders (i.e., DEX operators, liquidity providers, and traders). Then, it explores the legal relationships between such stakeholders from a contract law perspective. Further, it discusses the options of users to seek compensation in case they incur damage in connection with the use of decentralised finance platforms. Finally, it sets out the limitations of the existing legal framework and the need for legislative action.

Liquiditätspools sind für das Funktionieren des dezentralen Finanzwesens unerlässlich. Trotzdem finden die rechtlichen Fragen, die sie aufwerfen, in der Rechtswissenschaft nur wenig Beachtung. Dieser Beitrag erläutert die Art und Weise, wie im dezentralen Finanzwesen - im Gegensatz zum zentralen Finanzwesen - Liquidität bereitgestellt wird, und stellt die relevanten Akteure (d.h. Betreiber von dezentralen Börsen DEX, Liquiditätsanbieter und Händler) vor. Anschliessend werden die rechtlichen Beziehungen zwischen diesen Akteuren aus vertragsrechtlicher Sicht untersucht. Ferner werden die Möglichkeiten der Benutzenden erörtert, Schadenersatz zu verlangen, wenn ihnen im Zusammenhang mit der Nutzung dezentraler Finanzplattformen ein Schaden entsteht. Schliesslich werden die Grenzen des bestehenden Rechtsrahmens und der Bedarf an gesetzgeberischen Massnahmen aufgezeigt.

Si les liquidity pools sont essentielles au bon fonctionnement de la finance décentralisée, les questions juridiques qu'elles suscitent n'ont trouvé que peu d'attention en doctrine. La présente contribution présente la manière par laquelle la liquidité est assurée dans la finance décentralisée, par opposition à la finance traditionnelle, et présente les acteurs pertinents (opérateurs d'échanges décentralisés DEX, fournisseurs de liquidité et traders). Elle expose ensuite les relations juridiques entre les différents acteurs sur le plan contractuel. Puis, elle examine les possibilités pour les utilisateurs ayant subi un préjudice dans le cadre de l'utilisation d'échanges décentralisés de demander la réparation du dommage. Enfin, elle expose les limites du cadre juridique existant et la nécessité d'une action législative.

Citation: Nicolas Curchod / Bruno Pasquier, Private law aspects of Liquidity Pools in Decentralized Finance (DeFi), sui generis 2024, p. 243

DOI: https://doi.org/10.21257/sg.269

* Nicolas Curchod, Attorney at law, LL.M. (Harvard), Associate at Quinn Emanuel Urquhart & Sullivan LLP, Zurich (nicolascurchod@quinnemanuel.swiss). Bruno Pasquier, Professor, UniDistance, Zurich University of Applied Science, Attorney at law, LL.M. (Berkeley), Deputy Judge at the Supreme Court of Fribourg (bruno.pasquier@unidistance.ch).


I. Introduction

In recent years, we have witnessed a spectacular boom of decentralised exchanges (DEXs), with transactions of around USD 1 trillion yearly on such platforms since 2021.[1] Despite the increasing popularity of DEXs - including Uniswap, SushiSwap or Curve - the legal issues surrounding such platforms and their underlying technologies remain largely unexplored. The focus of the emerging legal scholarship seems to lie on regulatory issues, leaving questions of private law largely untouched.[2]

One of the key distinctive features of decentralised finance (DeFi) is how liquidity is provided. Departing from the models used in centralised finance (CeFi), DEXs rely on so-called liquidity pools. This article seeks to explore private law issues arising in connection with such pools, with a particular emphasis on the relationships between the different stakeholders. After having described the way through which liquidity is provided in DeFi as opposed to CeFi, this paper will present the different actors of the DeFi-ecosystem and analyse the relationships between them from a contractual perspective. It then addresses potential compensatory claims of traders (Traders) and liquidity providers (LPs), discussing risks associated with using liquidity pools and potential causes of action arising out of transactions on DEXs.

II. Liquidity Pools

1. Liquidity in CeFI

a) Market mechanisms

To understand how liquidity is provided in traditional finance, one must consider the two main traditional market mechanisms, i.e., limit order markets and dealer markets.[3] Many markets are hybrid in the sense that they combine features of both limit order markets and dealer markets.[4]

In limit order markets, buyers and sellers directly trade with each other.[5] Their orders are matched using an order book. This electronic register essentially lists all buy and sell orders for a specific instrument (e.g., security, derivative, cryptocurrency).[6] Orders can specify either (i) the maximum/minimum price the buyer/seller is willing to accept for a certain quantity of a specific instrument (limit orders) or (ii) only an amount to buy or sell without indication as to the price at which the order must be executed (market orders).[7] The book, which aims at matching orders to buy (bids) with orders to sell (asks), lists all orders awaiting execution: bids are listed in decreasing order of price, and asks in increasing order.[8]

Bid

Ask

Price

Size

Time

Price

Size

Time

50.40

200

13:24:07

50.45

300

13:24:00

50.36

100

13:23:00

50.48

200

13:23:59

50.32

500

13:24:01

50.55

200

13:22:42

Figure 1: Example of order book (shares of company A)

An order can be executed (at least partially) if it matches or crosses the best price on the other side of the order book.[9] If a limit order to buy cannot or can only partially be executed because the price set by the buyer is lower than the highest price set by sellers, the order - or part thereof - will appear on the bid side of the order book.[10] Conversely, a limit order to sell will appear on the ask side of the order book if it cannot be (entirely) executed.[11] A market order, on the other hand, will be filled instantly at whatever price the market will bear.[12] Considering the hypothetical order book shown in Figure 1, an investor placing an order to buy 550 shares of company A specifying an upper limit of USD 50.50 will only be partially executed since only 500 shares are listed on the ask side of the order book for a price lower or equal to this price.[13] The remaining 50 shares will then appear on the bid price of the book.

