DeFi attacks may be ‘fundamentally caused by centralization of power’
Love it or hate it, decentralized finance has been taking the cryptocurrency space by storm in recent times. Using smart contracts on the blockchain, DeFi apps enable lending, borrowing, and a multitude of other financial services, without the need for a trusted third party.
Using only code to ensure these operations are valid, decentralized finance has been touted as one of the biggest use-cases for smart contracts and DLT in recent times. And while Ethereum has been getting in on most of the action, Bitcoin might not be far behind.
Smart contract platform RSK recently announced Token Bridge, an interoperability protocol between the Bitcoin-pegged sidechain and Ethereum, a development that could have serious implications with respect to DeFi’s direction in the future. According to Richard Ma, CEO and Co-founder of smart contract auditing firm, Quantstamp, “there’s a lot more emphasis on Bitcoin today.”
During a recent episode of POV Crypto, Ma spoke about the potential attack vectors towards DeFi and the importance of permissionless finance.
After the recent bZx flash loan fiasco showed just how primitive these systems are in defending against arbitrage and executing complex transactions, it’s still remarkable they even exist — systems which would never have been possible under the traditional financial system.
Though flash loans have been written off as the source problem of the bZx “attack,” alongside several other theoretical attacks on governance, Ma explained that many of these attacks are actually possible without the use of flash loans.
“The difference is that now the playing field has been leveled between people that have millions of dollars of assets and people that have nothing.”
Ma went on to highlight how it would be difficult to use one’s own money to take advantage of this kind of arbitrage opportunity due to the low liquidity of mixers and strict KYC enforcement on most exchanges.
“Now it makes a lot more sense because you use other people’s money to attack the project and at the end, you’re returning their money. So that’s completely not tied to you,” he said, adding that the only part that one needs to anonymize is the gains from the activity.
Ma also said that one of the major attack vectors being overlooked by projects and users are denial of service (DoS) attacks, a new variation of attacks that could cripple the permissionless financial services space in the future. According to him, these attacks are “fundamentally caused by the centralization of power.”
Though there are many variables to address before DeFi apps achieve mainstream adoption, it’s fair to say that they’re a step in the right direction. With countless people cordoned off from the traditional banking system, decentralized finance is en route to provide access to financial services for millions across the world.
As the $1 billion locked in DeFi continues to grow and more projects start to develop for decentralized finance, this could be the next frontier for the cryptocurrency industry.