With the The total value of frozen assets in DeFi is now worth over $ 13 billion, many are expecting this portion of the crypto space to grow at a rapid pace. In fact, in the third quarter of 2020 alone, the DeFi ecosystem saw its transaction volume exceed $ 123 billion, with 96% of the total belonging to Ethereum.. However, DeFi’s growth has suffered in the past due to Ethereum’s scalability and high gas tariffs problems. Now it seems that the defects of the network do not end there.
A recent survey of Ethereum smart contracts found that nearly 3,800 smart contracts had “serious weaknesses” that could allow cybercriminals to quickly steal a million dollars. The researchers in question were able to scan six-month-value blocks from the Ethereum blockchain and found that 3,779 contracts had 13 different types of vulnerabilities, including 4 high-severity vulnerabilities. The total value of these vulnerable smart contracts was 2,088 ETH, or $ 964,172, the team found.
The space in question is not new to such vulnerabilities and related flaws, however. Indeed, in 2016, an Ethereum smart contract vulnerability known as a “re-entry attack” allowed a cybercriminal to to steal $ 50 million.
In that case, the researchers found that the re-entry attack affected how the decentralized venture capital fund’s DAO tokens were traded. Due to an error in the smart contract code, an attacker was able to continuously withdraw funds in an almost infinite loop. In fact, the Uniswap and Lendf.me protocols have also faced reentry attacks in the past, with each of these attacks fueling more questions about DeFi’s security and protection.
While Ethereum remains one of the crypto-space giants with over 1,900 different tokens built on it, for DeFi to go mainstream, developers first need to secure its architecture. The steps could include more scrutiny, stricter testing of smart contracts, and even implementing bug bounty programs to detect vulnerabilities.
As for users, the researchers in question recommended testing whether the platforms they are on use a vulnerable smart contract. For example, users can use Etherscan or a similar explorer to see if these contracts have been checked and verified.