In dealer markets, buyers and sellers do not interact directly.[14] Rather, investors must trade with dealers (also known as market makers), i.e., market participants who quote bids and ask prices of an asset they maintain in inventory. In order to share the so-called inventory risk, i.e., the risk of loss of value of the inventory that each dealer has to maintain, market makers trade with each other.[15] Hence, a dealer market typically comprises two segments: the retail segment, in which dealers trade with investors, and the wholesale segment (or interdealer market), in which dealers trade with each other.[16] Unlike limit order markets, trader markets do not enforce price priority. Instead, investors are free to choose the dealers they want to trade with, and market participants may very well bargain over price and quantity. In some dealer markets, information on quotes is available to the public. In others, this is not the case.[17]

b) Liquidity

In a perfectly liquid market, any order of any given size could be executed for the exact same price on both sides of the market. Most financial markets, however, are not perfectly liquid. In the example shown in Figure 1, an investor seeking to buy 500 shares of company A can do so at an average price of USD 50.462.[18] Meanwhile, a market participant seeking to sell the same quantity of shares can do so at an average of only USD 50.36.[19] A good indicator of a market's liquidity - or lack thereof - is the difference between the best bid and the best ask price (so-called bid-ask spread).[20] In our example, the bid-ask spread amounts to USD 0.05.[21]

In limit order markets, liquidity is typically provided by buyers and sellers themselves. Any buyer or seller who submits a limit order supplies liquidity by replenishing the order book.[22] Market participants submitting market orders, on the other hand, are said to "consume" liquidity by depleting the order book, hence widening the bid-ask spread.[23] By contrast, in dealer markets, liquidity is provided by market makers.[24] All buyers and sellers seeking to place orders on the retail segment of the market are liquidity users. Market makers make a profit by taking advantage of the bid-ask spread as well as by making trades for their own account. Because of the key role they play, they are often registered with exchanges[25], and their activity may be regulated.[26] Companies may also enter into agreements with LPs to increase the liquidity of their shares or other instruments. By committing to continuously quote bids and asks, market makers facilitate the trading of such instruments.[27]

2. Liquidity in DeFi

DEXs are peer-to-peer marketplaces in which market participants trade cryptocurrencies. While centralised exchanges (CEXs) - such as Coinbase or Kraken - act as custodians of assets deposited by Traders, this is not the case with DEXs. Users of DEXs never entrust a third party with their assets; they keep control of them. Further, unlike CEXs on which participants may also exchange fiat currencies (e.g. Swiss francs) for cryptocurrencies, DEXs only allow Traders to trade cryptocurrencies for other cryptocurrencies. By way of example, the current largest liquidity pool on Uniswap is the pool USDC[28]/ETH[29], i.e., a pool in which participants may exchange USDC of ETH and vice versa.[30]

While CEXs typically use an order book to match asks and bids, many DEXs depart from the order book model. Instead, they rely on liquidity pools, each consisting of a pair of tokens. Each liquidity pool is managed by a smart contract, i.e., "computer code that automatically executes all or parts of the transaction steps of an oral or written agreement between two parties".[31] The pairs act as automated market makers (AMMs). Whenever a trader wants to withdraw a certain quantity of one of the tokens from the liquidity pool, the smart contract automatically determines the corresponding number of the other token that must be deposited. Hence, the ratio depends on the formula used by the smart contract.

On Uniswap v1 and v2,[32] one token is only accepted if the so-called "constant product formula" is preserved. Such a formula, expressed as x × y = k, states that trades may not change the product k of the reserves x and y of two tokens, A and B. Correspondingly, the price of token A can be expressed as y x × B. For any token A, if Traders want to withdraw from the liquidity pool, they must deposit a quantity of tokens B corresponding to y x . Assuming that the liquidity pool A/B contains 500 tokens A (x = 500) and 750 tokens B (y = 750), the price of A would be 1.5 × B. Importantly, the price of each token only changes when the reserve ratio changes, which happens anytime a trade is made. External prices, i.e., prices according to other exchanges on which the tokens are being traded, do not directly affect the price determined by the smart contract on the DEX. Anytime a token trades above or below its value on external markets, however, an arbitrage opportunity arises.[33] Using the example of the liquidity pool A/B, if the ratio falls from A = 1.5 × B to A = 1 × B on external markets (e.g ., because the price of token A fell from USD 3 to USD 2 while the price of token B remained stable), arbitrageurs may purchase tokens A on other platforms and sell them on Uniswap at a better price, making a profit. This will occur until the level of reserves y equals x and the price on Uniswap reaches A = 1 × B. Hence, Uniswap advises users not to set a ratio of tokens that corresponds to a price that is different from the external market price in order to avoid to "[create] immediately a profitable arbitrage opportunity, which is likely to be taken by an external party".[34]

While market makers in CeFi are specialised intermediaries registered with an exchange, regulated, and/or hired by companies seeking to increase the liquidity of their financial instruments, essentially anyone can become an LP on DEXs. Figure 2 shows how easily anybody can create a pair on Uniswap by selecting two tokens and depositing amounts of the chosen tokens from their wallet. On Uniswap v3, LPs must, additionally, select a fee tier as well as the price range within which liquidity is to be provided.[35] If a liquidity pool between both selected tokens does not exist, it will be automatically created. Consequently, the number of pairs that can be traded on DEXs are virtually limitless.[36] Hundreds if not thousands of pairs can currently be traded on the largest DEXs, and such numbers continue to increase as LPs create new pairs.

