Report identifies some serious 'non-financial risks' for DeFi - Defi - CryptoTalk.Org Jump to content
kyoukage01

Report identifies some serious 'non-financial risks' for DeFi

Recommended Posts

Spoiler

Report identifies 18 serious 'non-financial risks' for DeFi

Martin Young

 

Beyond the obvious financial risks, there are a number of technical risks DeFi users should be aware of.

 

A November report by data and research company BraveNewCoin has highlighted a number of serious ‘non-financial’ risks in decentralized finance. The financial risks involved with DeFi have been well documented, but the new report delves into more technical concerns associated with Ethereum-based smart contract finance protocols.

 

The report, penned by BNC analyst Xavier Meegan, begins with scalability risks which anyone dealing with DeFi in September this year will be familiar with. Network congestion resulting in high gas fees and failed transactions can cause DeFi protocols to malfunction or not work as intended.

 

During the height of the yield farming frenzy, average Ethereum transaction fees skyrocketed to record figures around $15. The report cited the Black Thursday event as an example;

“We saw this happen on Black Thursday in March 2020, when actors in MakerDAO (liquidators) could not access auctions to bid on collateral,resulting in collateral being sold for free.”

Numerous smart contract vulnerabilities were cited, including reentrancy risk which occurs when a contract sends ETH before updating its internal state. The $25 million dForce attack in April is an example of a reentrancy exploit.

 

Flash loans (where assets can be borrowed and repaid within the same transactions) can exploit this, with notable examples this year including bZx, Opyn, Harvest Finance, and more recently Pickle Finance.

 

Oracles also pose a risk as a smart contract may receive deceitful or innacurate input regarding off-chain values or asset prices due to the manipulation of information from the provider or a malicious actor.

 

Protocol design can pose a risk if it can be manipulated to benefit cyber-criminals. Composability is a good example of this whereby a DeFi protocol needs to rely on another protocol to function. The report noted that the "money Lego" concept of interconnectivity within the ecosystem opens it up to further risk;

“The current inter-connectedness of DeFi is extremely similar to how traditional finance was before the Global Financial Crisis (GFC) in 2007–08.”

There is also centralization risk associated with DeFi, if protocols are controlled by a central intermediary or governance is controlled by a few whales. Uniswap’s first governance vote was a good example of how a small number of players can attempt to control the outcome. Additionally, the bulk of stablecoins used in DeFi are centralized and controlled by corporations.

 

Reliance on Infura as a node infrastructure operator is also risky as the industry found out during the minor outage in mid-November. Infura provides cloud-based Ethereum clients so that users do not have to run their own nodes.

“An estimated 63% of the Ethereum community use Infura as their preferred method of interacting with the blockchain. What are the consequences if Infura does not function as expected one day?”

The report added that there were several other risks such as economic incentive risk, financial illiteracy risk, and regulatory risk. It concluded that there was also the risk of more risks being found making the entire ecosystem sound like one big financial nightmare!

source: https://cointelegraph.com/news/report-identifies-18-serious-non-financial-risks-for-defi

 

Investing on DeFi can be risky especially now that its hype may have gone down at this point, as some investors found out the hard way when DeFi tokens start plummeting last few weeks ago. And to add insult to injury, a recent report has been published that identifies a few more reasons why DeFi is indeed risky.

 

The link to that report is here. Take note - the report itself can be freakishly long.

 

Going back to the article by Cointelegraph, it briefly explained that there are half a dozen or so risks associated with DeFi's scalability, along with risks on other areas like: inputting false off-chain value data on oracles, design and composability risks stemming from poor planning and/or intentional scams, tokens being controlled by a centralized authority and/or a few whales, and over-reliance on Infura, which the report described as a risk due to it being provided by just a single entity - Ethereum's ConsenSys.

 

The large amount of risks that DeFi currently face is no joke. But if taken in a positive light, the report can serve as a helpful advice to the current and future serious DeFi projects. Addressing these issues may be a daunting task, but once resolved, DeFi will become more useful and secure.

 

Edited by kyoukage01
  • +1 1
  • +4 2

 

New to the Cryptotalk forum? Here's something that might help you get started:

https://cryptotalk.org/topic/24401-forum-tutorials-tips-and-tricks-for-newbies-compilation/

 

Share this post


Link to post
Share on other sites

This report must be read by all users who are investing on Decentralized Finance.Some concerns like Smart Contract Vulnerability seems really concerning in my opinion. At this time , companies are pushing their products in hurry as for competing and many dapps(Justswap particularly) aren't that much effective. I have seen mostly in Tron Blockchain. Which makes me doubtful that there may be the bugs in application too. But bug bounty Hunters are working, so there isn't that much to worry.

I didn't understand the precise Smart Contract Vulnerability in the report as my coding skilss aren't that much great. But as mentioned in earlier portion these are very less in number.

