Yearn Finance Comic โ Part 5
Security is one of the most important topics in Decentralized Finance.
Without the security, your fund is for others to grab ๐ธ.
https://twitter.com/BlockSecTeam/status/1520350965274386433
๐ Crypto Security
https://twitter.com/xuanling11/status/1520597120226529280
Crypto itself is a component derivative from cryptography - a technique to secure communication in the presence of malicious third parties. It is prone to attacks from multiple aspects. Cryptocurrency Security Standard (CCSS) was introduced in 2014 to provide an open standard for protecting crypto operations that are separated with three levels of a security audit.
Level I is the most stringent security protection and Level III is the least stringent security protection.
The audit components include:
Image credit: https://www2.deloitte.com/mt/en/pages/technology/articles/mt-article-cryptocurrency-security-standard-CCSS.html
Key/seed generation
Wallet creation
Key storage
Key usage
Key compromise policy
Keyholder grant/revoke policies & procedures
Third-party security audits/pentests
Data sanitization policy
Proof of reserve
Audit logs
Even if you passed a level III audit does not guarantee your crypto to be safe.ย
๐ฎ Defi Security
The core component of Defi is smart contracts. Only the problem with the smart contract is that it defeats the original design intent of cryptocurrency. Despite the benefit of the smart contract to bring more functionality to crypto, its capabilities as immutability have been significantly reduced.ย
A smart contract is a program to command how the blockchain behaves. It sets predetermined conditions for the program to be met to execute operations. The problem is that it opens the possibility for programmers to manipulate codes to reach their own goals.
Of course, we do not undermine benefits from smart contracts, we also need to be aware that such loopholes will exist for hackers to exploit.
Image credit: https://media.consensys.net/thoughts-on-defi-security-640dde37bb3b
In contrast to cryptography, that information will be hidden, some of the information will be exposed in smart contracts for hackers to manipulate. Also, hackers can gain access through predetermined privileges and the gain power to manipulate codes. That will diminish decentralization and increase centralization risks.
๐ฒ How to Prevent Hackingย
One way is to conduct a smart contract audit. It is a crucial step for the Defi project to conduct an audit. Although an audit can not completely eliminate the possibility of hacking, it can uncover flaws to improve the chances to prevent hacking.
Another way is to create a Cefi like Defi. Implementing a central-like command can prevent hacking from executing through smart contracts and attack funds automatically without possible verification.
The third way is to go through a hackathon - a collective event that brings talents to work and helps increase system security. Similarly, submitting a bounty to reward Whitehats is another way to discover the vulnerability of the code.
๐ Security at Yearn
Whitehat has submitted a report to prevent a possible exploit that can lead to a significant loss of user funds. Yearn was able to fix the vulnerability and report it to the public.ย
In Conclusion
Security is important in crypto and Defi. Continue improving security is a key to preventing hacking in the future.ย