Blockchain needs to walk before it runs to DeFi

Published at: Sept. 10, 2020

Decentralized finance has become the fastest-growing sector of the blockchain industry. Today, there are over 200 projects working on a wide variety of decentralized financial products and services. That number continues to increase every day as new DeFi-related projects launch. 

The most telling figure of this rapid growth is the staggering amount of money that is locked in DeFi, recently having passed the $7 billion threshold. The challenge is that increased growth leads to higher risks. As DeFi continues to grow at a rapid pace, this burgeoning industry will experience severe growing pains along the way unless proactive measures are taken, particularly related to security.

Instead of focusing on the security of the underlying infrastructure of these products and protocols, projects are focused on getting their DeFi product out to market as quickly as possible. Rather than pumping out more DeFi products, we should be focused on solving security issues that still plague existing protocols. We have already seen examples of what happens when teams are too quick to push out products that haven’t been audited properly.

In the past year, we have witnessed hackers expose vulnerabilities in DeFi products through price feed, oracle manipulation, ERC-777 vulnerabilities and smart contract failures. In February, bZx lost a combined total of nearly $1 million in two separate incidents: a flash loan attack and an oracle manipulation attack.

In April, a hacker drained $25 million from DeFi protocol dForce through a reentrancy attack that leveraged fraudulent collateral. In June, automated market maker DeFi protocol Balancer lost $500,000 in a hack that resulted from its smart contract failing to account for users taking advantage of a programmed burn. Hindsight was 2020 in all of these hacks, as the projects responded to the hacks by saying they would go back and upgrade their code to prevent something similar from happening again in the future.

These hacks will continue to set DeFi back, as losing user funds cause reduced trust in DeFi products and the sector altogether. However, it is understandable that DeFi is experiencing growing pains when the majority of projects are being built on top of Ethereum — a blockchain with growing pains of its own.

Security is an area that Ethereum developers have been focused on with the upcoming upgrade to Ethereum 2.0. This is demonstrated by the creation of two Ethereum 2.0 attack networks, which provide a sandbox environment to ensure that the eventual launch on the Ethereum mainnet goes smoothly. Even a blockchain like Ethereum, which has been around for five years, is still working on improving the fundamentals of its protocol, such as security and scalability. If the protocol is exposed to security vulnerabilities, the DeFi products built on top of it will share those same vulnerabilities.

In order to limit the hiccups, there are proactive steps that DeFi projects can take. It is important for a project to constantly review its code and essentially try to “hack itself” at regular intervals. Projects should engage with third parties that conduct secure code reviews and penetration tests. This process can take time and many code reviews to identify all of the potential risks. That is why a critical way to fight against security flaws is to let a product mature before opening access to a wider group. While it is important and very tempting to try to be first to market with a product, it is more important to build a product with a technically secure foundation.

The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Kadan Stadelmann is a blockchain developer, operations security expert and Komodo Platform’s chief technology officer. His experience ranges from working in operations security in the government sector and launching technology startups to application development and cryptography. Kadan started his journey into blockchain technology in 2011 and joined the Komodo team in 2016.
Tags
Related Posts
Ethereum advances with standards for smart contract security audits
The Ethereum ecosystem continues to witness a flurry of activity that has individuals and organizations deploying token contracts, adding liquidity to pools and deploying smart contracts to support a wide range of business models. While notable, this growth has also been riddled with security exploits, leaving decentralized finance (DeFi) protocols vulnerable to hacks and scams. For instance, recent findings from crypto intelligence firm Chainalysis show that crypto-related hacks have increased by 58.3% from the beginning of the year through July 2022. The report further notes that $1.9 billion has been lost to hacks during this timeframe — a figure that …
Adoption / Aug. 22, 2022
A crypto New Year’s resolution: Modernize security infrastructure
It’s safe to say that 2020 has been a banner year for the digital-asset space. Bitcoin (BTC) soared past its previous high, and many other prominent cryptocurrencies reached their highest levels since the heyday of 2017 and early 2018. Across the financial services industry, institutional voices are expressing reinvigorated interest in digital assets. The growth and maturation of this space has been impossible to ignore, engendering plenty of optimism among those who build the platforms and systems on which it runs. Unfortunately, not all the headlines from the past year have been positive. Several well-known crypto exchanges and other organizations …
Technology / Dec. 31, 2020
The importance of decentralized oracles: Interview with Sergey Nazarov
Chainlink co-founder Sergey Nazarov believes that increasing the decentralization and scalability of oracle technologies are key to ensure trust in the DeFi ecosystem. Oracles play a key role in the correct functioning of DeFI protocols by connecting them to real-world data. However, the trustworthiness of oracles becomes compromised in instances where they rely on a single data source to retrieve information. For instance, according to Nazarov, excessively centralized oracles enabled five recent flash loan attacks, which resulted in DeFi protocols losing around $40 million. Flash loans, a form of loan that does not require any collateral, can be used to …
Decentralization / Dec. 19, 2020
Microsoft transformed home computing — and this project wants to transform DeFi
A decentralized autonomous organization that governs a growing number of protocols says the initial vision for DeFi “has been corrupted by greed, inefficiency and sheer incompetence” — and says a drastic new approach is needed to ensure this sector reaches its full potential. According to Jigstack, the Ethereum landscape is fragmented, with thousands of DApps that offer varying degrees of quality. Millions of dollars in user funds have been lost, hacked, stolen or fraudulently misplaced in the past year — and “everything the industry promised to deliver has yet to be brought to life in a professional manner.” Jigstack’s founders …
Decentralization / April 15, 2021
Crypto companies aim to build trust within future products and services
The cryptocurrency ecosystem underwent a turbulent year in 2022. Criticism inside and outside of the crypto industry was fueled following the collapse of FTX, Celsius, Three Arrows Capital and the Terra ecosystem. A number of losses have been recorded from these events. Blockchain analytics firm Chainalysis released a report in December of last year, which noted that the depegging of Terra’s stablecoin, Terra USD Classic (USTC), saw weekly-realized losses peak at $20.5 billion. Findings further show that the subsequent collapse of Three Arrows Capital and Celsius in June 2022 saw weekly-realized losses reach $33 billion. While these events may have …
Decentralization / Jan. 6, 2023