The Current State of DeFi Security

The Importance of Security

Main Vulnerabilities

  • Ice phishing: Also known as signature phishing, this is an attack that is used to trick a target into delegating control of their tokens to a hacker, allowing them to use, transfer, or spend their tokens at will. More often than not, attackers will use this technique to gain a large number of approvals over time, before executing the withdrawals all at once to maximize their returns.
  • Compromised admin keys: One of the more potentially devastating attacks, an attacker uses one of the various methods to gain access to an admin’s private keys, which may give them control over token emission, staking functions, liquidity pools, and various other sources of funds. The attacker then uses this key to call admin functions on affected smart contracts and drain user/project funds.
  • Re-entrency attacks: Re-entrency attacks are one of the more common types of exploit, and occur when a smart contract is used to call a function in a separate untrusted smart contract before the original contract finishes its execution. When the hacker has control over the unsecured smart contract, this can potentially be used to drain assets controlled by the original contract.
  • Smart contract bugs: Many smart contracts are incredibly complex, while some are unique and are used to establish novel functionality, others are simple yet powerful. Whatever the case, errors in the smart contract code can lead to bugs that can be exploited, potentially putting assets worth millions at risk.
  • Overflow attacks: When a value provided by a smart contract value exceeds the maximum allowed value due to a bug in the code, the contract might then circle back to zero. This can cause a huge array of potential problems when other smart contract functions rely on this integer to perform their operations — such as repricing an asset to the provided integer (i.e. zero) and allowing the attacker to purchase it for free.
  • Underflow attacks: Underflow exploits are the exact opposite of overflow attacks, in that a smart contract function is forced to return a value below a minimum threshold, again resulting in an array of potentially deleterious situations that can be exploited by an attacker.
  • Rug pulls: One of the more common attacks/scams in recent years, rug pulls occur when a project either directly makes off with investor money after accumulating as much as possible. Rug pulls can take a variety of different forms, ranging from straight-up theft, to more nuanced approaches like transaction tax manipulation, liquidity pulls, pump and dumps, and more.

The Current State of Affairs

Best Practices

  • Multi-signature verification: Where possible, use multi-signature authentication for any actions that involve spending, moving, issuing, burning, or interacting with funds, upgrading, and modifying smart contracts, or any other tasks that could be exploited.
  • Cold storage: Admin keys, passwords, credentials, and other sensitive materials should be kept in cold storage, leveraging battle-tested hardware wallets and anti-malware solutions to minimize the possible attack surface.
  • Phishing education: For any team members with access to critical smart contract functions and/or funds, consider implementing a simple training routine that educates team members on potential phishing vectors and methodologies.
  • Security audits: Before deploying on mainnet, ensure your code has been thoroughly audited for potential bugs, glitches, inefficiencies, and threat vectors, and ensure these are corrected and re-reviewed before the smart contract is launched. Multiple audits are preferable.
  • Bug Bounties: Bug bounties can be a cost-effective means to identify bugs before they’re exploited by a black hat. Consider offering graded rewards based on the threat level of exploits discovered, and ensure that the reward for critical issues is sufficient to incentivize white hats.
  • Disaster recovery plans: In the unfortunate event that your protocol is exploited, it is best to have a plan of action ready to execute swiftly, helping to limit the damage, reduce panic, and resume operations faster. At the very minimum, this should include a complete shutdown procedure, smart contract review, fork option, damage control plan, and community/investor messaging guidelines.
  • Use a tamper-resistant oracle: Many smart contracts leverage intrinsic blockchain data (e.g. block hashes) or the outputs of other DApps (e.g. pricing data) as a data source. These can often be manipulated, such as through a flashloan attack or through a priority gas auction, which can open up attack vectors. These can generally be avoided by using a decentralized, tamper-resistant oracle, such as Chainlink or Band Protocol.

The Way Forward

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store