Unlloo Public Beta (Sepolia Testnet) →

Navigate

Join CommunityOpen App
Back to all posts

Building over‑collateralizedunder‑collateralized loans: key insights.

Field notes on designing under‑collateralized loans in DeFi - strategies, lessons, and key insights from building reputation-backed credit systems.

The Unlloo TeamMay 4, 2026~14 min read

TL;DR. Today's DeFi lending markets only serve borrowers who are already capitalized. Unlloo is a reputation-backed protocol for under-collateralized loans in DeFi - combining on-chain credit scoring, identity primitives, and (later) organizational guarantors so credit can reach borrowers who don't already hold 200% of the loan amount in spare collateral. This post is what we learned designing it.

The Absurd Thing About DeFi Lending

DeFi lending is a $40B+ market. It runs on one rule:

To borrow $1, you must first lock up $1.50 to $2.00.

Think about that for a second. The people who most need credit are the ones without a spare 200% of the loan amount sitting around. TradFi figured this out 400 years ago: credit, by definition, is borrowing what you don't already have.

Yet in DeFi we handed credit back to the already-capitalized. The $5T+ traditional unsecured credit market - credit cards, personal loans, SME working capital - has no meaningful on-chain equivalent.

How Aave Works: The Over‑Collateralization Problem Aave Model You deposit $2.00 collateral You can borrow $1.00 maximum Only 50% of your capital can actually be used The Problem You must be rich Only people with $2k+ can access $1k loans Liquidation risk Collateral drops 30%? You get liquidated instantly Excludes 95% of users Credit cards exist for a reason - most people don't have spare capital
Fig 01 - Over‑collateralization works for assets, not people. This is why Unlloo exists.

We started Unlloo at ETHGlobal Prague with a one-line idea:

Over-collateralized loans are useful, but you need money to borrow money, which does not make sense. So let's offer loans without collateral.

We didn't win the hackathon. We kept building anyway. This post is what we learned.

Why "Just Give Loans Without Collateral" Is Harder Than It Sounds

Smart contracts can't do three things that traditional lenders rely on:

  1. They can't call the bailiff. No court order, no wage garnishment, no debt collector showing up at your door.
  2. They can't pull your FICO score. No credit bureau data, no employment history, no income verification.
  3. They can't verify you're real. A wallet could be you, your cat, or a bot farm.

For a decade, this is why DeFi lending stayed overcollateralized. Liquidation thresholds were the only enforcement mechanism that worked in a trustless environment. The trade-off was scale: you locked out every borrower who didn't already have capital.

The question we asked ourselves: what changed in 2025 that makes this solvable now?

Why Now

Four things matured roughly in parallel:

PrimitiveState in 2021State in 2026
On-chain behavior graph4 years of Ethereum data10+ years · cross-chain · billions of tx
ZK identity & DIDsAcademic papersProduction zk-proofs · income · jurisdiction · uniqueness
Proof-of-personhoodTrust usWorld ID · Human Passport · ZKPassport
Reputation infrastructureDidn't existHuman Passport · Webacy · Talent Protocol · Zeru Finance · Ethos

A decade of public, append-only blockchain history has turned the average wallet into one of the richest behavioral datasets ever available to a lender. For any given address, we can extract structured signals that map directly onto the same risk dimensions traditional underwriters have used for decades - repayment history, income stability, leverage, and identity coherence:

  • Lending discipline - across Aave, Compound, and Morpho, has the borrower ever approached liquidation? When they did, did they top up collateral, deleverage in time, or get liquidated? On-chain repayment behavior is observable to the basis point and is a direct analog of FICO payment history.
  • Risk appetite - on perps venues like Hyperliquid, GMX, and dYdX, are they running 100x leverage with frequent stop-outs, or sizing 2–3x positions with disciplined risk management? Volatility tolerance is a robust predictor of default behavior under stress.
  • Cash-flow pattern - do inflows resemble payroll (regular cadence, similar amounts, recurring counterparties), DAO contributor compensation, sustained trading P&L, or one-off speculative wins? Income stability is the single largest factor in unsecured credit underwriting.
  • Cross-chain consistency - does the same identity behave coherently across Ethereum, Arbitrum, Base, and Optimism, or does the activity profile fragment in ways that suggest sybil behavior or a freshly-minted wallet trying to look established?
  • Tenure and density - an eight-year-old wallet with 4,000 transactions spanning DeFi, governance, and NFTs is a fundamentally different credit subject than a two-week-old wallet with 40 transactions and a single CEX off-ramp. Age and breadth compound into trust the same way a long credit file does in TradFi.

