Security Risks in DeFi (Decentralized Finance)
Decentralized finance has been the talk of the town for the last few months, seeing unprecedented growth since June this year, In just six weeks, the amount of ETH locked into these decentralized platforms rose from just over $1 billion to nearly $10 billion. DeFi has provided thousands of people with access to financial services The post Security Risks in DeFi (Decentralized Finance) appeared first on Coingape.
Decentralized finance has been the talk of the town for the last few months, seeing unprecedented growth since June this year, In just six weeks, the amount of ETH locked into these decentralized platforms rose from just over $1 billion to nearly $10 billion.
DeFi has provided thousands of people with access to financial services through the power of distributed computing and decentralized consensus. The ability to borrow and lend cryptocurrencies with no third-party involvement is nothing short of extraordinary, and the advent of programmable smart contracts had quite the role to play.
Ethereum was one of the first blockchains to have fully implemented support for programmable smart contracts. This allows developers to set rules for transactions through code, and let the network itself handle the actual transactions.
Beyond just automated cryptocurrency purchases, this has led to a myriad of decentralized services, including borrowing, lending, staking, and even decentralized exchanges. And since it’s all managed by code on the network, no centralized party can interfere. While this sounds almost utopian, these systems can have single points of failure: the code itself.
To err is human, and to write imperfect code is also, sadly, very much human. Users with malicious intent are always trying to find ways to trick systems to benefit themselves, which is why blockchain developers have a heavy task at hand.
When developing for blockchain, it’s vital to have a good understanding of computer science, economics, cryptography, financial markets, and business. That sounds like a lot to ask for from each developer, but these tasks are often handled by large, specialized teams.
Companies like CipherTrace and Chainalysis outsource their expertise on blockchain network security to all kinds of blockchain-based businesses, and audit application code to ensure sufficient protection against cyber attacks. Even large cryptocurrency exchanges often employ such companies to monitor their data and look for inconsistencies.
In April, the Lendf.me and Uniswap lending platforms witnessed hacks that resulted in $25 million worth of funds being stolen from the two platforms. According to reports, the hackers used an exploit that had been reported by cryptocurrency security auditing firm, OpenZeppelin.
After using the exploit on Uniswap, the hackers proceeded to drain the Lendf.me platform of nearly all of its funds. While the hacker was eventually caught due to a leaked IP address during the attack, a more skilled hacker might have gotten away with it, and the security of the platform was still compromised.
Uniswap V1 did not have the security measures in place to prevent this kind of reentrancy attack, which was only possible due to a bug in how the platform engaged with the ERC-777 standard. The risk of this kind of attack has been mitigated since the launch of Uniswap V2, though the original platform still has active users.
Earlier in February, the bZx lending and margin trading protocol fell victim to two attacks that manipulated oracles and leveraged flash loans to steal funds. Though bZx compensated the affected individuals (mostly WBTC holders), this was still a major breach of security.
Developers, cryptographers, and financial experts are perpetually working towards making decentralized networks safer and easier to use. And though it’s impossible to get every piece of code 100% perfect, we can set measures in place to deal with catastrophe when it eventually strikes.
Preventive and Protective Measures
The hacks this year have been a sort of rude awakening for DeFi, amidst an otherwise peaceful slumber. From Andreessen Horowitz’s $15 million investment in MakerDAO to yield farming advice on Twitter, a lot has been happening in the world of decentralized finance.
As the industry grows, businesses are finding new ways to tackle these safety issues. Security audits are becoming more commonplace, as users demand to know whether platforms are secure enough, in light of past hacks.
Experimenting with the platform on a testnet, instead of directly releasing the code to be used by the public, can often be a vital and overlooked part of the security process. A testnet allows developers to experiment with the platform using the help of real users and fake currency.
The testnet can then be transitioned to a mainnet through phases, based on how far down the development pipeline the project is. Users can also be compensated for finding bugs and reporting them to the developers, further incentivizing the growth and development of the platform.
This not only helps developers find new bugs, but it also helps them secure the platform against potential malicious attacks and deters hackers from compromising the platform by offering a suitable reward.
Decentralized lending platforms can also focus on monitoring the ‘utilization ratio’ of asset liquidity pools. This metric measures the percentage of borrowed funds in the pool that have not been repaid. A sudden change in its value can be due to market changes causing reactions en masse, but more importantly, it can indicate whether a hacker is trying to drain the entire pool.
A report from ConsenSys shows that the utilization ratio for tokens on the Lendf.me platform surged to 100% near-instantly. Monitoring this value can help users and exchanges take pre-emptive measures to protect their funds stored on DEXs and with other DeFi lending services.
Exchanges can take further measures, and monitor other anomalous activity, such as large transactions, suspiciously frequent requests, notably periodic activity, or unusual activity from accounts with critical access.
After detection, the exchange could create protocols for investigation and further action, such as a delay in transferring large amounts, or halting the system outright as pre-emptive action.
Large stablecoin transfers can be a sign of someone exiting the platform and should be closely monitored to ensure the security of stored funds. Functions that are called too frequently or periodically should also be investigated, as this can hint at bot activity on the platform, which is never a particularly good thing.
However, people do make use of trading and arbitrage bots on these platforms, so it’s important for the monitoring teams to create rules that allow them to identify abnormal activity.
The Future of DeFi
Decentralized finance has opened up a wide array of opportunities for all kinds of businesses. From blockchain-based startups to FinTech conglomerates, everyone wants a piece of the giant (and growing) pie that is DeFi.
“DeFi projects can and should maintain multi-sig contracts, protection of data privacy, access to distributed blockchains, and all the other decentralized features,” Alex Mashinsky, CEO of Ethereum-based lending platform, told CoinDesk. “But they should lay them underneath the hood of applications that are consumer-friendly, like mainstream platforms or online banking services.”
DeFi is the face of blockchain technology for those who have yet to be introduced to it, and many applications are designed in this regard. However, while borrowing and lending are essential functions of any monetary system, these are far from the only applications of DeFi technology.
Real estate is one industry beginning to feel the effects of decentralization, with some blockchains offering fractional purchases of tokenized real estate. Further growth in this area could bring a lot of business to decentralized finance, and its already well-developed lending platforms could see more users than ever before.
Among other things slowly becoming decentralized, energy is one of the more technically advanced things that blockchain networks are capable of doing today. Decentralized Energy (DeEn) systems allow customers to know where their energy comes from, and choose where they want to source their power from, using blockchain technology and programmable smart contracts.
This not only helps users get the best bang for their buck, but it also promotes the use of clean, renewable energy. However, users should be wary of what DeFi projects they invest their funds into, and promote stable, audited platforms with revered teams behind them.
This year, alongside the rise in DeFi usage, the blockchain space has seen many a wide-eyed investor relieved of his capital without consent. Where there’s money to be made, scammers will parade, and it’s important for users to understand that in a decentralized system, no one can be held accountable.
DeFi’s growth this year has been incredible, and a lesson to the world that people will always find alternatives to systems that are subject to manipulation by centralized third-parties. Being able to provide financial aid to people without access to these services is not only empowering, but also profitable.
Decentralized finance provides blockchain technology with a platform to showcase its true potential. Supported by distributed consensus, rigidly coded contracts, and proper incentivization, there seems to be no reason why DeFi’s growth should stop any time soon.