Decentralized financing continues to affect the cryptocurrency market, and with a total value of over $ 13 billion in locked-in assets, DeFi projects reason with eager crypto investors. However, while the DeFi room has evolved over the past year, a number of illegal projects are bearing fruit reminiscent of some of the ICO barriers in 2017 and their aftermath.
For example, the large decentralized protocol Harvest Finance was recently hacked. The attacker earned $ 24 million from Harvest Finance malls. More recently, Value DeFi, a decentralized financial protocol, fell victim to a $ 6 million express loan. Of course, SushiSwap was one of the biggest events of the year for DeFi, as the creator sold $ 13 million in development, which led to a market crash.
It is important to note that most DeFi projects are built on the Ethereum blockchain. There are currently over 200 DeFi projects on the Ethereum network, according to DeFiPrime. However, while Ethereum appears to be the most appropriate platform for DeFi projects, network vulnerabilities have played a major role in hacks and scams.
Ethereum smart contract transactions require security
In particular, smart contracts that Ethereum runs are known to be full of security issues, which in turn has had a major impact on DeFi projects. In addition, billion-dollar smart contracts in DeFi projects are often not pre-audited.
Tom Lindman, a former Microsoft researcher and former CEO of Ethereum Trust Alliance, a group of blockchain companies working on a smart contract security system, told Cointelegraph that there are currently no good ways to determine if a smart contract is right . Secure before the start of the transaction:
DeFi is now worth billions of dollars, but many of these smart contracts are never confirmed. As such, there is still an increase in activity in the DeFi sector as individuals and organizations accept token contracts, exchange tokens and quickly add liquidity to pools without being able to verify the security of contracts. ”
Lindemann tried to solve the security problems surrounding smart contracts, and joined the newly established EthTrust Enterprise Ethereum Alliance Security Levels Working Group as co-chairman. According to Lindemann, the task of the working group will be to continue the progress that was originally started by the Ethereum Trust Alliance, or ETA, which aims to establish standards for secure and smart contracts performed on the Ethereum blockchain.
System for registration of secret smart contracts
Lindemann explained that ETA has been working on the EthTrust project for almost a year, even before the DeFi room began to discover vulnerabilities in Ethereum-smart contracts. Coincidentally, the EthTrust project collaborated with the Enterprise Ethereum Alliance, just as the DeFi room was gaining momentum.
Daniel Burnett, CEO of the Enterprise Ethereum Alliance, told Cointelegraph that the timing of the new working group was just a coincidence regarding the emergence of DeFi. The new EthTrust project demonstrates the maturity of the Ethereum network, Burnett said. “We want to help solve the problems that many of our members have expressed about Ethereum,” he said.
In particular, the new working group plans to address security issues in smart contracts by establishing a standards and scoring system to help users better understand how to distinguish between contracts that have passed strict security controls. While the project is still ongoing, the goal is to define certain requirements that smart contracts must demonstrate in order to be considered secure.
For example, Pierre-Alain Mouy, a member of the Enterprise Ethereum Alliance, former ETA product owner and CEO of NVISO Security in Germany, told Cointelegraph that a smart contract can achieve three levels of verification to help people understand the level. trust. :
We started the project by including three different levels of brands that smart contracts could earn to demonstrate their confidence. The first level consists of a smart contract, which is subject to automatic operation. The second and third levels are manual checks of people to ensure the security of contracts. ”
Mui shared that an automated security verification tool will be launched to get a smart contract for the 1st level mark on the contract. The AI tool is designed to validate a specific set of requirements that the working group is currently setting.
If the smart contract continues at the second level, people will conduct a security audit. “There will be definitions of audit firms that will tell you how long it takes them to study these smart contracts,” Moy said, adding: “Finally, there is an audit report.