Three years ago, none of these signals could be extracted reliably at scale. The raw data was on-chain, but the indexers, identity primitives, and modeling tooling weren't there yet. Today, every one of them can be queried, normalized, and fed into a real-time risk model.

The missing-data problem became a risk-modeling problem. That's a solvable problem.

The Spectrum: Four Ways to Structure Under‑Collateralized Lending

Over the last year we mapped out every approach we could find in the wild and every one we could invent. They land somewhere on a spectrum between "pure DeFi" and "DeFi-flavored fintech":

Four Structures for Under‑Collateralized Lending ↑ Pure Crypto · Permissionless ↓ Legal · Human‑in‑Loop Retail ← → Institutional 4. Group Lending Joint liability across a borrower group Social pressure = enforcement Microfinance model, on-chain 2. B2C - Automated Reputation score gates credit lines on-chain Fully permissionless Highest model complexity 1. B2C - Admin‑Gated Reputation + human underwriter review Allowlist / invite-only Lowest fraud, modest scale 3. B2B2C - Guarantor Org / DAO underwrites a wallet cohort Legal contracts at the org tier Risk segmented by guarantor
Fig 02 - Each structure trades off enforcement mechanism (vertical) against the borrower segment it can serve (horizontal).

1. B2C - Admin-Gated

The simplest entry point. Capital flows directly from a pool to individual wallets, but only to borrowers who have been pre-vetted - an allowlist, invite-only access, or a manually approved address set. Creditworthiness comes from reputation signals validated by a human underwriter rather than collateral.

Strengths: Lowest fraud surface area, predictable default behavior, and an easy way to bootstrap a lending book - you start with a small known cohort and expand on evidence.

Trade-offs: Manual review caps growth. Every new borrower is an operational touchpoint, which makes this the right shape for an initial launch but not for a scaled product.

2. B2C - Automated

The same direct-to-wallet structure, but the gate is fully on-chain. A reputation score, identity primitives (proof-of-personhood, zk income proofs, jurisdiction attestations) and off-chain legal hooks that trigger only on default replace the human underwriter. Pseudonymity is preserved for borrowers who repay; identity is unwrapped only if they default.

Strengths: Permissionless, scales without operational overhead, fully crypto-native UX.

Trade-offs: Highest model complexity. Sybil resistance, scoring accuracy, and regulatory exposure all need to be solved before the gate can open. This is a destination, not a starting point.

3. B2B2C - Guarantor Model

The end borrower is not the primary bearer of default risk. An organization stands behind a defined cohort of wallets and absorbs the first-loss tranche:

  • An employer vouching for its employees
  • A university vouching for its students
  • A DAO vouching for its contributors
  • A protocol treasury covering its own ecosystem
  • A crypto-native organization with a vested member base
  • A network state or solarpunk community vouching for its citizens or members

The guarantor is contracted, and commits to covering shortfalls for the wallets it sponsors. Enforcement runs through them - and unlike a smart contract, they already have social and legal leverage over their own people.

Liquidity is naturally segmented by guarantor, so lenders can pick their exposure precisely: "I trust Organization X more than Organization Y, I'll lend against X's pool only."

Strengths: Real enforcement, real underwriting, and growth that scales linearly with guarantor adoption.

Trade-offs: Pace of growth depends on closing organizational deals, not on retail product velocity.

4. Group Lending

Repayment risk is distributed across a small group of people who already know each other. Two concrete patterns work well on-chain - they look very different in capital flow, but they share the same enforcement insight: when default lands on the wallets of people connected to the borrower's real life, repayment rates rise.

Two Group Lending Patterns PATTERN 4a · POOL → GROUP POOL $5,000 $5,000 single loan JOINT LIABILITY One loan, five borrowers. All members share full repayment responsibility. PATTERN 4b · CROWD-SOURCED LOAN F F F S S S $1,000 rep score · 870 6-month term Friends Strangers Many small lenders fund one borrower. Friends bring social leverage - strangers price reputation.
Fig 03 - On the left, the protocol is the lender. On the right, the borrower's network is the lender.

4a. Pool → Group (collective liability)

A protocol issues a single loan to a group of borrowers - typically three to seven people - and every member is jointly responsible for the full repayment. If one stops paying, the others absorb the shortfall. The pattern fits naturally with shared-economy use cases where the underlying expense is already collective:

  • A co-living house borrowing to renovate its shared garden or kitchen
  • A group of housemates financing a shared car or appliance
  • Friends pooling credit so one of them can launch a company they'll all benefit from

Because the people on the hook know each other personally, the social cost of default is high - and that, not legal recourse, is what underwrites the loan.

