1/ What are the risks when you deposit your funds into a non-custodial, decentralized money market?

Well let's dig into it my frens

Below I will detail the major risks and mitigations deployed by both @AaveAave and @CompoundFinance

2/ Liquidation risk

This only applies if you are borrowing against your deposited funds

Not every token can be used as collateral, but those can, can be liquidated if the collateral drops in value and/or the debt rises in value past a certain point

Liquidations incur a penalty

3/ Aave:
Liquidation penalty ranges from 5-15%, liquidation threshold ranges from 40-85% LTV
(Info from docs)

Compound:
Liquidation penalty 4.76%? Liquidation threshold ranges from 40-70% LTV
(No docs on this, comes from 2019 security audit and third parties)

+1 Aave

4/ Oracle risk (price feeds)

Oracles determine the monetary value of all assets within the money market, including collateral and debt

It determines when a user should have their loan liquidated

If the oracles deliver false values, the entire protocol can become insolvent

5/ Aave:
Uses @Chainlink's decentralized oracles which pull from multiple data aggregators
(Info from docs)

Compound:
Uses a centralized oracle controlled by team, moving to new flawed OOS, see linked thread
(No docs on current oracle, only OOS)

+1 Aave
https://twitter.com/ChainLinkGod/status/1285752206637948928

6/ Smart contract bugs

This one is largely unavoidable for any software, but it can be mitigated through solid development practices, security audits, and formal verification

The longer a protocol is live without a bug exploit, the more likely the protocol is secure

7/ Aave:
Three security audits on the protocol and a bug bounty

Compound:
Four security audits on the protocol, five security audits on peripheral components, formal verification, economic review, and a bug bounty

+1 Compound

8/ Collateral risk

A money market protocol is only as strong as its weakest collateral

A token allowed to be used as collateral is much risker than a token which can only be borrowed

A weak collateral can drain the entire system of all funds
(see: http://LendF.me )

9/ Aave:
Holistic risk framework for its 19 supported tokens, very transparent on parameters and process
(Info on http://docs.aave.com/risk/ )

Compound:
Very opaque onboarding and no public risk framework for its 9 supported tokens
(No info on collateral risk in docs)

+1 Aave

10/ Governance/admin key risk

DeFi is a spectrum of decentralization as many protocol like money markets need parameter changes over time

This includes updates, upgrades, bug fixes, new assets, removed assets, new price feeds, LTV changes, and any other configurable parameter

11/ Aave:
Managed by a 3-of-5 multisig controlled by the team, will move to a DAO run by $LEND token holders
(Info on site and third party)

Compound:
Used to have an admin key, now controlled by a DAO run by $COMP token holders, captured by VCs
(Info in docs)

+1 Compound

12/ Through the above, you can the determine for yourself which protocol you feel comfortable using

IMHO, you should never trust @CompoundFinance due to their unprofessionalism, reckless attitude towards security, and opquenes where uncomfortable questions are hidden

13/ @AaveAave is not only extremely professional, diligent about maintaining protocol security, and highly transparent...

But they are constant innovators with their multi-market design, unique collateral types, 1:1 aTokens, flash loans, credit delegation, and so much more