Yearn Finance Comic โ€” Part 5

0 31
Avatar for xuanling11
2 years ago

Security is one of the most important topics in Decentralized Finance.

Without the security, your fund is for others to grab ๐Ÿ’ธ.

https://twitter.com/BlockSecTeam/status/1520350965274386433

๐Ÿ”’ Crypto Security

https://twitter.com/xuanling11/status/1520597120226529280

Crypto itself is a component derivative from cryptography - a technique to secure communication in the presence of malicious third parties. It is prone to attacks from multiple aspects. Cryptocurrency Security Standard (CCSS) was introduced in 2014 to provide an open standard for protecting crypto operations that are separated with three levels of a security audit.

Level I is the most stringent security protection and Level III is the least stringent security protection.

The audit components include:

Image credit: https://www2.deloitte.com/mt/en/pages/technology/articles/mt-article-cryptocurrency-security-standard-CCSS.html

  • Key/seed generation

  • Wallet creation

  • Key storage

  • Key usage

  • Key compromise policy

  • Keyholder grant/revoke policies & procedures

  • Third-party security audits/pentests

  • Data sanitization policy

  • Proof of reserve

  • Audit logs

Even if you passed a level III audit does not guarantee your crypto to be safe.ย 

๐Ÿ‘ฎ Defi Security

The core component of Defi is smart contracts. Only the problem with the smart contract is that it defeats the original design intent of cryptocurrency. Despite the benefit of the smart contract to bring more functionality to crypto, its capabilities as immutability have been significantly reduced.ย 

A smart contract is a program to command how the blockchain behaves. It sets predetermined conditions for the program to be met to execute operations. The problem is that it opens the possibility for programmers to manipulate codes to reach their own goals.

Of course, we do not undermine benefits from smart contracts, we also need to be aware that such loopholes will exist for hackers to exploit.

Image credit: https://media.consensys.net/thoughts-on-defi-security-640dde37bb3b

In contrast to cryptography, that information will be hidden, some of the information will be exposed in smart contracts for hackers to manipulate. Also, hackers can gain access through predetermined privileges and the gain power to manipulate codes. That will diminish decentralization and increase centralization risks.

๐Ÿˆฒ How to Prevent Hackingย 

One way is to conduct a smart contract audit. It is a crucial step for the Defi project to conduct an audit. Although an audit can not completely eliminate the possibility of hacking, it can uncover flaws to improve the chances to prevent hacking.

Another way is to create a Cefi like Defi. Implementing a central-like command can prevent hacking from executing through smart contracts and attack funds automatically without possible verification.

The third way is to go through a hackathon - a collective event that brings talents to work and helps increase system security. Similarly, submitting a bounty to reward Whitehats is another way to discover the vulnerability of the code.

๐ŸŽ Security at Yearn

Whitehat has submitted a report to prevent a possible exploit that can lead to a significant loss of user funds. Yearn was able to fix the vulnerability and report it to the public.ย 

In Conclusion

Security is important in crypto and Defi. Continue improving security is a key to preventing hacking in the future.ย 

3
$ 1.28
$ 1.28 from @TheRandomRewarder
Sponsors of xuanling11
empty
empty
empty
Avatar for xuanling11
2 years ago

Comments