DeFi devs may save months of work with OpenZeppelin’s operations platform

Published at: Oct. 27, 2020

OpenZeppelin, a blockchain software company known for developing one of the most used implementations of the Ethereum ERC-20 contract, announced on Tuesday the release of a developer suite called Defender.

The tool helps automate many of the development operations associated with running Ethereum-based decentralized apps. It provides a simple dashboard to manage upgrades and admin operations for existing smart contracts, which can help developers keep track of changes.

Other features include a transaction relayer that simplifies integrations with web-based back ends, automated tasks like logging or oracle updates, and a general knowledge base of best practices in development.

The company says that normally, these features need to be developed independently by every team, which diverts time and effort from actual smart contract deployment.

OpenZeppelin’s chief technology officer, Jonathan Alexander, told Cointelegraph that this suite could help mitigate hacks in decentralized finance:

“Multiple exploits we’ve seen in DeFi this year, such as those in YAM, Uniswap, dForce, and Hegic, could have been avoided or reduced by following a careful security process, but teams lack a comprehensive system that fully informs them on security best practices and how to assess risk.”

The knowledge base shows how to mitigate some of the core issues that led to hacks such as the reentrancy attack used on dForce, according to a presentation shown to Cointelegraph.

Beyond the ease of access to best practices, Alexander said that a quick response tool could have reduced the loss of user funds in situations similar to the bZx and Opyn hacks.

The team decided to build the tool following conversations with developers, who “were spending months and months of precious time trying to build their own infrastructure and tools,” Alexander said. “OpenZeppelin Defender is the first SecOps [security operations] platform for Ethereum and as such is a critical addition that the ecosystem has been missing.”

Defender is free for use on testnet, but requires a paid subscription for production use.

It comes as new security and development tools are being released to simplify the process of developing a DApp. On Monday, CertiK announced the release of a blockchain that would create a more liquid market for security audits and scoring.

Tags
Technology
Ethereum
Defi
Smart Contracts
Security
Related Posts
Ethereum advances with standards for smart contract security audits
The Ethereum ecosystem continues to witness a flurry of activity that has individuals and organizations deploying token contracts, adding liquidity to pools and deploying smart contracts to support a wide range of business models. While notable, this growth has also been riddled with security exploits, leaving decentralized finance (DeFi) protocols vulnerable to hacks and scams. For instance, recent findings from crypto intelligence firm Chainalysis show that crypto-related hacks have increased by 58.3% from the beginning of the year through July 2022. The report further notes that $1.9 billion has been lost to hacks during this timeframe — a figure that …
Adoption / Aug. 22, 2022
Crypto companies aim to build trust within future products and services
The cryptocurrency ecosystem underwent a turbulent year in 2022. Criticism inside and outside of the crypto industry was fueled following the collapse of FTX, Celsius, Three Arrows Capital and the Terra ecosystem. A number of losses have been recorded from these events. Blockchain analytics firm Chainalysis released a report in December of last year, which noted that the depegging of Terra’s stablecoin, Terra USD Classic (USTC), saw weekly-realized losses peak at $20.5 billion. Findings further show that the subsequent collapse of Three Arrows Capital and Celsius in June 2022 saw weekly-realized losses reach $33 billion. While these events may have …
Decentralization / Jan. 6, 2023
​​Cream Finance DeFi platform loses $19M in a flash loan hack
Cream Finance, a major decentralized finance (DeFi) protocol focused on lending, has suffered a severe exploit, with a hacker stealing nearly $19 million from its platform. An unknown hacker has managed to gain $18.8 million in the latest flash loan exploit of the Cream Finance protocol through a reentrancy bug introduced by the Amp token, according to an investigation by blockchain security firm PeckShield. Announcing the news Monday, Cream Finance said that the protocol has stopped the exploit by pausing supply and borrow contracts on the Amp token. “No other markets were affected,” Cream Finance stated. C.R.E.A.M. v1 market on …
Decentralization / Aug. 30, 2021
ZenGo Warns of Major Security Flaw Among DApp Wallets
Cryptocurrency wallet provider ZenGo has built a testnet to demonstrate a major security flaw prevalent among decentralized application (DApp) wallets. On March 23, ZenGo published an article highlighting that, when authorizing a specific transaction, many DApp wallets actually grant access over all of that particular token stored in the connected wallet: “As a result, if the DApp is vulnerable to a security issue or is rogue to begin with, attackers can abuse these highly excessive privileges to steal ALL of the DApp’s users holdings (in the approved tokens) without any further user consent. They can do so at any point …
Technology / March 24, 2020
The future of smart contract adoption for enterprises
Decentralized finance (DeFi) markets may have cooled down over the past year, but the technology powering these applications continues to advance. In particular, smart contract platforms that enable transactions to take place across DeFi applications are maturing to meet enterprise requirements. While it’s notable that enterprises have previously shown interest in DeFi use cases, smart contract limitations have hampered adoption. A report published by Grayscale Research in March puts this in perspective, noting that “Despite handling millions of transactions per day, smart contract platforms in their current state would be incapable of handling even 10% of the worlds’ internet traffic.” …
Decentralization / Dec. 3, 2022