Decentralized finance continues to have its impact on the crypto market, and with more than $ 13 billion in total value of locked-in assets, DeFi projects are clearly resonating with eager crypto investors. Yet, as the DeFi space has grown over the past year, a number of illegitimate projects have come to fruition, in part reminiscent of the ICO boom of 2017 and its subsequent collapse.
For example, Harvest Finance, a major decentralized protocol, was recently hacked. The attacker recovered $ 24 million from the Harvest Finance pools. Most recently, Value DeFi, the decentralized financing protocol, fell victim to a $ 6 million flash loan exploit. And of course, one of the biggest events of the year for DeFi involved SushiSwap, where the creator sold $ 13 million in development funds, causing a stock market crash.
It’s important to point out that the majority of DeFi projects are built on the Ethereum blockchain. According to the DeFiPrime website, there are currently over 200 DeFi projects on the Ethereum network. Yet while Ethereum appears to be the most suitable platform for DeFi projects, network vulnerabilities have played a significant role in hacks and fraudulent activity.
Smart contract transactions on Ethereum require security
Specifically, the smart contracts that power Ethereum are known to be laden with security concerns, which in turn have greatly impacted DeFi projects. In addition, smart contracts applied to multi-billion dollar DeFi projects are often unaudited.
Tom Lindeman, a former senior researcher at Microsoft and former chief executive of the Ethereum Trust Alliance – a group of blockchain companies working on a security system for smart contracts – told Cointelegraph that there is currently no good ways to identify if a smart contract is secure before initiating a transaction:
“The DeFi space is now worth billions of dollars, but a lot of these smart contracts in use are never audited. As such, the DeFi industry continues to experience a wave of activity that leads individuals and organizations to approve token contracts, trade tokens, and add liquidity to pools in rapid succession without being able to easily verify security. contracts.
In an attempt to address security concerns related to smart contracts, Lindeman joined the newly formed EthTrust Security Levels Working Group of the Enterprise Ethereum Alliance as co-chair. According to Lindeman, the task force’s mission will be to continue the advances initially initiated by the Ethereum Trust Alliance, or ETA, which aim to establish standards for secure and intelligent contractual transactions conducted on the Ethereum blockchain.
A registry system for rated smart contracts
Lindeman explained that ETA had been working on its EthTrust project for almost a year, even before the DeFi space started exposing vulnerabilities in Ethereum smart contracts. Coincidentally, the EthTrust project partnered with the Enterprise Ethereum Alliance as the DeFi space was gaining ground.
Daniel Burnett, executive director of the Enterprise Ethereum Alliance, told Cointelegraph that the timing for the new working group is purely coincidental when it comes to DeFi’s rise to power. According to Burnett, the new EthTrust project further demonstrates that the Ethereum network is maturing. “We want to help solve the issues that many of our members have expressed regarding Ethereum,” he said.
Specifically, the new working group plans to tackle security vulnerabilities in smart contracts by creating a standard and ledger system to help users better understand how to differentiate contracts that have undergone rigorous security checks. Although the project is still under development, the goal is to define some requirements that smart contracts must meet to be considered secure.
For example, Pierre-Alain Mouy, a member of the Enterprise Ethereum Alliance, former ETA product owner and managing director of NVISO Security in Germany, told Cointelegraph that a smart contract can achieve three levels of validation to help individuals achieve understand their level of confidence. :
“We started the project by including three different levels of badges that smart contracts can earn to prove their level of trust. The first level is a smart contract being worked through automation. Levels two and three are manual audits by humans to ensure contracts are safe and secure. “
Mouy said that in order for a smart contract to achieve a level one badge, an automated security scan tool will be executed against the contract. The AI-based tool is designed to verify a specific set of requirements that the working group is defining.
If a smart contract continues at level two, individuals will perform a security audit. “There will be definitions for audit companies, explaining how long they need to dig into these smart contracts,” Mouy said, adding further: “Eventually an audit report will be created for the group of work examines it manually. However, we are not listeners. The workgroup acts as a router to verify that these steps are followed. “
Finally, if a smart contract reaches level three, additional specifications and test cases written to verify contract properties will be run. According to Mouy, this is called the “formal verification process”.
Once a smart contract has undergone this step-by-step verification process, the initiative’s ledger system will allow exchanges, for example, to request a specific rating level before new tokens are listed. This system could also be applied to a multi-member consortium that relies on smart contracts for commercial purposes.
Growing interest in secure smart contracts
According to Lindeman, the EthTrust project has already captured the interest of everyday Ethereum users who want to see new things, such as yield farming. He further shared that the Big Four company PricewaterhouseCoopers has expressed interest in using this system to provide smart contract valuations to companies interested in the blockchain space.
The growing interest in secure smart contracts is especially important as the Ethereum infrastructure advances and the promised benefits of Ethereum 2.0 materialize. Burnett believes the Ethereum ecosystem will see increased trust in the future, which will be demonstrated by new projects used by companies, such as the work done by the Base Protocol.
While innovative, it’s important to point out that the new Enterprise Ethereum Alliance working group and the EthTrust project are not the first to tackle smart contract security challenges. For example, blockchain security company Quantstamp has been performing smart contract audits and security checks for blockchain companies since 2017. The company’s clients include major players in the space such as Binance and eToro. Quantstamp recently announced that it will be auditing a new DeFi project on the Polkadot blockchain.
In addition to security firms performing audits, companies are also finding ways to ensure secure smart contracts. For example, Vaiot, a blockchain company that uses artificial intelligence to create digital services for businesses, leverages AI to provide security and software performance in smart contracts. Jakub Kobeldys, Vaiot’s lead developer, told Cointelegraph that while no amount of AI can fully protect itself against code flaws, the technology can help developers significantly:
“Unsupervised learning techniques could detect new flaws in an automated fashion, or at least narrow the search area and give advice to human experts. It could also lead to more dynamic development of frameworks that help developers to code securely. “