Blockchain needs to walk before it runs to DeFi

Decentralized finance has become the fastest-growing sector of the blockchain industry. Today, there are over 200 projects working on a wide variety of decentralized financial products and services. That number continues to increase every day as new DeFi-related projects launch. 

The most telling figure of this rapid growth is the staggering amount of money that is locked in DeFi, recently having passed the $7 billion threshold. The challenge is that increased growth leads to higher risks. As DeFi continues to grow at a rapid pace, this burgeoning industry will experience severe growing pains along the way unless proactive measures are taken, particularly related to security.

Instead of focusing on the security of the underlying infrastructure of these products and protocols, projects are focused on getting their DeFi product out to market as quickly as possible. Rather than pumping out more DeFi products, we should be focused on solving security issues that still plague existing protocols. We have already seen examples of what happens when teams are too quick to push out products that haven’t been audited properly.

In the past year, we have witnessed hackers expose vulnerabilities in DeFi products through price feed, oracle manipulation, ERC-777 vulnerabilities and smart contract failures. In February, bZx lost a combined total of nearly $1 million in two separate incidents: a flash loan attack and an oracle manipulation attack.

In April, a hacker drained $25 million from DeFi protocol dForce through a reentrancy attack that leveraged fraudulent collateral. In June, automated market maker DeFi protocol Balancer lost $500,000 in a hack that resulted from its smart contract failing to account for users taking advantage of a programmed burn. Hindsight was 2020 in all of these hacks, as the projects responded to the hacks by saying they would go back and upgrade their code to prevent something similar from happening again in the future.

These hacks will continue to set DeFi back, as losing user funds cause reduced trust in DeFi products and the sector altogether. However, it is understandable that DeFi is experiencing growing pains when the majority of projects are being built on top of Ethereum — a blockchain with growing pains of its own.

Security is an area that Ethereum developers have been focused on with the upcoming upgrade to Ethereum 2.0. This is demonstrated by the creation of two Ethereum 2.0 attack networks, which provide a sandbox environment to ensure that the eventual launch on the Ethereum mainnet goes smoothly. Even a blockchain like Ethereum, which has been around for five years, is still working on improving the fundamentals of its protocol, such as security and scalability. If the protocol is exposed to security vulnerabilities, the DeFi products built on top of it will share those same vulnerabilities.

In order to limit the hiccups, there are proactive steps that DeFi projects can take. It is important for a project to constantly review its code and essentially try to “hack itself” at regular intervals. Projects should engage with third parties that conduct secure code reviews and penetration tests. This process can take time and many code reviews to identify all of the potential risks. That is why a critical way to fight against security flaws is to let a product mature before opening access to a wider group. While it is important and very tempting to try to be first to market with a product, it is more important to build a product with a technically secure foundation.

The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Kadan Stadelmann is a blockchain developer, operations security expert and Komodo Platform’s chief technology officer. His experience ranges from working in operations security in the government sector and launching technology startups to application development and cryptography. Kadan started his journey into blockchain technology in 2011 and joined the Komodo team in 2016.

Leave a Reply

Your email address will not be published. Required fields are marked *