4b. Crowd-Sourced Individual Loan

An individual publishes a loan request - e.g. "$1,000 for six months at X% APR" - and shares it with their network. Friends, family, and acquaintances lend in small increments. Strangers on the internet can join too, deciding entirely on the borrower's on-chain reputation as published in the request. Once the request is fully funded, the borrower receives the money; repayments flow back proportionally to each lender.

The enforcement model is layered. Strangers price in default risk and rely on reputation slashing. The borrower's actual friends, on the other hand, have something a smart contract never will: they know where the borrower lives and can knock on the door.

The mechanism is well-understood from microfinance: when default lands on the wallets of people who actually know each other, repayment rates rise significantly. The on-chain version needs robust proof-of-personhood to prevent sybil groups - one person operating multiple wallets to simulate a real cohort and walk away with the pool. As covered earlier in Why Now, that primitive already exists in production today: World ID, Human Passport, and ZKPassport make this a solved problem rather than a theoretical blocker.

Strengths: Strong repayment incentives without legal infrastructure. Works in markets where formal credit doesn't exist, and aligns naturally with use cases where the expense is genuinely shared.

Trade-offs: Coordination costs are high, group sizes stay small, and total loan volume per group is bounded by the smallest member's risk tolerance.

Where Unlloo Lands

We shipped the smallest thing that could actually work, then expanded.

Unlloo Architecture - Two Phases Phase 1 - Lite Lenders deposit USDC · earn yield LIQUIDITY POOL Supply-index accounting Admin approval Borrower reputation ≥ 600 + interest Small cohort · Trusted borrowers · Human-reviewed Phase 2 - B2B2C Guarantor Lenders pick a pool by risk appetite Pool A Pool B Pool C GUARANTORS Employer · DAO · University Members Group A Members Group B Members Group C Default? → Guarantor covers shortfall Yield split: Lender / Protocol / Guarantor
Fig 03 - Lite (left) bootstraps trust. B2B2C (right) scales it by outsourcing enforcement to organizations that already have it.

Phase 1: Lite Version - Reputation‑Only, Admin‑Approved

Bootstrap version. Borrowers are pre-vetted, lenders deposit stablecoins, on-chain reputation gates access. Human underwriter makes the final call on new borrowers. This version is intentionally simple. No complex risk modeling, no formal guarantor infrastructure, just a tight cohort of known borrowers and a single pool.

  • Borrowers: known, trusted, and pre-vetted by a human underwriter
  • Reputation score (0–1000) computed from multi‑chain wallet data - lending history, risk profile, transaction patterns
  • Lenders: deposit stablecoins, earn pro-rata interest and a share of origination fees
  • No collateral. No liquidation. No forced unwinds. Volatility doesn't crash the protocol.
  • Early repayment: borrowers repay early at any time and only pay interest for the time they held the loan
This is the boring version - and it's supposed to be. We are not going to learn what real default rates look like by over-engineering on day one.

Phase 2: B2B2C Guarantor Model

Scaling version. Organizations become guarantors. They post legal guarantees backing specific borrower cohorts, operate their own lending pools with their own risk parameters, and earn yield in exchange for absorbing first-loss defaults. Lenders choose which organizations they trust and pick a pool accordingly. Borrowers inherit the trust of the organization that vouches for them.

Guarantors commit to three things:

  1. Post legal guarantees to cover defaults for a defined set of wallets
  2. Operate independent lending pools with their own risk models and fee structures
  3. Absorb tail risk in exchange for a share of interest and origination yield

Borrowers no longer need strong individual reputation - they need a guarantor who trusts them (though Unlloo still provides an overview of the borrower's wallet reputation). Lenders no longer need to evaluate thousands of individual borrowers - they evaluate a handful of organizations. The enforcement mechanism shifts from "code is law" to the legal and social leverage the guarantor already has over their members.

This scales because it solves the one constraint pure on-chain reputation can't: legal enforceability with counterparties who already know each other.

How the Reputation Score Actually Works

This is where most "reputation protocols" wave their hands. Here is what we actually do.

Reputation Score - 0 to 1000 60% · Third-Party Aggregate Human Passport Talent Protocol Zeru Finance Webacy Ethos Redundancy: if any source fails, weights re-balance automatically. 40% · Multi-Chain Via Blockscout APIs ETH · Arbitrum · Base · Avax · OP Tx history Financial Reliability DeFi engagement reputation = 0.60 × third_party + 0.40 × custom → score ∈ [0, 1000] → eligibility + rate tier
Fig 04 - Two sources, one score. Either can fail and the system still works.

