Decentralized funding continues to impact the crypto market, with total assets worth over $ 13 billion locked, DeFi projects clearly resonate with avid crypto investors. But while the DeFi space has made headway over the past year, a number of illegal projects have flourished, reminiscent of the ICO boom in 2017 and subsequent failure.
For example, Harvest Finance, a large decentralized protocol, has recently been hacked. The attacker made $ 24 million from Harvest Finance pools. Most recently Value DeFi, the decentralized financing protocol, fell victim to a $ 6 million flash loan. And of course, one of the biggest events of the year for DeFi involved SushiSwap, which involved the creator Sold $ 13 million in dev funds, causing a market crash.
It is important to point out that most DeFi projects are built on the Ethereum blockchain. According to the website DeFiPrime, there are currently more than 200 DeFi projects on the Ethereum network. But while Ethereum appears to be the most suitable platform for DeFi projects, the network’s vulnerabilities have been instrumental in hacks and fraudulent activity.
Smart contract transactions on Ethereum require security
Specifically speaking, the smart contracts powering Ethereum are known as loaded with security vulnerabilities, which in turn have had a major impact on DeFi projects. In addition, smart contracts applied to multi-billion dollar DeFi projects are often not pre-checked.
Tom Lindeman, a former veteran researcher at Microsoft and the former director of the Ethereum Trust Alliance – a group of blockchain companies working on a smart contract security system – told Cointelegraph that there are currently no good ways to establish whether a smart contract is secure before starting a transaction:
“The DeFi space is now worth billions of dollars, but so many of those smart contracts in use are never checked. As such, the DeFi industry continues to see a spate of activity where individuals and organizations approve token contracts, trade tokens and add liquidity to pools, without being able to easily monitor contract security. “
In an effort to solve the security challenges related to smart contracts, Lindeman has joined the newly formed “EthTrust Security Levels Working Group” of the Enterprise Ethereum Alliance as co-chair. According to Lindeman, the working group’s mission will be to continue the progress initially begun by the Ethereum Trust Alliance, or ETA, which aims to set standards for secure, smart contract transactions performed on the Ethereum blockchain.
A registry system for assessed smart contracts
Lindeman explained that ETA worked on its EthTrust project for nearly a year, even before the DeFi space exposed the vulnerabilities of Ethereum smart contracts. Coincidentally, the EthTrust project joined forces with the Enterprise Ethereum Alliance just as the DeFi space was gaining traction.
Daniel Burnett, executive director of the Enterprise Ethereum Alliance, told Cointelegraph that the timing for the new working group was purely coincidental with regard to DeFi’s emergence. According to Burnett, the new EthTrust project further shows that the Ethereum network is maturing. “We want to help resolve the issues that many of our members have raised regarding Ethereum,” he said.
In particular, the new working group plans to address security concerns in smart contracts by creating a standard and registry system to help users become more aware of how to differentiate which contracts have undergone strict security controls. While the project is still in progress, the goal is to define certain requirements that smart contracts must meet in order to be considered secure.
For example, Pierre-Alain Mouy, an Enterprise Ethereum Alliance member, former ETA product owner and general manager at NVISO Security in Germany, told Cointelegraph that there are three levels of validation a smart contract can achieve to help individuals understand the level of trust :
“We started the project by including three different levels of badges that smart contracts can earn to prove their trust. Level one consists of a smart contract that is edited through automation. Levels two and three are manual human audits to ensure contracts are secure. “
Mouy said a smart contract to obtain a level one badge will use an automated security scanning tool against the contract. The AI-powered tool is designed to check for a specific set of requirements that the workgroup is currently defining.
If a smart contract remains level two, individuals will conduct a security audit. “There will be definitions for audit firms, explaining how long it takes them to dig into these smart contracts,” Mouy said, adding, “Ultimately, an audit report will be created for the working group to review manually. however, not an accountant. The workgroup acts as a router to verify that these steps are being taken. “
Finally, when a smart contract reaches level three, additional specifications and test cases are performed to verify the properties in the contract. According to Mouy, this is called the ‘formal verification process’.
Once a smart contract has undergone this step-by-step verification process, the initiative’s registration system will allow exchanges to, for example, request a specific rating level before listing new tokens. This system can also be applied to a multi-member consortium that relies on smart contracts for business purposes.
Growing interest in secure smart contracts
According to Lindeman, the EthTrust project has already sparked interest among everyday Ethereum users who want to see new things, such as yield agriculture. He further shared that Big Four company PricewaterhouseCoopers has expressed an interest in using this system to provide smart contract ratings to companies interested in the blockchain space.
The growing interest in secure smart contracts is especially important as the Ethereum infrastructure advances and the promised benefits of Ethereum 2.0 come to fruition. Burnett believes the Ethereum ecosystem will see greater confidence, which will be reflected in new projects being used by companies, such as the work done by the Baseline Protocol.
While innovative, it’s important to point out that the new Enterprise Ethereum Alliance working group and the EthTrust project aren’t the first to address challenges related to smart contract security. For example, blockchain security company Quantstamp has been conducting smart contract audits and security checks for blockchain companies since 2017. The company’s clients include major space players such as Binance and eToro. Quantstamp recently announced it will happen audit a new DeFi project on the Polkadot blockchain.
In addition to security companies that conduct audits, companies are also finding ways to ensure secure smart contracts. For example, Vaiot, a blockchain company that uses artificial intelligence to create digital services for enterprises, uses AI to provide software security and performance in smart contracts. Jakub Kobeldys, the lead developer at Vaiot, told Cointelegraph that while no amount of AI can fully protect against flaws in the code, the technology can significantly help developers:
“Uncontrolled learning techniques can detect new deficiencies in an automated way, or at least narrow the search area and provide some hints for human experts. It could also lead to the more dynamic development of frameworks that help developers code securely. “