159 total views
Commentary: In the current DeFi field, more than 200 projects are engaged in the development of various decentralized financial products and services. However, with rapid growth comes higher risks. As DeFi continues to grow rapidly, unless positive measures are taken, especially security-related measures, this emerging industry will experience serious growth pains on the way forward.
Author: KADAN STADELMANN | compiled by: Maya
Decentralized finance has become the fastest growing field in the blockchain industry. Today, more than 200 projects are engaged in the development of various decentralized financial products and services. With the launch of new DeFi-related projects, this number continues to increase every day.
The number that best illustrates this rapid growth is that the amazing amount of funds locked in DeFi has recently surpassed the $7 billion threshold. The subsequent challenge is that the increase in growth has led to higher risks. As DeFi continues to grow rapidly, unless positive measures are taken, especially security-related measures, this emerging industry will experience serious growth pains on the way forward.
The project did not focus on the security of the underlying infrastructure of these products and protocols, but focused on bringing its DeFi products to the market as soon as possible. We should not pull out more DeFi products, but should focus on solving the security issues that still plague existing protocols. We have seen some examples of what happens when a team launches a product too quickly without proper review.
In the past year, we have witnessed hackers exposing vulnerabilities in DeFi products through price feeds, oracle manipulation, ERC-777 vulnerabilities, and smart contract crashes. In February, bZx lost nearly $1 million in total in two separate incidents: flash loan attacks and oracle manipulation attacks.
In April, a hacker drew $25 million from the DeFi protocol dForce through a reentry attack using fraudulent collateral. In June, the automation market manufacturer DeFi protocol Balancer lost $500,000 in a hacking attack. The reason for the hacking was that its smart contract failed to explain the user’s use of the set token destruction program. Afterwards, these projects responded to the hackers that they would upgrade their code to prevent similar things from happening again in the future.
These hackers will continue to regress DeFi, because the loss of user funds leads to reduced trust in DeFi products and the entire industry. However, when most projects are built on Ethereum, it is understandable that DeFi is experiencing growing pains-Ethereum is a blockchain with its own pain points.
With the upcoming upgrade to Ethereum 2.0, security is an area that Ethereum developers have been paying attention to. This can be seen from the creation of two Ethereum 2.0 attack networks. These two attack networks provide a sandbox environment to ensure a smooth launch on the Ethereum mainnet. Even if it is a blockchain that has existed for 5 years, it is still working hard to improve the fundamentals of its protocol, such as security and scalability. If the protocol exposes security vulnerabilities, then DeFi products built on the protocol will also share these vulnerabilities.
In order to limit the occurrence of these minor situations, DeFi projects can take some proactive measures. For a project, it is important to constantly review its code and periodically try to “hack yourself”. The project should work with a third party that conducts secure code reviews and penetration testing. This process may take time and many code reviews to identify all potential risks. This is why a key way to combat security flaws is to make the product mature before opening it up to a wider audience. Although it is important and very tempting to try to take the lead in bringing the product to the market, it is more important to establish a product with a technical and safe foundation.