Figure 2: Add Liquidity Feature, Uniswap v3[37]

The LP who created the liquidity pool or others can then add or remove liquidity by depositing or removing pairs of tokens. In order to track the contribution to the pool of each LP, liquidity provider tokens (LP tokens) are issued and distributed.[38] The number of LP tokens that LPs can redeem is related to their share of the liquidity provided to the pool. They may redeem a portion of the total number of tokens available in the pool corresponding to the ratio of LP tokens received in relation to the total number of LP tokens existing at the withdrawal time. For example, if an LP holds 10 LP tokens of the USDC/ETH pair out of 1,000 LP tokens, he has the right to redeem 1% of the liquidity. Hence, if the pool contains 100 ETH and 300,000 USDC at the time of withdrawal, the LP can withdraw 1 ETH and 3,000 USDC. When tokens are redeemed, a corresponding number of LP tokens are destroyed.[39]

There are different ways in which DEXs can incentivise LPs to provide liquidity. On Uniswap v2, any trader pays a flat fee of 0.3% of the value of the swapped tokens, no matter how large the transaction is.[40] Because such a flat fee was considered too high for some pools and too low for others,[41] Uniswap v3 introduced a differentiated approach. Under the v3, LPs may select a fee tier of 0.05%, 0.3%, or 1%. Hence, Uniswap v3 introduces "multiple pools for each pair of tokens, each with a different swap fee".[42] LPs are entitled to a proportionally distributed part of the collected fees when they withdraw their portion of total reserves.[43] Hence, and even though this does not seem to have become a popular investment strategy yet,[44] acting as LP allows players of the cryptocurrency ecosystem to add a potential new source of income. According to a recent empirical study, providing liquidity in stable pools, i.e., pools that comprise pairs of stable tokens such as USDC, enable a "seemingly risk-free and profitable investment opportunity compared to constant-mix portfolios".[45]

3. Stakeholders in DeFi

In sum, the following three main actors are relevant to the DeFi-ecosystem:

  1. Operators of decentralised exchanges ("DEX Operators"). DEXs - such as Uniswap, Sushiswap or Curve - are cryptocurrency exchanges relying on a decentralised network protocol. While some legal entities claim to be in charge of the operation of DEXs, this is not always the case. By way of example, the first version of the Uniswap protocol, which operates on the Ethereum blockchain, does not seem to have been developed by a company but by an individual, Hayden Adams.[46] When legal entities are involved, their role is often blurry.[47] For instance, the second version of Uniswap was apparently mainly developed by Uniswap LLC, a limited liability company incorporated in 2018 in Delaware that was later renamed Universal Navigation, Inc.[48] Universal Navigation, Inc. is said to "operate" - under the name "Uniswap Labs" - the interface https://app.uniswap.org. Noteworthily, however, while the smart contracts used to run the interface seem to be developed by developers affiliated with DEX Operators, they are deployed by users. On Uniswap, such (open source) smart contracts are made available in so-called "repositories".[49]
  2. Traders of Crypto Tokens ("Traders"). Traders are market participants who exchange crypto tokens on a DEX. Like in traditional dealer markets (see, supra, N 7 f.), Traders are liquidity users. Essentially, anyone can become a market participant, and large DEXs typically have thousands, if not millions, of users.[50] Interestingly, from a regulatory standpoint, there is no need to create an account to trade on platforms such as Uniswap or DAO and, hence, no Know-Your-Customer ("KYC") procedures.[51] Rather, Traders simply need to connect their unhosted wallet, select a pair of tokens and enter the desired volume.
  3. LPs. LPs play the role of market-makers in traditional dealer markets. As mentioned above, anyone can become an LP on DEXs; no approval from the DEXs is needed. Echoing the claim made by DEXs, which sought to depart from the model used by CEXs under which liquidity was "provided by a small handful of professional trading firms with permission access and specialised tools",[52] it seems that liquidity is essentially provided by individual providers and not professional market makers.[53] This avoids the concentration of liquidity "in the hands of a few actors who can withdraw and manipulate assets during periods of volatility and restrict trading when users need it the most".[54]

III. Legal Qualification of the Relationship Between Stakeholders

From a legal standpoint, the question arises whether there is a contract - and, if so, what type of contract - between the involved stakeholders, i.e., DEX Operators, LP, and Traders.

To answer this question, a conflict of laws analysis must be conducted to determine what law is applicable. Noteworthily, it seems that large DEXs that operate from the United States would like U.S. laws to apply to the relationships with any person using the platform. By way of example, Uniswap's Terms of Service hold that the platform is operated from the United States and that the laws of the State of New York govern the agreement under which any person may access and use the interface.[55]

In the following sections, we assume that Swiss law is applicable. Hence, we define a contract as referring to the mutual assent of parties that creates at least one obligation for one or both parties, such as the obligation to deliver the purchased object or to pay the purchase price.[56]

1. Relationship Trader - DEX Operator

DEX Operators essentially provide an interface that gives users access to a decentralized protocol, which can be run on various blockchains, allowing them to trade certain digital assets. Despite the decentralized nature of the liquidity pools and the pseudonymity of the transactions, an argument can be made that DEX Operators and Traders would like to be bound by a contract. A clear sign of this intent is the use of Terms of Use by the DEX Operators, which sets forth the parties' obligations.[57] For example, the UniSwap Terms of Service hold that there is a binding contract between the users and Uniswap: "To access or use the Interface, you must be able to form a legally binding contract with us".[58]

