- DeFi protocols need to adopt a more principled security approach to mature.
- They could use standardized specifications that limit what a protocol is allowed to do.
- Many protocols already adopt so-called invariant controls.
DeFi protocols must move beyond “patch-after-hack” security guarantees and hardcode security in their software if the $168 billion industry is to mature, according to a16z Crypto.
In a January 11 post, Daejun Park, a senior security researcher at the company, argued that DeFi developers should take a more principled approach to security instead of relying on trial and error.
Central to this change, according to Park, is the use of standardized specifications that limit what a protocol is allowed to do and automatically roll back any transactions that violate these predefined assumptions about correct behavior.
“Almost all exploits to date would have triggered one of these checks at runtime, which could potentially stop the hack,” Park said. “So the once popular idea that ‘code is law’ is evolving into ‘specification is law.’ »
Such an idea, sometimes called runtime enforcement or invariant controls, is not new. But it’s getting a facelift as DeFi protocols struggle to defend against hackers exploiting bugs in their code.
Last year, hackers stole more than $649 million through code exploits, according to a report from Slowmist, a blockchain security company.
Even proven protocols like Balancer, whose code had been active on the Ethereum blockchain since 2021, were not immune. The company lost $128 million in November after a hacker exploited a code bug.
In recent months, DeFi developers are concerned that hackers are increasingly using artificial intelligence to detect vulnerabilities in the DeFi protocol and exploit them.
“Not the miracle solution”
Park’s suggestions, if widely adopted, could go a long way toward preventing exploits. But they are not without their drawbacks.
DeFi protocols often have an advantage over their competitors by offering the cheapest fees. Adding additional controls on transactions would increase gas costs, which could cause them to lose users, said Gonçalo Magalhães, head of security at Immunefi. DL News.
Magalhães said that invariant controls are a great security strategy, but they can’t account for everything, especially exploits that a protocol’s developers can’t reasonably anticipate. “It’s not the silver bullet,” he said.
It’s also difficult to get the controls to work properly, said Felix Wilhelm, co-founder of Asymmetric Research, a crypto security company. DL News.
“For many real-world vulnerabilities and hacks, it is difficult, if not impossible, to write an invariant that detects the hack without also triggering it under normal circumstances,” he said.
Wilhelm said enforcement of runtime is an important part of protocol security. But it is generally used to detect anomalies, such as an unusual flow of funds over a short period of time.
“While useful, this often only serves to limit the impact or alert the team, rather than stopping the attack outright,” he said.
Many protocols already adopt invariant controls.
Kamino, a Solana-based lending protocol, began verifying critical invariants using Certora Prover in March last year.
The XRP Ledger, the blockchain behind the $120 billion XRP token, has also implemented invariant verification. Blockchain developers said the verifications are necessary because XRP Ledger is complicated and there is a high risk of incorrect code execution.
“Invariants should not trigger, but they guarantee the integrity of the XRP Ledger against bugs that have not yet been discovered or even created,” the XRP Ledger developers said.
Tim Craig is DL News’ DeFi correspondent based in Edinburgh. Contact us with advice at tim@dlnews.com.