Scalability risks seems already solved in other blockchain than eth as other network aren't that much congested. However Eth2.0 will solve this.

And Talking about oracles risk, It's kinda not possible for wrong information to pas through nodes in my view as far I know. They checks many APIs before entering data and considering the plethora number of nodes. Until someone is coming with huge mindset to attack we won't see oracle error. However for newly launched oracles with small number of nodes its matter of concerns.

The risks are there but vulnerability in code seems is the one that really needs to be look in my opinion.

  • +1 1
  • +2 1
  • +5 1

NOTHING I SAY IS FINANCIAL ADVICE. YOU SHOULD USE YOUR MIND ,FOR YOUR MONEY,

Share this post


Link to post
Share on other sites

@Ridam Indeed, the points made in the report isn't something to be easily dismissed by traders and investors if they want to get the most out of their investments in DeFi.

 

The report itself may be long, but the author wrote it in a way that is pretty understandable. IMO, each point is worthy of more in-depth discussions, as the explanations given are not enough if you ask me.

 

If there is something an average crypto user can get out of all this, it is that sloppily made DeFi projects may be a sure sign of a scam. Better watch out.

 

  • +1 2
  • +3 1

 

New to the Cryptotalk forum? Here's something that might help you get started:

https://cryptotalk.org/topic/24401-forum-tutorials-tips-and-tricks-for-newbies-compilation/

 

Share this post


Link to post
Share on other sites
1 hour ago, kyoukage01 said:

@Ridam

 

If there is something an average crypto user can get out of all this, it is that sloppily made DeFi projects may be a sure sign of a scam. Better watch out.

 

It's long but it's worth reading. And for Average Crypto users, I also like to add we should double check holdings of token by whale. If there is chance that he/she may dump the token at peak then we must be aware about that already. We have seen that in sushi swap by the founder Chef. So taking note of that earlier is must in my opinion.

  • +1 1
  • +3 1

NOTHING I SAY IS FINANCIAL ADVICE. YOU SHOULD USE YOUR MIND ,FOR YOUR MONEY,

Share this post


Link to post
Share on other sites

I think these is the more reason why individuals shouldn't venture into processes and concepts that they don't understand fully, personally I am still trying to get acquainted to the whole Defi concept. 

  • +1 1

Share this post


Link to post
Share on other sites

As it is cleared at first that non financial risks should be explained then other than the non financial risks may be that it may loss it's reputation . It may be less useful. It may be less popular and defi tokens may be also become down.

Share this post


Link to post
Share on other sites

I think these are even more reasons why people shouldn’t take the initiative about processes and ideas that they don’t fully understand, personally I’m still trying to get acquainted with the whole defi concept.  By working here you can earn a lot of money in a short time.

Share this post


Link to post
Share on other sites
On 12/12/2020 at 11:32 AM, kyoukage01 said:

The large amount of risks that DeFi currently face is no joke. But if taken in a positive light, the report can serve as a helpful advice to the current and future serious DeFi projects. Addressing these issues may be a daunting task, but once resolved, DeFi will become more useful and secure.

In case of Ethereum blockchain-based DeFi platforms, scalability problem is becoming the most serious issue. Other undetectable bugs in the system can create another problem as the locked funds will at risk any time. I just checked that long report, the concerns that article attempted to uncover, are really meaningful here.

Fortunately, we have already seen solid platforms like Uniswap and Compound, newer platforms are gradually coming up with some sort of technical problems. The only one solution is to create the solid architecture of both DeFi platforms and blockchain. 

Edited by Whited35
  • +3 1

 

 

Share this post


Link to post
Share on other sites
On 1/19/2021 at 7:54 PM, Whited35 said:

Fortunately, we have already created solid platforms like Uniswap and Compound, newer platforms are gradually coming up with some sort of technical problems. The only one solution is to create the solid architecture of both DeFi platforms and blockchain.

So for now, should we stick to already established DeFi platforms like Uniswap and take extra precaution on newer projects, just to be safe? Makes sense in case the newer DeFi projects turn out to be outright scams.

 

As for creating "the solid architecture", the DeFi platforms ought to improve their services and systems, as improvements will also boost crypto users' confidence in using DeFi itself. But things shouldn't be rushed either, as sloppy improvements can lead to bigger problems. So let's just wait and see if there will be news on such improvements for this year.

 

  • +3 1

 

New to the Cryptotalk forum? Here's something that might help you get started:

https://cryptotalk.org/topic/24401-forum-tutorials-tips-and-tricks-for-newbies-compilation/

 

Share this post


Link to post
Share on other sites
3 hours ago, kyoukage01 said:

So for now, should we stick to already established DeFi platforms like Uniswap and take extra precaution on newer projects, just to be safe? Makes sense in case the newer DeFi projects turn out to be outright scams.