The primary obligation of the DEX Operator is to provide an interface that allows users to access the protocol. Usually, DEX Operators make clear that they have no control over the protocol itself or the underlying blockchain. For instance, Uniswap's Terms of Service hold that "Uniswap Labs does not control or operate any version of the Protocol on any blockchain network".[59] From the perspective of Traders, except for the fact that DEXs normally only allow the exchange of cryptocurrencies for other cryptocurrencies (and not fiat currencies), there seems to be no fundamental difference between CEXs and DEXs. In essence, Traders may use the interface for a fee - whose payment constitutes the Traders' main obligation - part of which goes to the LPs and part to the DEX Operators (infra, N 9 ff.). However, contrary to CEXs, DEXs do not require Traders to place assets in their custody. Rather, Traders maintain custody of their tokens at all times. The Terms of Service of Uniswap reflect this by holding that the interface is a "purely non-custodial application" that owes "no fiduciary duties or liabilities" to Traders.[60] Hence, the contract between Traders and DEX Operators can hardly be qualified as a contract of bailment.[61]

Under Swiss law, two types of contracts may fit the characteristics of the relationship between Traders and DEX Operators, i.e., a contract for work and services and an agency contract.[62] The main difference between both types is that the former entails an obligation to obtain a result, whereas the latter (merely) entails an obligation to perform diligently and faithfully.[63] Because DEX Operators arguably promise - "and Traders expect" - a certain result, i.e., the use of the protocol to make (a) certain transaction(s), a qualification as a contract for work and services seems to be more appropriate.

2. Relationship LP - DEX Operator

As we have seen, the entire system put in place by DEXs relies on LPs: DEXs could not operate without liquidity pools and, hence, without the participation of LPs. In other words, without the participation of LPs, the interface operated by DEX Operators would be useless.

The function of LPs is similar to the one played by market makers in traditional financial markets. Noteworthily, market makers in CeFi are mandated by operators of centralised exchanges to ensure that liquidity is provided on the market by quoting bids and asking prices of assets they maintain in inventory.[64] Market makers typically enter into binding contracts with exchanges in which the terms of their appointment are specified. Under EU law, there may even be a duty to enter into such agreements,[65] the content of which is also regulated.[66] Unlike market makers in CeFi, LPs are not expressly mandated by anyone to do anything. Rather, as discussed (supra, N 15), anybody can become an LP within minutes - "if not seconds" - without contractual negotiations. However, strictly speaking, neither the fact that the process is fully automated and instantaneous nor the absence of negotiations speaks against the existence of a contract. Rather, the relationship between DEX Operators and LPs looks like a contractual arrangement, i.e., an agreement creating mutual obligations. Here, too, the main responsibility of the DEX Operator is to provide an interface to access the protocol. In the case of Uniswap, this is expressly stated in the Terms of Service.[67]

While LPs also use the platform, their role is different from that of Traders. Essentially, in exchange for depositing tokens A and B into a liquidity pool, LPs receive LP tokens that give them the right to redeem a portion of each of the tokens A and B available in the pool and of the fees collected. Still, considering that the primary obligation of DEX Operators is to provide an interface to access the protocol, it is tempting to characterise the legal relationship between DEX Operators and LPs as a contract for work and services (Art. 363 ff. CO).[68] Alternatively, LPs could be understood to be vicarious agents of DEX Operators.[69]

3. Relationship LP - Traders

As we have seen, tokens are not exchanged between two Traders but rather between a Trader and a liquidity pool. Although Traders and LPs use the protocol they access through the interface, they do not interact directly with each other. Indeed, there is no direct exchange between individual LPs and Traders. Rather, funds are "pooled" in a decentralised pool managed by a smart contract deployed on the blockchain. There is no purchase or exchange between the LP and the Trader when the LP provides liquidity and receives, in exchange, LP tokens. Indeed, the LP tokens are minted automatically by the smart contract, which determines the amount of LP tokens to which the LP is entitled on the basis of the liquidity provided.[70] The LPs are the original holders of the LP tokens, following their minting by the smart contract. Therefore, we are of the opinion that there is no contractual relationship between Traders and LPs.

IV. Compensatory claims of Traders and LPs

1. Frequent Risks Related to the Use of Liquidity Pools

The question arises as to what risks are associated with the use of Liquidity Pools and could give rise to claims for Traders and LPs.

Among the risks commonly associated with trading tokens on DEXs, the vulnerability of smart contracts is often mentioned.[71] As noted by Schär, "[w]hile the deterministic and decentralised execution of smart contracts does have its advantages, there is a risk that something may go wrong. If coding errors exist, these errors may create vulnerabilities that allow an attacker to drain the smart contract's funds, cause chaos, or render the protocol unusable. Users have to be aware that the protocol is only as secure as the smart contracts underlying it."[72] Defaults in smart contracts can be manifold. Because of the existing discrepancy in technical knowledge between smart contract developers and many of the users of DEXs, such defaults will usually not be visible to users.[73] Hence, there is a risk that users rely on smart contracts that prove to be faulty at some point.

In particular, smart contracts are not immune to errors and hacking.[74] For instance, the DAO was hacked a few months after its launch in 2016 as vulnerabilities in the underlying code were exploited.[75] Here, too, it is to be expected that the average user will not be able to assess the platform's security. Audits and insurance services may offer a partial solution to this problem.[76] Uncertainty, however, remains.[77]

2. Legal Basis for Reparation Claims

a) Breach of Contract

As shown above (supra, N 16 ff.), Traders or LPs, on the one hand, and DEX Operators, on the other hand, are arguably bound by a contract. Therefore, in the event that users (i.e., Traders and LPs) lose money, they may seek compensation from the DEX Operators for a breach of contract. However, the conditions for liability may not be met. Under Swiss law, a compensation claim generally requires, in addition to a breach of contract, a fault, a causal link and damage.[78] In practice, the requirement of a breach of contract and fault will often be an obstacle to a reparation claim.

