DeFi double-edge sword problem

What DeFi does that traditional financial institution doesn't is democratizing the access to financial instruments for everybody with internet connection and become community-owned. Currently, the most prominent DeFi products are being built on Ethereum. They are utilizing its robust smart contracts system.

Smart contracts are composable, which means they can interact with each other. This composability is the feature driving DeFi innovation. That's why we call it also a "money lego" as everything can be built upon previous projects.

The great thing about DeFi is anyone can make anything. The bad thing about DeFi is anyone can make anything. We see this in a multitude of hacks that are happening recently. It only takes the success of one project to spawn multiple clones that copy the code of the original.

Developers of the original project are constantly improving, fixing issues, bugs, and patching vulnerabilities. That doesn't automatically translate to all of the forks and patched issues, or worse, current vulnerabilities can be exploited in the original codebase and in all of its forks.

I've spoken about this many times, but I will continue to talk about it as it's an important topic. Composability is a great feature. But it comes with its own set of issues.

What makes DeFi superior to traditional finance is its composability and ease of doing so. However, adding the next building blocks introduces more complexity and more attack surface, guaranteeing new, unforeseeable attack vectors and risks we wouldn't have thought about in the scope of only one project.

What DeFi needs is a clear set of rules on how composability should work. Best practices of integrating with other systems and of forking somebody else code. Here are articles I wrote about this subject

What are the developer’s responsibilities due to the hack? Case study based on Impossible Finance hack.

On Jun-21-2021 04:39:07 AM +UTC, Impossible Finance got hacked for $500k using the same exploit as the one used on the BurgerSwap. The issue was with the swap function supposed to verify if x*y>k, basically the requirement for Uniswap AMM to work correctly. Without this

Adrian Hetmanadrianhetman

Replay Mirror Attacks

DeFi is an ever-growing market, and apart from everybody wanting to have a piece of multi-billion dollar industry, there are chains and copycats of protocols found originally on Ethereum. Some of those copycats grew into their respective applications, but also it meant, we have multiple chains we ca…

Adrian Hetmanadrianhetman

DeFi is the next step in internet technology. But as with all new technology, it comes with its own set of challenges. We're still early in Blockchain technology. We're slowly building best practices and security standards. We're at a far better place than at the beginning of 2020.

We need to keep going and help secure the decentralized world!

Thanks for reading, and if you like my writing, you can subscribe to my blog to receive the daily newsletter as I'm currently in the middle of 100 days of blogging challenge. Subscription box below 👇

If the newsletter is not your thing, check out my Twitter @adrianhetman, where I post and share exciting news from the Blockchain world and security.

See you tomorrow!