Decentralized Finance and the Security of funds
Security of users funds
This should always be a priority and those who have moved from traditional banks and brokerages are often expecting protection and security of decentralized finance constructs like the MakerDao and any decentralized finance running on Ethereum under Smart Contracts to be not only secure, but more secure then traditional banks. But recent history suggests this absolute trust is misplaced.
Insecure System One only has to look to the Melt-down of the MakerDao in March and that the mighty MakerDao found itself on the losing end of a lawsuit for a 28 million dollar judgement following the loss of users Ethereum. This Smart Contract failure was followed by hacks at other blockchain based credit-debt facilities in the decentralized-finance universe like the $24 million dollar Hacker theft from Lendf and other similar hacker thefts from decentralized credit debt facilities In the months since March. Investors, developers and other cryptocurrency enthusiast are now realizing that the DeFi space is filled with uncertainties and insecurities.
Types of vulnerabilities
Looking at the news, the reports by the MakerDao, Lendf and others, it appears that the security issues can be catergorized or blamed on aging blockchain architecture, inadvertent inappropriate coding language selection and copy-n-paste code adoption.
Aging architecture is a known problem. It seems that as blockchain infrastructure like ages it either gets mitre attack proof like Bitcoin due to its singular mission, or becomes more vulnerable to attack or taking advantage of its vulnerabilities like Ethereum due to core abilities like transaction speed Or maximum transaction volume per second being overwhelmed by the attack vector. The years in the cryptocurrency universe appear to behave more like dog years, with blockchain architecture seemingly aging and becoming vulnerable at a much more rapid pace then expected.
Inadvertent inappropriate coding language selection. This issue has recently come to the forefront also, as we learn about the software languages strengths and weaknesses, as some have an infinite number of possible attack vectors based on the nature of the coding language. A problem unique to financial coding, which we are apparently just learning. This has been termed the infinite possibility theory and the laborious task of testing protections against each possible attack vector are done by hackers for free because of the prize; large amounts of user funds, but not done by decentralized finance facilities due to real cost Of developer time and the result has been multiple hacks, thefts and loss of user funds.
Copy-n-paste code adoption. This last one is and isn’t a surprise. The advantage of open source is that many developers work on various portions of a code over time, basically debugging it and correcting both errors and closing vulnerabilities. This assumes that those who then borrow this code from GitHub libraries are fluent in reading, writing and understanding how the code works. It appears that there are ciders bright enough to read, write and install code to provide the code backbone for DeFi companies who don’t know how it works, so they can’t fix it and don’t recognize vulnerabilities their particular use case creates. We have been presented with hacks and the thefts of users funds in the DeFi universe where the team behind the DeFi company borrowed code from libraries, which wasn’t completely debugged, in languages they didn’t completely understand. It appears their ignorance of the code and it’s vulnerabilities allowed hackers fluent in the code to penetrate their security and steal users funds.
The years in the cryptocurrency universe appear to behave more like dog years, with 6-7 years of wear and tear occurring in one year, in terms of rapid obsolescence.
I read a very good article detailing the new coding language preferences to come for financial businesses on the blockchain and I suggest investors read it.
Knowledge is power my friends, keep learning.
Title: Decentralized Finance and the Security of funds
Tags: #defi-insecurities #decentralize-finance
Posted Using LeoFinance