First, it will often be difficult for Traders or LPs to demonstrate that the DEX Operator breached the contract. Indeed, the DEX Operators insist that their contractual obligation is to provide an interface allowing Traders and LPs to access the (open source) protocols, but not to create or operate the protocol itself. In the case of Uniswap, the Terms of Service hold: "The Interface is distinct from the Protocol and is one, but not the exclusive, means of accessing the Protocol. […] Uniswap Labs does not control or operate any version of the Protocol on any blockchain network. By using the Interface, you understand that you are not buying or selling digital assets from us and that we do not operate any liquidity pools on the Protocol or control trade execution on the Protocol".[79] If the obligation of DEX Operators is understood as the mere obligation to operate an interface, irrespective of the underlying protocol, a DEX Operator can hardly be held responsible for a breach of contract. Indeed, the risks mentioned above mainly concern either the protocol layer (e.g., the Uniswap protocol) or the blockchain layer (e.g., Ethereum), but not the interface.

Second, contractual liability requires a fault of the DEX Operator.[80] Noteworthily, harm does not need to be intentionally inflicted for this condition to be met. Rather, negligence is sufficient.[81] To determine the appropriate level of care that a person must show in order not to be considered negligent, several criteria can be taken into account, including experience or knowledge.[82] In case of a vulnerability exploited by a hacker, it is doubtful whether the behaviour of a DEX Operator" - or developer affiliated with the operator or otherwise acting as vicarious agent" - would be considered to be at fault.

b) Torts

Another question is whether compensatory claims can be made in torts. Noteworthily, there is currently no legislation on the liability of suppliers of 'algorithmic' services, neither at the Swiss nor the European level.[83] Hence, when examining issues of tort liability arising in connection with errors in smart contracts and cyberattacks, the general provisions applicable to tort liability are applicable. In Switzerland, four conditions must be met to trigger the key provision that governs tort liability[84]: (i) a tortious act, (ii) damage, (iii) fault, and (iv) causal link. Concerning claims made by LPs or Traders against DEX Operators, two of these conditions will often be difficult to meet., i.e., a tortious act and a fault.

A tortious act is understood as a violation of either a statutory provision aimed at protecting the injured party or an absolute right. However, rights to wealth or assets (Vermögen) do not qualify as absolute rights in the sense of this definition. Therefore, a tortious act requires a provision to protect against damages of the type that have occurred. In certain situations, such as in the case of hacking, the faulty commission of a tortious act of the hacker can easily be established.[85] However, in case of a technical error affecting the interface, it is doubtful whether a relevant provision could be identified. In particular, no criminal law provision is violated as long as the default in the smart contract is due to a coding error. Hence, at least under a framework with a relatively narrow definition of tortious acts, the conditions for tort liability will likely not be met in case of an unintentional coding error.

Regarding fault, see the section on contract law (supra, N 29 ff.).

c) Limitation of Liability

Unsurprisingly, the terms of service of DEX Operators contain provisions that seek to limit - if not fully eliminate - the operators' liability. For instance, Uniswap's Terms of Service hold that Uniswap Labs will not be liable to the interface's users "for any indirect, punitive, incidental, special, consequential, or exemplary damages [...] arising out of or relating to any access or use of the Interface, nor will we be responsible for any damage, loss, or injury resulting from hacking, tampering, or other unauthorised access or use of the Interface or the information contained within it".[86] In particular, the Terms of Use of DEXs normally exclude any liability for damages incurred as a consequence of errors in the protocol or hacking.[87] Acknowledging that certain risks exist, the terms seek to allocate such risks to the users.[88]

As noted by Uniswap in its Terms of Service, some jurisdictions do not allow the exclusion of certain warranties. In Switzerland, Art. 100 para. 1 CO provides that no exclusion of liability is permitted for gross negligence or intentional fault.[89] If the limitation of liability clause is contained in generic terms and conditions, Art. 8 UCA[90], which prohibits abusive clauses, may apply. Hence, an agreement purporting to exclude liability fully is partly invalid, i.e., invalid to the extent that it excludes liability for gross negligence and intentional fault.[91] Accordingly, the limitations outlined in the DEX Operators' terms of service may not apply.[92]

V. Concluding Remarks

1. The Existing Legal Bases and Legal Concepts Are Ill-Suited for DeFi

Our analysis of the current law shows that the existing framework does not provide an appropriate response to the risks associated with the use of liquidity pools (supra, N 26 ff.).

The issue is of a general nature: the existing legal framework is ill-suited to apprehend the realities of the DeFi ecosystem.[93] Indeed, the attempt to make a transnational, decentralised system fit into a domestic legal framework that was obviously conceived under very different technological circumstances is doomed to fail. In the words of Peter Van Valkenburgh, "referring to 'DEXs' as a category of things that exist in the world (rather than actions) does the entire technology a disservice: it wrongly portrays software tools as persons or businesses with agency and legal obligations. Corporations and persons - legal or natural - definitely have agency and obligations; software tools do not. Corporations and persons can be held responsible for their actions; software tools cannot."[94]

While this observation does not necessarily call for legislative action,[95], the legislator could develop a set of rules that would specifically apply to the DeFi ecosystem. For the time being, however, if a dispute arises between any of the stakeholders, the current legal framework would have to be applied despite its inappropriateness.

