In this article, we will be going through the nooks and crannies of the current state of DeFi, especially when it comes to security. It will explain if blockchain technology, cryptography, and smart contracts live up to the promise of having a secure and trustless fiscal medium. Moreover, it will include comments on what should happen next in the world of DeFi to ensure better safety within this space.
What is a DeFi project?
The first flint which started the flame of DeFi was in the hands of Rune Christensen of Denmark, who conceived MakerDAO in 2014. In essence, MakerDAO allows users to lock cryptocurrency to generate $DAI, a stablecoin pegged to the US dollar. In turn, this allowed lending and borrowing to commence in the DeFi space.
Since the creation of MakerDAO, numerous projects have been conceived, and the idea spread like wildfire. It allowed for much higher yield rates than traditional banks could provide. This is because running a smart contract is much more cost-effective. Since interest rates in traditional finance are known to be low, DeFi promises to provide a solution. Here is a list of some of the DeFi projects that have emerged:
In the report, they highlight that the most common vulnerability they found was centralization risks, something that ironically goes against the spirit of DeFi. They note that “single points of failure” can easily be exploited by “dedicated hackers and malicious insiders alike.” In one case, they point out that a DeFi protocol was exploited for more than $55 million due to private key mismanagement.
In such cases, they point out that “a single, non-multi signature setup is insufficient”. Generally, privileged functions need to be protected by a timelock which would be “delegated to a DAO”, or managed by a multi-signature wallet. Other issues highlighted by the report were missing event emissions, utilization of unlocked compiler versions, lacking proper validating inputs, and reliance on third-party dependencies. “A byte-sized piece of code can have multi-million dollar ramifications,” they noted.
The most notable way of Social Engineering scams is through phishing. Here at Interlock, we are aiming to prevent these types of scams through Bouncer – a security Discord bot – as well as through a browser extension that detects phishing sites. Both of these leverage Interlock’s Visual AI and will work with $ILOCK, a DeFi security token.
Honeypots, on the other hand, are also an emerging trend. Savvy users have started using smart contracts that appear to have a design flaw that would allow an arbitrary user to drain Ether from the contract. However, when the user tries to exploit this apparent flaw, a trapdoor opens and prevents the ether draining from succeeding. This is when “the user's cash will be imprisoned, and only the honeypot creator (attacker) will be able to recover them”.
The Future of DeFi Security
If we want a budding DeFi future, we need to keep a number of things in mind when it comes to security. If DeFi protocols lack security, there will be breaches. In the end, DeFi would lose trust from the community that is needed for its successful future. That is why more action needs to be taken on the security front. Interlock’s CEO, Rick Deacon, had his own say on this.
“The greatest threat will always be Social Engineering, phishing, and attacks that focus on accessing an unwitting user's or company's DeFi wallet,” Deacon said.
Moreover, he believes that the world will always be “chasing smart contract security” and scammers will pluck any potential holes which could lead to exploitation. DeFi protocols “will need to continually work to improve bugs that cause manipulation,” he remarked.
Deacon noted that he would like to see more DeFi security standardization across all platforms. This would enable a set of guidelines for DeFi platforms to follow in order to ensure that users are safe. Then there should also be a “minimum requirement” that platforms, coins and users should follow so that any breaches, hacks, or scams are mitigated as much as possible.
As we highlighted in a previous AMA, there are plenty of key factors that will play a role in the future of DeFi and where it heads to. Here is a list of the most pertinent things that were discussed with some of the projects aiming to make DeFi more secure:
Audits need to be taken seriously
Problems highlighted in audits need to be addressed
Less focus on marketing audits, but rather on solving issues
More proactivity to prevent hacks
Awareness that hacks often cost more than taking security measures
If we want to have a safer space for people to explore the potentialities of DeFi, crypto projects will need to make security one of the top priorities on their to-do list.