DeFi uses public blockchains and is still a new fiscal scheme. Given that the DeFi sector is still immature, it’s quite vulnerable even though developers are trying everything to conceal the loopholes. But what is DeFi? This is a short form for ‘decentralized finance,” which is a system of several financial applications in cryptocurrency or blockchain with the goal of disrupting financial intermediaries.
The recent incidents with bZx is a perfect example of how attackers can find those loopholes and use them for personal gain. Despite the risks, more and more people are embracing DeFi, according to experts. The impressive growth shows us that Decentralized Finance is proof enough that there’s a demand for yield-generation protocols. We can’t ignore the risks, however! Most DAPPs are within the gaming and gambling sector. So, what are they?
Coding risks refer to the exploitable attack vectors due to an underlying code that supports the platform or protocol. DeFi is a software created with different lines of code that support a variety of financial services.
Due to the complex nature of DeFi protocols, it’s common to find errors with the code that can provide malicious hackers with an attack vector that they can use to steal funds.
Aside from the obvious risk of losing money, coding risks also put the greater DeFi ecosystem at the mercy of attackers. DeFi is composed of different protocols, and if one protocol is unstable, the entire ecosystem is at risk.
The Cambridge Center of Alternative Finance explained coding risk stating that stacking and composability of the smart-contracts pose a threat. If one underlying smart-contract breaks, the whole stack will plunge like a house of cards.
Dedicated Denial of Service or DDOS is a technique that hackers use to disrupt a website or service. It involves flooding an application, website, or server with useless requests to prevent real users from submitting their own.
That’s perhaps the main reason why there’s a transaction fee associated with a lot of blockchains and distributed ledgers. The fee prevents DDOS attacks by making it expensive to submit multiple transactions.
The DDOS attack could also be executed against an application of a website interfacing with a blockchain, thereby disrupting their access to the decentralized application for a given period. Here are the ways hackers attack.
- Overflow: They execute processes like integer calculation or data buffering in specific ways to cause unintended results if they are unable to code.
- Injection: Some software allows users to make use of SQL databases or manage data using the command line. This allows attackers to access the commands and change data for unintended purposes.
- Uncontrolled Format Strings: This can be a problem because it exploits the forms that users submit their data needed for their security. These format strings are used to execute functions that prevent users from access.
Smart Contract Risk
Decentralized finance projects are highly dependent on smart contracts that run on Ethereum. The programs’ code is public, and any programmer with sufficient knowledge about this code can examine and interact with it freely.
These networks that run on smart contracts are exposed to hackers. One scenario was in 2016 when a hacker stole 3.6m ETH valued at approximately $70 million. That was about 10 percent of the total ETH supply at that period.
The hacker, however, could not access the funds until after 28 days, and that was the end. In between the waiting period, the Ethereum group reversed the transaction. There’s a high likelihood that the solution may fail to work next time.
Oracle Manipulation Risk
Blockchains depend on oracles to get information from supportive sources. DeFi’s depends on oracles for price data. It’s not Ethereum that determines the price of ETH but the markets. The price is fed via oracles. The oracle may be a DEX, multiple DEXes, or oracle services such as Chainlink.
Oracle manipulation risk happens when a DeFI DAPP uses one or two exchanges as an oracle. Traders can take advantage of that and manipulate the price information by trading a large transaction to play with the price.
Less liquidity means it’s easier to manipulate the price on the exchange. The trader can then initiate a second leveraged trade on the manipulated price to make a maximum profit.
A perfect example is an attack on bZx. The attacker used layered tactics, oracle manipulation being one of them, to drain funds from the Fulcrum exchange. The attacker was able to manipulate the price of Synthetix’s USD and borrowed 6,800 ETH on bZx.
Public blockchains control DeFi protocols. The blockchains usually have a native digital asset. The support blockchain asset’s price performance likely affects the holdings locked in a DeFi protocol. This may lead to a profit or loss.
There is also a risk of impermanent loss (IL). IL refers to the scenario where AMM-held tokens seem to have a different value than what would be in a wallet. This usually happens due to the synergistic events occurring in an AMM to keep the ecosystem running. A user may find their holdings are of lesser value in the AMM than they would if they were holdings in a wallet.
According to the Balancer, IL is the percentage of the reduced value of tokens in a pool from what it would have been the value of the same tokens while outside the pool. The longer the user participates in the AMM, the more IL balances itself. Regardless, IL remains a risk.
The DeFi industry is controlled by a specific regulatory environment. Because it’s a new entry, the blockchain industry is under intense scrutiny from the tasked institutions and regulators whose role is to protect the greater public.
Unfortunately, due to ununderstandable factors such as disagreements between the regulators and the industry, and the complexities in technology, some jurisdictions oppose the existence of DeFi. Fortunately, they are coming to a shared understanding, which may solve the issue in due time.
Even though these risks exist, they are not reasons to avoid DeFi. After all, life itself is a risk, and there are more risks in every financial sector, including the broader crypto and the traditional financial markets. We advise you to do your own research before investing your funds in crypto. You’ll be able to lay down some measures to approach and manage those risks at a personal level. Better understanding will allow you to use gambling DAPPs without any worries.