Opinion by Merlin Egalite, co-founder of Morpho Labs.

There is a great irony in crypto: it was designed to be "trustless," but trust and longevity for brands often play a major role in where users decide to allocate and use their crypto. So it's no surprise that the Lindy Effect is a concept often discussed in the DeFi space.

But it's applied inconsistently, sometimes to the companies or brands and sometimes to the code of a protocol. It's worth unpacking how the Lindy Effect can be applied to both and what users should look for when assessing their product options.

What is the Lindy Effect?

The Lindy Effect tells us that the longer a non-perishable good — ideas, technologies, or cultural phenomena — has survived, the longer it is expected to last. If something has defied the test of time, it will likely continue to do so.

The theory was first coined by Albert Goldman in 1964 in an article called Lindy’s Law and applied to comedians:

“The life expectancy of a television comedian is proportional to the total amount of his exposure on the medium.”

The concept spread mainly through Nassim Nicholas Taleb's book, Antifragile, and was extended to any type of entities that were nonperishable.

Applying the Lindy Effect to DeFi protocols

Immutable DeFi protocols are obviously nonperishable goods so the Lindy Effect must apply. It can be translated into the following: 

The longer a protocol operates without a major exploit, the more likely it is to stay secure in the future.

Protocols like Uniswap v1, launched in November 2018, or v2, launched in 2020, have been running without any significant vulnerabilities since. Hence, they are prime examples of this concept. Users expect these protocols to continue functioning smoothly, with minimal risk of exploitation.

Related: Centralized stablecoins may pose risk to DeFi — Curve Finance founder

However, this idea isn’t as straightforward when applied to upgradeable protocols like Aave, Compound, or Lido. These protocols are frequently updated to enhance performance, add features, or fix security issues, which complicates matters. This leads us to an important distinction between immutable and upgradeable protocols in the context of the Lindy Effect.

The Lindy Effect is pretty easy to grasp (X)

The flaw in applying the Lindy Effect to upgradeable protocols

In the case of upgradeable protocols, every time a major upgrade or patch is applied, the code changes. Just like in Theseus’ paradox : when a protocol’s logic is replaced one piece at a time, can we still consider it as the same protocol?

Take Aave or Compound, for example: they undergo frequent code updates to add new features or sometimes fix critical bugs. From a Lindy Effect perspective, each update creates a new entity (a new contract address to which the proxy points), and users should technically reset their risk evaluation. Yet, most users perceive the protocol as a continuous entity (and indeed, the proxy's address hasn’t changed!) and fail to account for the fresh vulnerabilities that may have been introduced during these upgrades.

This principle also applies to smart contracts built on upgradeable platforms. Each update to the underlying platform resets the integration's Lindy Effect, sometimes even breaking the integration entirely. A notable example is the recent Aave v3.2 upgrade, which broke some integrations using immutable code that could not be adapted to the new logic. The Aave team had to roll back certain changes to resolve the issue, highlighting the challenge of building immutable code on top of upgradeable platforms.

Of course, this bias does not only apply to upgradeable contracts but can be extended to modular protocols where an immutable piece of the stack can be swapped to a new one.

As a result, users often overestimate the safety of upgradeable protocols, leading to a cognitive bias in risk assessment. This is particularly problematic in DeFi, where unforeseen vulnerabilities can emerge from even well-intentioned or necessary updates.

For illustration, the Euler’s hack in March 2023 was made possible by a rather seemingly benign upgrade introducing a new function that appeared to be the critical enabler of the attack.

Brand-level Lindy Effect

While the protocol-level Lindy Effect may reset with each update, the brand-level Lindy Effect continues to grow as long as no exploit has been performed.

Over time, protocols build a reputation based on their track record, security practices, and the experience of their development teams. Brands like Aave or Compound become synonymous with safety, not just because of the underlying code but because of the reliability and expertise that these organizations earned, as Ernesto from BGD Labs pointed out.

This trust is built over the years through:

  • The collective experience of developers, risk managers, and security experts
  • Marketing and community engagement, who actively work to build up the brand
  • Strong security practices and regular audits
  • Deep understanding of code and patterns proven in other systems

The key takeaway here is that users often default to trusting a protocol based on its brand, which functions as a heuristic for safety. This bias is rather natural and is a good heuristic for users to separate the wheat from the chaff. However, it can sometimes be misleading. Marketing and narratives can mask potential risks, and critical incidents may be downplayed or hidden from the public.

How to apply the Lindy Effect

While immutable protocols are the only ones that can consistently accrue the true Lindy Effect, upgradeable protocols can still provide significant benefits, especially when backed by strong, well-earned brands.

Moreover, it’s not necessarily realistic for all users to examine technical updates at the protocol level; hence, the brand-level Lindy Effect will offer useful insights.

However, more advanced users and integrators like protocols, institutions, or fintechs should consider both the underlying protocol’s technical structure and the broader brand experience to get a more accurate view of the true Lindy Effect of a given protocol. Only by looking at both aspects can they make informed decisions about where to place their trust.

As Nicholas Nassim Taleb wrote: "the only effective judge of things is time”.

Magazine: Most DePIN projects barely even use blockchain — True or false?

Merlin Egalite is a co-founder of Morpho Labs, a core contributor of the Morpho Protocol. An expert in smart contract security he has contributed to open-source projects such as Giveth, Commons Stack, and Kleros. At Morpho Labs, Merlin leads the integration team, focusing on the security of smart contracts, developer relations, and driving growth through developer engagement.

This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts, and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.