Open source platform Uniswap is seen safest one and I just wonder to think why investors are loving to choose newer platforms to lock their huge amounts, just a greed or there can be any sort of their psychology? Single security breach might be very costly. 

3 hours ago, kyoukage01 said:

But things shouldn't be rushed either, as sloppy improvements can lead to bigger problems. So let's just wait and see if there will be news on such improvements for this year.

Developers should be focused for making the strongest encryption and it is really a time-consuming process to develop the bug-free platforms. The problem is, some sort of bugs will be still there despite any sort of efforts from the developers. 

  • +2 1

 

 

Share this post


Link to post
Share on other sites

I don't know about defi and i have not defi .but this information is really good and thanks for giving me this information. I decided that i can use this site .I like this plateforam and this is a good for many people. 

Share this post


Link to post
Share on other sites
On 1/22/2021 at 3:44 PM, Whited35 said:

Open source platform Uniswap is seen safest one and I just wonder to think why investors are loving to choose newer platforms to lock their huge amounts, just a greed or there can be any sort of their psychology? Single security breach might be very costly. 

This is what I think. If a new platform turns out to be a pyramid or a Ponzi, earlier investors get to have the advantage of being served first and getting more profits than later ones, assuming they can bail out their investments once they smell some smoke (scam accusations) on the platform. This same strategy can also be used on DeFi projects. So greed is not the only thing in play here, for those investors it is also a battle of wits; if they can get away with profits from the scam projects early on, then they win. If they can't withdraw their investments and earned nothing from the project, they lose.

 

On 1/22/2021 at 3:44 PM, Whited35 said:

Developers should be focused for making the strongest encryption and it is really a time-consuming process to develop the bug-free platforms. The problem is, some sort of bugs will be still there despite any sort of efforts from the developers. 

At least efforts are being done. It would have been worse if nothing is being done at all. DeFi platforms will suffer the same ridicule as the ICO craze if all these major issues in the report goes unresolved and someone decides to exploit the weaknesses in the platforms.

 

  • +3 1

 

New to the Cryptotalk forum? Here's something that might help you get started:

https://cryptotalk.org/topic/24401-forum-tutorials-tips-and-tricks-for-newbies-compilation/

 

Share this post


Link to post
Share on other sites
On 1/26/2021 at 9:17 AM, kyoukage01 said:

At least efforts are being done. It would have been worse if nothing is being done at all. DeFi platforms will suffer the same ridicule as the ICO craze if all these major issues in the report goes unresolved and someone decides to exploit the weaknesses in the platforms.

Self executing smart contracts from the blockchain network have opened the another horizon for DeFi but I think encryption alone is not ensuring the top rated security to protect user's assets or the locked amounts. Hackers should be entertaining to hack the new DeFi platform after noticing the wormholes but older DeFi platforms are also at the risk i.e. if a hacker manage to hack a protocol, massive numbers of participating nodes will be about to suffer. You might love to check this report again https://cointelegraph.com/news/the-code-is-key-solutions-for-overcoming-defi-security-breaches

  • +3 1

 

 

Share this post


Link to post
Share on other sites
12 hours ago, Whited35 said:

The threat of hackers in the digital world is ever present, and crypto projects ought to be more aware of that threat.

 

I've read the link, thanks. Among the four steps mentioned in the article, I find the last one to be worth mentioning at the moment. It says that a bug bounty program should be offered so that potential vulnerabilities can be reported. But what about the rewards? If it is just a paltry sum of money, hackers will just scoff at the offer and exploit any bugs they can find for bigger profit anyway. Richer companies might be able to afford a bigger bounty, but that would mean smaller companies can't. I guess that would mean we should also look at the companies themselves on whether or not they are fully committed to their DeFi projects enough to dedicate much time and money on it.

 

... ... ...

 

Here's another article from Cointelegraph. It's a bit old, but you might find it interesting if you haven't read it yet.

https://cointelegraph.com/news/the-defi-hack-what-decentralized-finance-should-and-shouldnt-be

 

Edited by kyoukage01
  • +4 1

 

New to the Cryptotalk forum? Here's something that might help you get started:

https://cryptotalk.org/topic/24401-forum-tutorials-tips-and-tricks-for-newbies-compilation/

 

Share this post


Link to post
Share on other sites
On 1/29/2021 at 8:16 AM, kyoukage01 said:

Here's another article from Cointelegraph. It's a bit old, but you might find it interesting if you haven't read it yet.

https://cointelegraph.com/news/the-defi-hack-what-decentralized-finance-should-and-shouldnt-be

Thanks, I did not check this cool article before but I was familiar with  dForce and MakerDao which are mentioned in the article. Clearly, safe guarding the users' assets is the most challenging part. Harvest attack is another dangerous threat to the DeFi sector in which attackers manage to detect fault through arbitration function.  Despite the several attempts from the Devs,  smart contract vulnerability like mentioned above is looking the serious one and some solutions are being proposed. 


 

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...