2. The Difficulties of Law Enforcement in DeFi

The phrase 'code is law', which appears to have its origin in Lawrence Lessing's book 'Code and other laws of the cyberspace', has existed for more than 20 years.[96] However, a literal understanding of the phrase" - i.e., that computer code has the same normative value as laws passed by the competent body" - finds little support in legal scholarship.[97] Law and technology are two different analytical realms.[98] Only the law's realm, i.e., actions of legislators and decisions by courts, can decide to what extent its own digitalisation is permissible.[99] Regarding the 'legal' nature of code, legal scholars do not refer to the normative character of the computer code but rather to the fact that this code can, just like the rules of law, influence human behaviour. Samer Hassan and Primavera De Filippi rightly pointed out that legal rules stipulate what people shall or shall not do, whereas technical rules determine what people can or cannot do in the first place.[100]

In fact, code takes all its importance and is de facto the only relevant realm in situations where law cannot be enforced. When law enforcement is burdensome or even impossible, participants (e.g., Traders or LPs) or state bodies (e.g., criminal authorities) will often refrain from taking relevant law enforcement steps. This is particularly true in DeFi, for the following reasons:

  1. Multiple, mostly pseudonymous participants. As discussed at the outset, liquidity pools require the involvement of at least the following categories of participants: DEX Operators, LPs, and Traders. However, there are often additional relevant parties, such as developers of the smart contracts, issuers of cryptocurrencies, oracles, blockchain developers on which the DeFi protocol operates, etc. In general, all stakeholders - except DEX Operator, which may be an incorporated entity (supra, N 15) - are interacting in a pseudonymous way. Thus, for example, it does not appear when reading the public distributed ledger that Jane Doe, with domicile in New York, USA, but that the address 0x163B8837CA436A3eD7CE88603BC0bC82442396ze (without apparent link to Jane Doe) added liquidity to the liquidity pool. It is striking that the use of multiple pseudonymous participants is a significant barrier to law enforcement. In particular, it may make it particularly difficult to determine jurisdiction and applicable law. Moreover, apart from the terms of service of DEX Operators, no contractual documentation with a choice of law and jurisdiction is available.
  2. Irreversible transactions. One important feature of blockchain operations is their immutability: Such operations cannot be reversed. Let's imagine that an LP provided liquidity by mistake. From a legal perspective, it may be in a position to invalidate this operation.[101] In the DeFi world, however, it would be impossible to reverse the performed operations, such as the deposit of cryptocurrencies in exchange for LP tokens at a determined exchange rate.

3. Possible Legislative Action

As mentioned (supra, N 26 ff.), Traders and LPs already have possibilities to reduce their risk or obtain reparation, such as using protocols audited by third parties, using various protocols or concluding an insurance plan. If such possibilities are not considered to be sufficient, legislative action should be taken. Two approaches may be considered:

  1. First, legislators may envisage subjecting the activities related to DeFi to strict conditions (e.g., an authorisation procedure similar to a CEX) or even prohibit them. In our opinion, this approach is not appropriate. Indeed, the particularity of DeFi is that it allows the different stakeholders to act from wherever they want and in a pseudonymous way. A national ban on activities related to DeFi or a rigid regulation would likely result in the relocation of actors to other countries where activities are not (or less) subject to scrutiny. Hence, this approach would not result in better protection for Traders and LPs.
  2. Second, strict compulsory liability (not based on fault) of stakeholders who benefit from DeFi activities may be introduced, i.e., in particular, DEX Operators. This would remedy the unsatisfactory situation under current law, where the conditions for liability, especially a faulty breach of contract or a faulty tortious act, are hardly ever fulfilled. Such mechanism could have a reparatory role in case of losses related to the use of DeFi (e.g., vulnerable smart contract), but also a preventive role (DEX Operators would have a real incentive to prevent risks related to DeFi). These rules would be more efficient if the possibility that the DEX Operators exclude their liability contractually is limited (supra, N 35 f.).


[1] The Block from 23 December 2021 (Decentralized exchanges saw over $1 trillion in trading volume this year); Nansen from 29 December 2022 (DeFi Statistics); The Block, DeFi Exchange.

[2] See, e.g., Jamie Kim, Regulation of Decentralized Systems: A Study of Uniswap, Harvard Journal of Law and Technology 2021, p. 335; Claude Humbel, Decentralized Finance: A new frontier of global financial markets regulation, GesKR 2022, p. 9 ff.

[3] Thierry Foucault / Marco Pagano / Ailsa Röell, Market Liquidity: Theory, Evidence, and Policy, 2nd edit., New York 2023, p. 17 ff.; Deniz Ozenbas / Michael S. Pagano / Robert A. Schwartz / Bruce W. Weber, Liquidity, Markets and Trading in Action: An Interdisciplinary Perspective, Montclair et al. 2022, p. 32 ff. (distinguishing between continuous order-driven markets, periodic order-driven markets, and continuous dealer markets).

[4] Foucault/Pagano/Röell (n. 3), p 31 ff.; Ozenbas/Pagano/Schwartz/Weber (n. 3), p. 34.

[5] Foucault/Pagano/Röell (n. 3), p. 17 f.; Ozenbas/Pagano/Schwartz/Weber (n. 3), p. 32.

[6] Foucault/Pagano/Röell (n. 3), p. 18; Ozenbas/Pagano/Schwartz/Weber (n. 3), p. 32.

[7] Foucault/Pagano/Röell (n. 3), p. 18; Ozenbas/Pagano/Schwartz/Weber (n. 3), p. 24.

[8] Foucault/Pagano/Röell (n. 3), p. 18 f.

