If people actually had insurance against hackers This week would definitely have bankrupted a lot of insurers. Within a week A total of four flash loan exploits have been reported (One actually happened the week before, but wasn’t noticed until later.)
We have alright Cheese bank with a theft of $ 3.3 million, acropolis with his $ 2 million loss, DeFi value with a huge exploitation of $ 6 million and eventually The loss of the Origin log of $ 7 million.
Total, Hackers stole $ 18.3 millionwhich is certainly not much less than Harvest Finance’s only October performance.
As always, the most common comments on “Have you been reviewed?” and “Flash credits are bad.” Well, regarding the exam, I was able to find reports for everyone but the Cheese Bank (Maybe it has been redesigned, but it’s not immediately obvious).
Now I feel like a broken record However, people really need to understand that audits will always be limited in their effectiveness. Security companies just don’t have the eyes or the time to find everything.
If there is anything that you want to point out I would focus on that None of these except Acropolis had an instantly recognizable mistake bonus. Even when you consider how easy it is to steal cryptocurrency, These projects should be much more competitive in their payments than any other sector. Audits that seem to cost more than $ 200,000 when you want superior quality don’t seem like the most efficient use of money.
Of course, the rewards won’t suddenly turn blackhat pirates into upright citizens, but they can change the life of a poor kid who makes a living and decides to search his log for his lottery ticket. They would love to receive $ 100,000, have a clear conscience, and save you millions of dollars in the future.
Flash loans are tough but fair
As for flash loans, I think they are the best tool to increase the efficiency of the DeFi market that we have right now. Its purpose is to convey multiple assets through protocols: Buy cheap at Uniswap, sell cheap at SushiSwap, without jeopardizing your own capital. They’re also useful for quickly loosening your positions on credit history, and I’m sure there are other uses. In short, they’re pretty good.
What if, Flash loans make hacks easier. However, remember that anything that can be done with a flash loan can also be done with a large amount of cash. Hackers may not be that rich overall, but they are in reality Better for the ecosystem to get rid of weak implementations and protocols before it grows to absorb a billion dollar hack.
It’s definitely painful to be on the receiving end of a hack, but it’s also a known risk that needs to be managed. Sometimes it may just be bad luck, but this explanation should only be used when all possible mitigation strategies have been exhausted. I hope that any compromised protocol will take steps to ensure it never happens again. On the other hand, Attacks continue until security improves or the log is dead.
DEXs fight over the crumbs that Uniswap left behind
Uniswap, once the largest protocol with a total value of $ 3 billion, Predictably, it lost more than half once it stopped printing UNI rewards for its ether pools.
Most of it came to SushiSwap, which rose from around $ 200 million to $ 1 billion in TVL. Naughty, The project switched its income farming incentives to the same groups that Uniswap had used just the day before its expiration.
Then Bancor started its own liquidity mining program., followed by today Mooniswap. The last two seem to have had modest results, add maybe $ 10 million so far.
So we’re definitely seeing pretty aggressive competition in this space, fueled by a lot of token pressure.
But my thesis from last week seems largely correct: Uniswap doesn’t care. 1.3 billion dollars without any subsidy is a surprising result. It is more than six times higher than it was before the start of the entire earning season. The volume is also stable.
Uniswap luck could be natural Change in the future as the market continues to adapt. Either way, I think this is both a good and a bad sign for the future. On the one hand, we see a very clear long-term stiffness after productive agriculture, which shows that generating organic interest is at least somewhat successful.
On the other hand, We see that productive agriculture is something that is successfulSo it can remain a staple of the DeFi world in the long term. The concept has its merits, but this summer it has proven that often people don’t understand what they’re getting into.
As a hint, Anytime a DeFi protocol token can be used to get more of the same tokens, it’s a very clear dynamic that is similar to Ponzi. It’s a dangerous game, just ask the people who bought SUSHI for $ 11. It could be argued that the use of Ethereum 2.0 is the same, which apparently belies my thesis.. The difference is that the much more reasonable returns avoid the huge boom-bust cycles that are typical of many DeFi “fair starts”.
Maker liquidators “loosen up”
Another issue raised this week was the fact that Maker’s Guardian, the agents in charge of bad debt payments, It turned out that they avoided small loans with inadequate collateral altogether. It seems that opening a $ 100 vault is so uninteresting to them that They will ignore it even if it falls below the security threshold that would allow them to liquidate it.
It’s easy to see why. The liquidators would get a discount of maybe 5% so their theoretical profit is only $ 5, easily consumed by gas rates.
Opening thousands of small safes isn’t that expensive and can create a dangerous security hole for Makers. Rational guards would never repay this debtespecially if it rots and falls significantly below the 100% guarantee threshold.
That would create a backless Dai, similar to Black Thursday. I am sure that in practice some stakeholders would act altruistically to repay debts at loss before it is too late. As we saw at the MKR auctions after the incident earlier this year, the system is also designed to be salvaged in these situations.
But this and the vulnerability of the urgent loans from a few weeks earlier indicate that there are some problems in paradise. For example, One of the reasons the community refused to compensate Black Thursday victims is because it was viewed as a market failure, not the auction system.
That makes sense, but this latest discovery rocked the community to fix the issue while waiting for a slight redesign of the auction system. This shows a certain cognitive dissonance: They say the system used to “work well” and now needs to be changed due to a similar market failure.
Personally, I find Maker’s governance fascinating and unique among his peers. This year they have had to grapple with some very difficult decisions that go well beyond just adjusting arbitrary collateral parameters.
I really disagree with some of these options. I definitely think the decision not to reimburse Black Thursday victims was biased. although it may have been the product of mutual distrust in the face of the collective lawsuit hanging over their heads.
But that’s human nature, and I hope that at some point the DeFi government will go through many of the lessons history has taught us. Some people have high hopes that DeFi governance will reshape societies simply because it is “decentralized”.. I hope it does, but so far I only look at their current policies, including affiliations, propaganda and deviations.