Security is one of the most important topics in Decentralized Finance.
Without the security, your fund is for others to grab 💸.
🔒 Crypto Security
Crypto itself is a component derivative from cryptography - a technique to secure communication in the presence of malicious third parties. It is prone to attacks from multiple aspects. Cryptocurrency Security Standard (CCSS) was introduced in 2014 to provide an open standard for protecting crypto operations that are separated by three levels of a security audit.
Level I is the most stringent security protection and Level III is the least stringent security protection.
The audit components include:
- Key/seed generation
- Wallet creation
- Key storage
- Key usage
- Key compromise policy
- Keyholder grant/revoke policies & procedures
- Third-party security audits/pentests
- Data sanitization policy
- Proof of reserve
- Audit logs
Even if you passed a level III audit does not guarantee your crypto to be safe.
👮 Defi Security
The core component of Defi is smart contracts. Only the problem with the smart contract is that it defeats the original design intent of cryptocurrency. Despite the benefit of the smart contract to bring more functionality to crypto, its capabilities as immutability have been significantly reduced.
A smart contract is a program to command how the blockchain behaves. It sets predetermined conditions for the program to be met to execute operations. The problem is that it opens the possibility for programmers to manipulate codes to reach their own goals.
Of course, we do not undermine benefits from smart contracts, we also need to be aware that such loopholes will exist for hackers to exploit.
In contrast to cryptography, that information will be hidden, some of the information will be exposed in smart contracts for hackers to manipulate. Also, hackers can gain access through predetermined privileges and gain the power to manipulate codes. That will diminish decentralization and increase centralization risks.
🈲 How to Prevent Hacking
One way is to conduct a smart contract audit. It is a crucial step for the Defi project to conduct an audit. Although an audit can not completely eliminate the possibility of hacking, it can uncover flaws to improve the chances to prevent hacking.
Another way is to create a Cefi like Defi. Implementing a central-like command can prevent hacking from executing through smart contracts and attack funds automatically without possible verification.
The third way is to go through a hackathon - a collective event that brings talents to work and helps increase system security. Similarly, submitting a bounty to reward Whitehats is another way to discover the vulnerability of the code.
🎍 Security at Yearn
Whitehat has submitted a report to prevent a possible exploit that can lead to a significant loss of user funds. Yearn was able to fix the vulnerability and report it to the public.
In Conclusion
Security is important in crypto and Defi. Continue improving security is a key to preventing hacking in the future.
Follow me here
Photo by Adrien Converse on Unsplash
Disclosure: The article was written by a delusional author who is possibly a nut job without any questions whatsoever about expertise in the subject matter. You should not believe any words this author wrote or you may experience similar symptoms or even possibly become a nut job.
Sources
https://media.consensys.net/thoughts-on-defi-security-640dde37bb3b
https://medium.com/digital-unicorn/what-is-a-smart-contract-security-audit-8f783f4a7155
https://yearn.substack.com/p/yearn-finance-newsletter-57?s=r
https://github.com/yearn/yearn-security/blob/master/disclosures/2022-01-30.md
Comments