[9] Foucault/Pagano/Röell (n. 3), p. 18 f.; Ozenbas/Pagano/Schwartz/Weber (n. 3), p. 32.

[10] Foucault/Pagano/Röell (n. 3), p. 21.

[11] Foucault/Pagano/Röell (n. 3), p. 21.

[12] Ozenbas/Pagano/Schwartz/Weber (n. 3), p. 24.

[13] 300 shares at USD 50.45 and 200 at USD 50.48.

[14] Foucault/Pagano/Röell (n. 3), p. 27; Ozenbas/Pagano/Schwartz/Weber (n. 3), p. 33 f.

[15] Ozenbas/Pagano/Schwartz/Weber (n. 3), p. 24 f.

[16] Foucault/Pagano/Röell (n. 3), p. 28.

[17] In case such information is not displayed to market participants, prospective buyers and sellers have no choice but to contact dealers in order to inquire as to the price of an order. While metrics provided by companies such as Bloomberg or Thompson Reuters are useful, such information is not binding on the dealers.

[18] 50.45 × 300 + 50.48 × 200.

[19] 50.40 × 200+50.36 × 100 + 50.32 × 200.

[20] Ozenbas/Pagano/Schwartz/Weber (n. 3), p. 30.

[21] USD 50.45 - USD 50.40.

[22] Ozenbas/Pagano/Schwartz/Weber (n. 3), p. 24.

[23] Foucault/Pagano/Röell (n. 3), p. 21; Ozenbas/Pagano/Schwartz/Weber (n. 3), p. 24.

[24] Ozenbas/Pagano/Schwartz/Weber (n. 3), p. 88.

[25] For information concerning market-making and liquidity provisioning on the Eurex Exchange (incl. a list of market makers), see Eurex, Market-Making and Liquidity provisioning.

[26] In the U.S.: see, e.g., Exchange Act Rule 11Ac1-1, 17 C.F.R. § 240.11Ac1-1. In France: AMF decision no. 2018-01 of 2 July 2018 establishing liquidity contracts on equity securities as accepted market practice (the AMF Decision) and all other provisions referred to therein. In Switzerland: Art. 41 FinIA (Federal Act on Financial Institutions of 15 June 2018 [Financial Institutions Act, FinIA; SR 954.1]).

[28] USD Coin or USDC is one of the world's most prominent stablecoin, i.e., a coin pegged to a fiat currency (in the case of the USDC, the United States dollar).

[29] Ethereum or ETH is the world's second largest cryptocurrency by market capitalization.

[30] Uniswap, Pools.

[31] Stuart Levi / Alex Lipton / Cristina Vasile, Legal issues surrounding the use of smart contract, in: Dewey (ed.), Blockchain & Cryptocurrency Regulation, 2nd edit., London 2020, p. 155.

[32] Uniswap v3 departs from the constant product market maker formula. Arguing that such a formula is inefficient, the drafters of the Uniswap v3 White Paper introduced the concept of "concentrated liquidity", under which LPs can concentrate their liquidity to arbitrary price ranges instead of having to provide liquidity across the entire price range in accordance with the constant product market maker formula. Hayden Adams et al., Uniswap v3 Core, March 2021.

[33] Timo Frick, Das liechtensteinische Tokendarlehensunternehmen, AJP 2023, p. 952.

[34] Uniswap, Pools.

[35] See supra, Adams et al. (n. 32).

[36] But see Lioba Heimbach / Ye Wang / Roger Wattenhof, Behavior of Liquidity Providers in Decentralized Exchanges, 2021.

[38] David Meirich, Regulatorische Einordnung von Decentralized Finance, Zurich 2023, p. 114 f., n. 394.

[39] Meirich (n. 38), p. 395, n. 396.

[40] Because the fee is added to the reserves x and y, each trade increases k. Uniswap, How Uniswap works.

[41] See Adams et al. (n. 32), at p. 3 (noting that the flat fee was too high for pools including two stablecoins and too low for pools of highly volatile tokens). The collapse of Terra USD a few months ago, however, shows that coins described and widely understood as "stablecoins" may not be as stable as previously assumed. See, e.g., Euronews from 25 May 2022 (Terra Luna crash: What are 'stablecoins' and how stable are they really?).

[42] See Adams et al. (n. 32), p. 3.

[43] While the fees were directly added to the reserves in the pool under Uniswap v2, fees are "held by the pool as individual tokens" in v3. See Adams et al. (n. 32), p. 3.

[44] Heimbach/Wang/Wattenhof (n. 36).

[45] Heimbach/Wang/Wattenhof (n. 36).

[46] Uniswap Labs Blog, A short history of Uniswap.

[47] Peter Van Valkenburgh, There's no such thing as a decentralized exchange, coincenter.org from 3 Octobre 2020.

[48] Kim (n. 2), fn. 74 and fn. 94.

[50] Liam J. Kelly, Uniswap's Growth Pushes DeFi to 3 Million Total Users, Decrypt from 27 July 2021.

[51] Kim (n. 2), p. 342 f. and p. 346 f.

[53] Heimbach/Wang/Wattenhof (n. 36), showing that more than half of the liquidity in popular pools on Uniswap v2 is provided by LPs who only contribute to one liquidity pool, indicating that "DEXes are not controlled by oligopoly and professional market makers".

[56] Regarding contract formation in a smart contract environment, see generally Florian Möslein, Smart Contracts im Zivil- und Handelsrecht, ZHR 2019, p. 270 ff.; Rolf H. Weber, Smart Contracts: Vertrags- und verfügungsrechtlicher Regelungsbedarf, sic! 2018, p. 293 ff.

