Most DEXs are unsafe, alleges new report

Published at: Oct. 28, 2020

A recent report from Cer Live, a crypto exchange ranking platform, indicated that 14 of the top 25 decentralized exchanges, or DEXs, scored poorly in terms of cybersecurity.

The report looked at a variety of unique problems that most DEXs face, including fake token listings, the prevalence of slippage, delays in transaction confirmation, and a lack of data about listed trading pairs. They also looked at whether each exchange had undergone security audits, offered bounties to incentivize the public discovery of bugs, ensured adequate end-to-end security, and more.

The assessment then allocated a score ranging between 1 - 10 based on each venue's overall security. CER deemed that any score above an 8 should be classified as "high." Scores ranging between 6 - 8 were considered "good", and anything below a 6 was viewed as "low" and, thus, "unsafe." Out of the 25 exchanges analyzed, only two of the reported DEXs received a “high” security score: Uniswap and Syntetyx.

CER called out low scoring exchanges for their auditing practices, saying that many failed to re-audit their offerings following recent additions to their code. Scores were reduced for any exchange whose audits were considered to be out of date. Other exchanges failed to release public audits at all:

“6 exchanges (24%) failed to pass a security audit or did not publicly announce that they have undergone an audit. It should be noted that an unaudited exchange cannot be considered safe.”

Some of the 25 exchanges hired individual researchers rather than specialized companies to complete their audits — a practice that the report's authors strongly discouraged. Remarking on the incredible growth of DeFi in the last few months, the researchers concluded that DEX users are generally more exposed to fraud than hacks:

“Despite the fact that there haven’t been any significant hacks on decentralized exchanges in comparison to centralized platforms, DEX users are actually more susceptible to fraudulent attacks."

CER's report ultimately determined that 92% of the top 25 DEXs need to place a stronger focus on security. They encouraged these exchanges to follow the industry's existing best practices in future in an effort to ensure a safe trading environment for their users.

Tags
Technology
Defi
Decentralized Exchange
Cybersecurity
Security
Related Posts
The perfect storm: DeFi hacks will advance the crypto sector moving forward
The rise of decentralized finance, or DeFi, could be paving the way toward a fully decentralized financial ecosystem. Yet, given the innovative nature of DeFi, the sector remains in constant development and is therefore prone to a number of vulnerabilities. Unsurprisingly, one of the biggest challenges currently facing the DeFi sector is security threats. This has become apparent as more DeFi hacks continue to wreak havoc across the crypto community. Most recently, the largest DeFi hack within the crypto industry took place. The Poly Network hack resulted in over $600 million dollars removed, and then returned, from Binance Chain, Ethereum …
Decentralization / Aug. 17, 2021
yEarn Creator Says Recent Audits Don't Necessarily Mean the Project Is 100% Safe
Andre Cronje, the creator of Yearn.Finance, has recently made security audits of his project publicly available. He explained to Cointelegraph that he had been previously withholding these audits, which were completed months ago, so as to not give users a false sense of security: I always refused to publish the audits because I don't want people to get a false sense of security because of them. Yesterday, Cronje published five audits on the project's GitHub repository. The audits were performed between February and July by leading auditors, such as Certik and Quantstamp. Some of the vulnerabilities that were discovered are …
Technology / Aug. 20, 2020
What is a honeypot crypto scam and how to spot it?
What is a crypto honeypot and why is it used? Smart contracts programs across a decentralized network of nodes can be executed on modern blockchains like Ethereum. Smart contracts are becoming more popular and valuable, making them a more appealing target for attackers. Several smart contracts have been targeted by hackers in recent years. However, a new trend appears to be gaining traction; namely, attackers are no longer looking for susceptible contracts but are adopting a more proactive strategy. Instead, they aim to trick their victims into falling into traps by sending out contracts that appear to be vulnerable but …
Adoption / Dec. 26, 2021
App-specific blockchains remain a promising solution for scalability
App-specific blockchains, or appchains, are specifically designed to support the creation and deployment of decentralized applications (DApps). In an appchain, each app runs on its separate blockchain, linked to the main chain. This allows for greater scalability and flexibility, as each app can be customized and optimized for its specific use case. Appchains are also an alternative solution for scalability to modular blockchains or layer-2 protocols. Appchains present similar characteristics to modular blockchains, as it is a type of blockchain architecture that separates the data, transaction processing and consensus processing elements into distinct modules that can be combined in various …
Adoption / Jan. 14, 2023
Top 7 cybersecurity jobs in high demand
In today’s digital age, cybersecurity has become a critical aspect of almost every business. Cyber threats are increasing daily, and businesses must take proactive measures to protect their networks and data. As a result, the demand for cybersecurity professionals has skyrocketed. Little Friday humour #meme #cybersecurity @hackurityio pic.twitter.com/MArEpCh03k — Harold De Vries (@devries_harold) February 17, 2023 In this article, we will discuss the top seven cybersecurity jobs that are in high demand. Cybersecurity analyst A cybersecurity analyst is responsible for identifying and mitigating cyber threats to an organization’s network and data. They examine system logs and network traffic to find …
Technology / Feb. 26, 2023