Third-party aggregate (60% weight) - pulled from the reputation protocols that already exist: Human Passport, Webacy, Talent Protocol, Zeru Finance, and Ethos. We aggregate because any single source can fail or be gamed. The 60/40 split with the custom layer is redundancy, not decoration.

Custom multi-chain analysis (40% weight) - via Blockscout APIs across Ethereum, Arbitrum, Base, Avalanche, Optimism. Four dimensions:

  1. Transaction history - volume, frequency, counterparty diversity, tenure
  2. Financial metrics - realized P&L patterns, inflow/outflow ratios, stable vs volatile asset exposure
  3. Reliability indicators - historical health factors on Aave/Compound, liquidation history, loan repayment patterns
  4. DeFi engagement - protocol diversity, legitimate yield farming vs. wash activity

Graceful degradation is non-negotiable. If a third-party provider is down, weights re-balance. If Blockscout can't reach one chain, we proceed with the others. Nothing blocks a legitimate borrower because one API is flaky.

The Interest Rate Model

Piecewise linear utilization curve. Standard DeFi primitive, tuned for our risk profile:

Utilization-Based Interest Rate Curve 0% 15% 30% 45% 60% 0% 25% 50% 75% 80% 100% Pool Utilization (borrowed / supplied) Borrow APR min 5% APR KINK @ 80% max 50% APR → Attract borrowers zone Pull LPs back
Fig 05 - Rates climb sharply past 80% utilization to pull LP capital in and push marginal borrowers out.

Behavior:

  • Below 80% utilization - rates stay low and attractive to borrowers
  • Above 80% utilization - rates climb sharply to pull LP capital in and push marginal borrowers out
  • Locked at borrow time - once you draw, your rate doesn't change even if the pool's does

Early-repayment math: you pay interest only for the time you held the loan. Partial repayments go to interest first, then principal. No prepayment penalty. This is a design choice that costs us some yield predictability but aligns incentives correctly: we want borrowers to repay, not to be trapped into paying for time they didn't need.

What We Got Wrong

A partial list, in the spirit of honesty:

  • Overestimated how fast reputation data would feel "trustworthy" to lenders. LPs want default data, and default data requires loans, and loans require LPs. Bootstrap is hard. We solved this by keeping Lite very small and human-gated.
  • Underestimated legal complexity. "Add a legal wrapper" is three words that hide a few months of work per jurisdiction.
  • Thought pure automation would be market-ready immediately. It won't be. The B2B2C layer with human guarantors is almost certainly the right scaling vector for 2026–2027.
  • Thought we could skip KYC entirely. We can for the happy path. We cannot for the default path. The right answer is conditional KYC: pseudonymity if you repay, identity revealed if you don't.

What's Next

The roadmap below tracks the actual sequence we're shipping - from where the protocol is today to the model we're building toward.

  1. Live on testnet. The Lite Version is currently deployed and running end-to-end on testnet - supply, reputation-gated borrow, repayment, and lender yield distribution are all working against test stablecoins. We're using this phase to harden the contracts, exercise the admin-approval flow, and tune the rate curve before any real capital is at risk.
  2. Mainnet launch - Lite Version. Next milestone: deploy to mainnet with initial liquidity seeding and a small, pre-vetted cohort of borrowers. The goal isn't volume; it's collecting our first real signal on default behavior, repayment discipline, and how the reputation score actually predicts loss when capital is on the line.
  3. B2B2C Guarantor Model. Once Lite has produced enough loan data to validate the underwriting assumptions, we ship the guarantor architecture: organization-backed pools with legal guarantees and segmented risk. First guarantor onboarding starts in parallel with the mainnet hardening period so the rails are ready when the model goes live.
  4. Group lending - in active development. The two patterns described in Group Lending above (pool → group, and crowd-sourced individual loan) are currently being built. They share a lot of primitives with the guarantor model - pool segmentation, joint-liability accounting, sybil-resistant identity - so they ship soon after the guarantor pools stabilize.

The Bigger Thesis

If this works, reputation becomes the primary credit primitive in DeFi, and collateral becomes one tool among several instead of the only one.

That's a big "if." We are not claiming it's done. We are claiming the infrastructure is finally there, the market is huge, and the design space is wide enough for more than one winner.

We spent a year finding out which parts of this idea can survive contact with reality. We believe most of them can.

Want a reputation-backed loan - with zero collateral?

Reputation matters. Build yours on Unlloo.

Open App Join Community