[57] Weber (n. 56), p. 293 ff.

[61] Under Swiss law, such statutory provisions are found in Art. 472 ff. CO (Swiss Code of Obligations, Federal Act on the Amendment of the Swiss Civil Code [Part Five: The Code of Obligations] of 30 March 1911 [CO; SR 220]).

[62] See Art. 363 ff. CO (contract for work and services) and Art. 394 ff. CO (agency contract).

[63] BGE 127 III 328 consid. 2; David Oser / Rolf H. Weber, in: Widmer Lüchinger/Oser (eds.), Basler Kommentar, Obligationenrecht I, 7th edit., Basel 2019, Art. 394 N 28; Franz Werro, in: Thévenoz/Werro (eds.), Commentaire romand, Code des Obligations I, 3rd edit., Basel 2021, Art. 394 N 5 (cit. CR CO-Author).

[64] Decision of the Swiss Federal Supreme Court 4A_305/2021 from 2 November 2021 consid. 4.1; Decision of the Zurich Commercial Court HG200001-O from 22 April 2021 consid. 2.2.

[65] Art. 17(3)(b) and Art. 48(2) Directive 2014/65/EU (Directive 2014/65/EU (MiFID II) of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU (recast) [Directive 2014/65/EU]). Art. 4(7) of Directive 2014/65/EU defines a "market maker" as "a person who holds himself out on the financial markets continuously as being willing to deal on own account by buying and selling financial instruments against that person's proprietary capital at prices defined by that person".

[66] Art. 2 Regulation 2017/578 (Commision Delegated Regulation (EU) 2017/578 of 13 June 2016 supplementing Directive 2014/65/EU of the European Parliament and of the Council on markets in financial instruments with regard to regulatory technical standards specifying the requirements on market making agreements and schemes [Regulation 2017/578]).

[67] Uniswap, Uniswap Labs Terms of Service. These Terms of Service apparently apply to both Traders and the LPs.

[68] See, e.g., CR CO-Chaix, Art. 363 N 45.

[69] Under Swiss law, the relevant provision would be Art. 101 CO. See, e.g., CR CO-Thévenoz, Art. 101.

[70] Meirich (n. 38), p. 301, n. 1097; Kraken, What are liquidity provider (LP) tokens?.

[72] Fabian Schär, Decentralized Finance: On Blockchain- and Smart Contract-Based Financial Markets, Federal Reserve Bank of St. Louis Review 2021, p. 170.

[73] Schär (n. 72), p. 170.

[74] Frick (n. 33), p. 952.

[76] Schär (n. 72), p. 170.

[77] See Tarik Roukny, Decentralized Finance: information frictions and public policies, Approaching the regulation and supervision of decentralized finance, Report for the European Commission, Brussels 2022, p. 35 Table 6 (introducing a taxonomy of relevant risks in decentralized finance).

[78] Art. 97 CO. CR CO-Thévenoz, Art. 97.

[80] In Switzerland, there is a legal presumption that the party who breached the contract is at fault. However, said party remains free to prove that this wasn't the case.

[81] CR CO-Werro/Perritaz, Art. 41 N 56.

[82] CR CO-Werro/Perritaz, Art. 41 N 57.

[83] Luigi Buonanno, Civil Liability in the Era of New Technology: The Influence of Blockchain, Bocconi Legal Studies 2019, Research Paper No. 3454532, p. 8 f. (arguing that there is a need for legislative action with respect to civil liability of providers).

[85] Hacking is considered a tortious act according to Art. 143 ff. SCC (Swiss Criminal Code of 21 December 1937 [SCC; SR 311.0]). See Mark Spas, Phénomènes cybercriminels, Descriptions et réponses juridiques, Jusletter 10 November 2014, N 21.

[88] See Buonanno (n. 83), p. 11.

[89] The regime is even stricter if the contractual partner is considered to be in a "dependent relationship" with the author of the limitation of liability clause, a hypothesis that does not apply here.

[90] Federal Act on Unfair Competition of 19 December 1986 (Unfair Competition Act, UCA; SR 241).

[92] If smart contract developers and LPs are considered vicarious agents, liability for acts of such agents can generally be limited. Indeed, the only general restriction that applies to the ability to limit liability under contract law pertains to situations in which the contractual partner is considered to be in a "dependent relationship" with the author of the limitation of liability clause, which is not the case with smart contract developers and LPs. See Art. 101 para. 2 and para. 3 CO.

[93] Humbel (n. 2), p. 18.

[94] Van Valkenburgh (n. 47). But see Lukas Müller / Reto Seiler, Smart Contracts aus Sicht des Vertragsrechts, AJP 2019, p. 328.

[95] On this question, see Möslein (n. 56), p. 274.

[96] See Lawrence Lessig, Code And Other Laws of Cyberspace, New York1999; Lawrence Lessig, Code Is Law, Harvard Magazine 1 January 2000.

[97] See Buonanno (n. 83), p. 6 ("Ultimately, the hard fork attests to reality being different from what is commonly advertised: blockchain does not bypass all meddling humans and code is not law").

[98] Jan Oster, Code is code and law is law - the law of digitalization and the digitalization of law, International Journal of Law and Information Technology 2021, p. 115.

[99] Oster (n. 98), p. 114.

[100] Samer Hassan / Primavera De Filippi, The Expansion of Algorithmic Governance: From Code is Law to Law is Code, Actions Science Reports - The journal of field actions 2017, p. 89.

[101] Regarding the defects in consent under Swiss law, see Art. 23 ff. CO.

Dieses Werk ist lizensiert unter CC BY-SA 4.0