Decentralized funding continues to have a significant impact on the cryptocurrency market. With a total value of more than $ 13 billion, DeFi projects are clearly rumbling among avid crypto investors. Although the DeFi ecosystem has evolved over the past year, a number of illegitimate projects have sprung up that remind us of part of the 2017 ICO boom and its subsequent crash.
For example, Harvest Finance, one of the largest decentralized logs, was recently hacked. The attacker stole $ 24 million from Harvest Finance pools. In recent events Value DeFi, Another DeFi protocol was the victim of a $ 6 million vulnerability. And of course one of the biggest events of the year for DeFi SushiSwap, where its creator sold $ 13 million from the development fund, causing a market crash.
It is important to note that most DeFi projects are based on the Ethereum blockchain.. According to the DeFiPrime website, there are currently more than 200 DeFi projects on the Ethereum network. Although Ethereum appears to be the most suitable platform for these projects, network vulnerabilities have played an important role in hacking and fraudulent activity.
Smart contract transactions on Ethereum require more security
Especially The smart contracts that power Ethereum are known to be fraught with security issues, which in turn have a huge impact on DeFi projects. Also, smart contracts used in billions of dollars worth of DeFi projects are often not pre-examined.
Tom Lindeman, former Microsoft researcher and former CEO of the Ethereum Trust Alliance, a group of blockchain companies working on a security system for smart contracts, He told Cointelegraph that there are currently no efficient ways to determine if a smart contract is secure before initiating a transaction:
“The DeFi sector is worth billions of dollars today, but many of these smart contracts that are in use are never audited. This is why the DeFi sector continues to see an increase in activity where people and organizations approve token contracts. , Exchange tokens and supply pools with liquidity in quick succession without being able to simply check the security of the contracts. “
To solve the security issues related to smart contracts, Lindeman joined the newly formed company “EthTrust Security Levels Working Group” the Enterprise Ethereum Alliance as co-chair. According to Lindeman The task of the task force will be to continue the advances originally initiated by the Ethereum Trust Alliance. or ETA, which aim to set standards for safer smart contract transactions on the Ethereum blockchain.
A registration system for qualified smart contracts
Lindeman stated that ETA had been working on its EthTrust project for almost a year, even before the DeFi ecosystem uncovered the flaws in Ethereum’s smart contracts. Random, The EthTrust project teamed up with the Enterprise Ethereum Alliance when the DeFi ecosystem caught the attention of investors.
Daniel Burnett, The CEO of the Enterprise Ethereum Alliance told Cointelegraph so The creation of the new task force was just a fluke when it came to the DeFi boom. Burnett said the new EthTrust project continues to show that the Ethereum network is maturing. “We want to help solve the problems that many of our members have raised regarding Ethereum,” he said.
Specifically, The new working group plans to address security loopholes in smart contracts by creating a standards and registration system that will help users better understand how to distinguish which contracts have undergone rigorous security reviews. While the project is still in progress, the goal is to define certain requirements that smart contracts must have in order to be considered secure.
For example, Pierre-Alain Mouy, Member of the Enterprise Ethereum Alliance, former ETA Product Owner and Managing Director of NVISO Security in Germany, He told Cointelegraph that there are three levels of validation a smart contract can achieve to help people understand their level of trust:
“We started the project with three different levels of badges that smart contracts can earn to demonstrate their level of trust. Level 1 consists of a smart contract that is processed by automation. Levels 2 and 3 are audits. Manuals from people, to ensure the security of contracts. “
Mouy shared the pIn order for a smart contract to receive a Level 1 badge, an automated security scan tool is run against the contract. The AI-based tool is used to review certain requirements that the working group is currently defining.
When a smart contract advances to level two, experts run a security audit. “There will be definitions for accounting firms that will explain how long it will take them to analyze these smart contracts,” said Mouy, adding, “Eventually an audit report will be produced for the task force to manually review, but we are not Auditors. The working group acts as a router to verify that these steps are being carried out. “
To the last, When a smart contract reaches level three, additional specifications and written test cases are run to check the characteristics of the contract. According to Mouy This is known as the “formal review process”.
Once a smart contract has gone through this step-by-step review process, The initiative’s registration system enables exchanges, for example, to request a specific rating level before new tokens are listed. This system could also be applied to a multi-member consortium that relies on smart contracts for business purposes.
The growing interest in more secure smart contracts
According to Lindeman, the EthTrust project has already piqued the interest of Ethereum users who are craving new things like high-yield farming. He also announced that the signing of the Big Four, PricewaterhouseCoopers has expressed interest in using this system to provide smart contract rankings to companies interested in the blockchain space.
The growing interest in more secure smart contracts is especially important as the Ethereum infrastructure advances and The promised advantages of Ethereum 2.0 come into play. Burnett believes the Ethereum ecosystem will have more trust going forward. this will manifest itself in new projects that are used by companies, than the work that the baseline protocol does.
While it’s a bit groundbreaking, it’s worth noting that the Enterprise Ethereum Alliance’s new task force and EthTrust project aren’t the first to look at smart contract security issues. For example the blockchain security company, Quantstamp has been performing smart contract reviews and security reviews for blockchain companies since 2017. The company’s customers include key players such as Binance and eToro. Quantstamp recently announced that will consider a new DeFi project based on the Polkadot blockchain.
In addition to security companies doing audits, companies are also finding ways to ensure more secure smart contracts. For example, Vaiot a blockchain company that uses artificial intelligence to create digital services for businesses, uses AI to deliver software security and performance in smart contracts. Jakub Kobeldys, the main developer of Vaiot, He told Cointelegraph that while no amount of AI can completely protect against code failure, the technology can help developers significantly:
“Unsupervised learning techniques could find new bugs in an automated way, or at least narrow the search area and give some pointers to human experts. This could also lead to a more dynamic development of frameworks that help developers code in a way.” for sure”.