No audit, no problem?
ChainSwap was hacked, and due to that hack, $8M was stolen from various projects using the ChainSwap bridge. It was the second hack of ChainSwap. The first one happened few days before and resulted in $800K being stolen.
For the latest hack, I'm not going to dive into details as n3o on Twitter did a great thread on the matter.
The best part of all of this? I couldn't find any audit report of the project published or even mention of someone who has audited ChainSwap. 🤯 Maybe there are some reports or one, but I couldn't find anything. If I'm wrong, correct me.
General opinion of the DeFi projects landscape
I've spoken many times audits are no silver bullets that will make all of your security problems disappear. But FFS, that doesn't mean you shouldn't have one either way!
I've seen my fair share of crappy code marked as "production-ready" with fundamental security issues present that Slither could help detect. People are more eager to launch the DeFi product and watch the money flow in than focus on the security of their user's funds.
That's the sad reality, and no matter how many strategic partnerships you will have on your website, that won't protect you from crappy code.
I see more projects coming my way that are already deployed and ask for an audit. I get that the audits are hard to schedule and are expensive. But if I'm serious about my project, I would rather delay the launch for 2-3 months to incorporate time for the audit and expanding testing phase, than have an exploited app few days after deploy to the mainnet.
I get why you're doing this. Dollar signs are showing ups in your eyes like in a cartoon when you hear about TVL of DeFi, and you want to get rich quickly. But that doesn't work that way.
I'm not only blaming projects for this type of behavior. Users are putting money everywhere they can just to gain the additional possibility of getting rich.
🦧 Gonna 🦧.
That will be it! Small rant of some recent events and DeFi space in general. Be safe out there!
Thanks for reading, and if you like my writing, you can subscribe to my blog to receive the daily newsletter as I'm currently in the middle of 100 days of blogging challenge. Subscription box below 👇
If the newsletter is not your thing, check out my Twitter @adrianhetman, where I post and share exciting news from the Blockchain world and security.
See you tomorrow!