Making DeFi transactions on Ethereum safer

[ad_2][ad_1]

Decentralized finance continues to have its impact on the cryptocurrency market, and with more than $ 13 billion worth of total assets frozen, DeFi projects are clearly resonating with eager crypto investors. Yet as the DeFi space has progressed over the past year, a number of illegitimate projects have come to fruition, partly recalling the 2017 ICO boom and its subsequent failure.

For example, Harvest Finance, a major decentralized protocol, was recently breached. The attacker stole $ 24 million from Harvest Finance pools. Most recently, Value DeFi, the decentralized finance protocol, fell victim to a $ 6 million flash loan exploit. And of course, one of the biggest events of the year for DeFi involved SushiSwap, where the creator sold $ 13 million in development funds, causing the market to collapse.

Importantly, most of the DeFi projects are based on the Ethereum blockchain. According to the DeFiPrime website, there are currently over 200 DeFi projects on the Ethereum network. Yet while Ethereum appears to be the most suitable platform for DeFi projects, network vulnerabilities have played an important role in hacks and fraudulent activities.

Smart contract transactions on Ethereum require security

In particular, the smart contracts that power Ethereum are known to be fraught with security issues, which, in turn, have had a major impact on DeFi projects. In addition, smart contracts applied to DeFi projects worth billions of dollars are often not verified in advance.

Tom Lindeman, a former veteran researcher at Microsoft and former CEO of the Ethereum Trust Alliance – a group of blockchain companies working on a smart contract security system – told Cointelegraph that there are currently no good ways to identify if a contract smart is safe before starting a transaction:

“The DeFi space is now worth billions of dollars, but many of these smart contracts used are never audited. As such, the DeFi industry continues to see a flurry of activity that sees individuals and organizations approving token contracts, exchanging tokens, and adding liquidity to pools in quick succession without being able to easily check the security of the contract. “

In an effort to solve the security challenges associated with smart contracts, Lindeman has joined the Enterprise Ethereum Alliance’s new “EthTrust Security Levels Working Group” as its co-chair. According to Lindeman, the working group’s mission will be to continue the advances initially initiated by the Ethereum Trust Alliance, or ETA, which aim to set standards for smart and secure contract transactions conducted on the Ethereum blockchain.

A registry system for valued smart contracts

Lindeman explained that ETA had been working on its EthTrust project for nearly a year, even before the DeFi space began exposing the vulnerabilities of Ethereum’s smart contracts. Coincidentally, the EthTrust project joined forces with the Enterprise Ethereum Alliance just as the DeFi space was gaining ground.

Daniel Burnett, executive director of the Enterprise Ethereum Alliance, told Cointelegraph that the timing for the new working group has been purely coincidental with regards to the rise of DeFi. According to Burnett, the new EthTrust project further demonstrates that the Ethereum network is maturing. “We want to help solve the problems that many of our members have expressed regarding Ethereum,” he said.

Specifically, the new working group plans to address security vulnerabilities in smart contracts by creating a standard and registry system to help users gain greater awareness of how to differentiate which contracts have undergone rigorous security checks. Although the project is still ongoing, the goal is to define some requirements that smart contracts must show to be considered safe.

For example, Pierre-Alain Mouy, a member of Enterprise Ethereum Alliance, former owner of the ETA product and CEO of NVISO Security in Germany, told Cointelegraph that there are three levels of validation a smart contract can achieve to help people understand his level of trust:

“We started the project by including three different levels of badges that smart contracts can earn to demonstrate its level of trust. The first level consists of a smart contract that undergoes work through automation. Levels two and three are manual audits. carried out by people to ensure that contracts are safe and secure “.

Mouy shared that in order for a smart contract to obtain a level one badge, an automated security scan tool will run against the contract. The AI-based tool is designed to verify a specific set of requirements that the team is currently defining.

If a smart contract continues at level two, people will perform a security check. “There will be definitions for the audit firms, which will explain how long they need to dig into these smart contracts,” Mouy said, further adding: “Eventually, an audit report will be created for the team to review manually. However, we are not auditors. The workgroup acts as a router to verify that these steps are taken. “

Finally, if a smart contract reaches level three, additional specifications and written test cases will be run to verify the properties in the contract. According to Mouy, this is called the “formal verification process”.

Once a smart contract has gone through this step-by-step verification process, the initiative’s registry system will allow exchanges, for example, to request a specific rating level before new tokens are listed. This system could also be applied to a multi-member consortium that relies on smart contracts for business purposes.

Growing interest in secure smart contracts

According to Lindeman, the EthTrust project has already piqued the interest of daily Ethereum users who want to see new things, such as yield farming. He also shared that Big Four PricewaterhouseCoopers has expressed interest in using this system to provide smart contract valuations for companies interested in the blockchain space.

The growing interest in secure smart contracts is especially important as Ethereum’s infrastructure progresses and the promised benefits of Ethereum 2.0 are realized. Burnett believes that the Ethereum ecosystem will see greater trust in the future, which will be demonstrated by new projects used by companies, such as the work done by the core protocol.

While innovative, it is important to point out that the new Enterprise Ethereum Alliance working group and the EthTrust project are not the first to address the security challenges of smart contracts. For example, blockchain security firm Quantstamp has been performing smart contract audits and security checks for blockchain companies since 2017. The firm’s clients include major players in the space such as Binance and eToro. Quantstamp recently announced that it will control a new DeFi project on the Polkadot blockchain.

In addition to security companies performing audits, companies are also finding ways to ensure secure smart contracts. For example, Vaiot, a blockchain company that uses AI to create digital services for businesses, leverages AI to provide security and software performance in smart contracts. Jakub Kobeldys, Vaiot’s lead developer, told Cointelegraph that while no amount of AI can fully protect against flaws in the code, the technology can help developers significantly:

“Unsupervised learning techniques could track down new defects in an automated way, or at least narrow down the area of ​​research and provide some hints for human experts. It could also lead to more dynamic development of frameworks that help developers program securely. “