Unwittingly, many cryptocurrency users are getting ripped off by the marketplace that they are using since fees are not as advertised, and consequently the users are losing money. How could this happen? Since it is a new market, the creators are still competing to establish themselves and make a profit. Consequently, they still charge as much as possible for each transaction, and that in turn is a benefit to buyers but a loss for sellers, causing the sellers to lose money.
With more than $1B in market cap, DeFi, or Decentralized Finance, is a term that describes the emerging and rapidly growing world of blockchain-based financial products. DeFintech has evolved in recent years to include many new types of decentralized financial products, including security tokens, stablecoins, and tokenized securities. These new types of decentralized financial products are often referred to as DeFi.The financial instruments in the crypto-ecosystem are far from perfect at the moment, and this is true even for some of the best projects in the DeFi space. Almost every day we see mats being pulled from the Binance smartchain, leaving millions of users without hope. While some companies are trying to make up for it, others are simply taking advantage of the decentralized funding mechanism that comes with smart contracts. In most of these DeFi exploits, developers set up backdoors to make it difficult for the best controllers, and before they know it, they’re cashing out their accounts and leaving no trace on the network. The money lost after such exploitations is of unimaginable magnitude – over $200 million in 2021 alone. To understand how these attacks work, we contacted one of Sushiswap’s lead developers, Mudit Gupta. He gave us an overview of the subject and helped us understand the inner workings of thisFi performance. So, here we go!
Common vulnerabilities in DeFI protocols
MostFi projects face the same vulnerabilities over and over again. While some use third-party resources, others use manipulative attacks to alter various aspects of the protocol. According to Mudit: Re-entry in smart contracts and oracle manipulation are two common vulnerabilities seen in recent DeFi hacks. While the first attack is known as the DAO attack and results in smart contract changes, the second attack uses flash credits to poison the token price feed.
What is a flash credit attack
Flash loans are known for giving users access to large sums of money on the condition that they return the borrowed asset at the end of the transaction. However, they can also be used in conjunction with oracle manipulation attacks. Flash credits themselves may not be considered a vulnerability, but if a hacker uses them to manipulate supply and demand, it will affect the price of the tokens, Mudit said. It is also important to note that the hacker must have a large number of tokens to have a significant impact on the Defi protocol.
To what extent are developers responsible for these hacks?
When developing software, especially something as complex as smart contracts, it is usually impossible to avoid errors. It is best to consider the various options available to reduce the risk of being hacked. Moody said: Developers should follow best security practices to evaluate protocols, but it is even more important to have external audits to ensure the security of smart contracts. Therefore, we cannot blame the developers for DeFi’s exploits. The sector is constantly evolving. So we can expect to see better support systems to prevent these types of hacks.
Common reasons for these hacks
If you look at the defi cases of a few years ago, you’ll see that hackers were just using exploits in code, but that’s not the case anymore. In DeFi, it is essential that developers have a decent amount of experience with blockchain financial primitives and code execution. If they lack any of these elements, their projects are vulnerable to economic or code exploits – Mudit Such hacks and exploitation of the protocol infrastructure will continue to occur as we are still in the early stages of development. Investors should therefore be cautious when dealing with such pilot projects.
DeFi’s basic tricks explained
Pancake Bunny has tied up nearly $1.2 billion in farm pools, which shows that it is doing its job and helping farmers get an income. The storage associated with the Pancake Hare project is unique in that it can save you money on your gas bill, and the interest is automatically calculated every 24 hours. The betting mechanism is also reliable and users do not have to follow any complicated procedures to create their account. What went wrong: The pancake swap hack is a price manipulation typical of flash credit transactions. WBNB-BUNNY’s WJ has vulnerabilities, and the hacker exploited them. The price of chips in the liquidity pool was inflated, and the smart contract allowed the attacker to easily obtain large quantities of BUNNY chips. Here’s a detailed analysis of Slowmist. Losing money: There were 700,000 BUNNY chips and 114,000 BNB chips missing, worth $200 million at the time.
CitizenSwap is an automated market maker that helps users earn mining rewards and interest on their LP contributions. It has attracted a lot of attention from leading industry protocols because of its cross-chain token exchange. It also allows user participation in management. The main reason for using BurgerSwap is the low price and barriers to entry. What went wrong: CitizenSwap lost millions of dollars in a flash credit attack in just 14 transactions. The attacker placed a native fake coin to form a trading pair with BurgerSwap, which resulted in an increase in the reserve bid. As the price continued to rise, the pirate began to accumulate more wealth. Losing money: 1.6 million in BNB, $3.2 million in BURGER Coin, $1.4 million in Tether and $152,000 in ROCKS.
How can we minimise DeFi hacks and make protocols more secure?
DeFi represents a market of nearly $100 billion. So we can expect more of these types of exploits from various hackers around the world. The crypto space is like a fast moving arena right now, so if we don’t keep up, we will lose. Developers must therefore adopt a new philosophy for developing smart contracts. Here are some best practices for defending against security threats: Careful turning manoeuvres Extensive testing and rewards for errors are very useful to improve the security of smart contracts. It is also recommended to use different phases to get the full result of the project. This way, developers can test after each step and improve the functionality of the smart contract. Easy to manage code As it gets more complicated, the bugs pile up. Therefore, the best practice is to simplify the code. The easiest way to do this is to divide the code into modules and distinguish each function. This gives the development team more clarity and confidence in the functionality of their code. In-depth analysis of the blockchain Developers can create the best software, but if they don’t understand how smart contracts work in real time, they may miss some important features when running the code. Therefore, developers need to become familiar with blockchain, including external contract invocations, blockchain gas limits, and timestamps.
In the last three years, we’ve lost over $285 million to DeFi hacks. The importance of protecting these protocols cannot be overstated. New vulnerabilities are also popping up, such as Oracle manipulation, and many hackers are using them to pump and dump token prices. Although companies like Chainlink offer promising solutions, the number of attacks only seems to be increasing. Smart contracts are indeed revolutionary entities, but we need to be careful about the type of project we are dealing with. Therefore, keep your knowledge of these projects up to date and do your own research to avoid falling into the traps of DeFi. Kartikeya Gutta, born and raised in India, is a cryptocurrency journalist and freelance writer for the website itsBlockchain. It covers various aspects of the industry through in-depth analysis and research. His passion for blockchain and the crypto-ecosystem is largely because he believes it can truly change the world and help millions of people.