Decentralized Finance Security: Risks and Management Framework

Decentralized Finance is a decentralized financial protocol implemented through smart contracts, covering areas such as asset trading, lending, insurance, and various derivatives. Most financial services in the real world, except for credit services, can be realized through DeFi protocols. The characteristics of these protocols are decentralization and automatic operation, with no third-party institutions involved in management and maintenance, thus contract risk control has become a major challenge faced by the industry.

Decentralized Finance has dual attributes of finance and technology, mainly presenting the following risks:

1. Code risk: This includes risks related to the underlying code of Ethereum, smart contract code, and wallet code. Historical DAO events, recent vulnerabilities and attacks on certain DEXs, as well as various wallet theft incidents, are all consequences resulting from code risks.

2. Business Risks: Mainly arise from vulnerabilities in the business design process, which may be subject to reasonable attacks or manipulation. For example, FOMO3D suffered from a congestion attack, and a certain lending platform incorrectly used a non-resistant oracle leading to asset theft. The perpetrators of such actions are often referred to as "arbitrageurs"; they can have both adverse effects on DeFi projects and potentially bring positive outcomes.

3. Market Volatility Risk: DeFi may lack mechanisms to cope with certain variables at the design stage, leading to liquidation in extreme market conditions. The performance of a certain stablecoin project on March 12, 2020, is a typical case caused by extreme market volatility risk.

4. Oracle Risk: Oracles, as key components providing global variables, are the infrastructure for most Decentralized Finance projects. If an oracle is attacked or experiences downtime, DeFi projects relying on it may face collapse. In the future, oracles are likely to become the most important infrastructure for DeFi, and oracles with centralized risks may struggle to survive in the long term.

5. "Technical Agency" Risk: This mainly refers to the potential risks that ordinary users who are not familiar with smart contracts and blockchain technology may face when using "convenient" interactive tools developed by centralized teams.

When designing a DeFi project, the above risk factors should be fully considered. Comprehensive risk management not only requires proper documentation but also the implementation of practical risk management measures. Most of these measures are carried out in a decentralized manner, with a small portion completed through community governance (, primarily on-chain governance ). The following is a DeFi risk management framework, mainly divided into three stages: before, during, and after.

Prior: It mainly involves formal verification of contract code, including clarifying the boundaries of the methods, resources, and even instructions used by the contract, as well as the relevance and impact of these elements during the combination process. Methods that have not been validated or combinations that lack defined boundaries should be avoided. This approach is closer to the concept of mathematical proof rather than the testing mindset of traditional software development. Ideal contract development should be based on combinations of methods that have already been validated.

In-process: mainly includes shutdown design and anomaly trigger design, which means that the contract can identify and intervene in attack behaviors, including automatic shutdown design and governance shutdown design. Anomaly trigger is a control management mechanism for unexpected phenomena that occur during the operation of the contract, which is usually automatic, correcting certain risk management variables through anomaly triggers.

After the event: Post-event risk management includes several aspects. First, it involves correcting code vulnerabilities, usually done through on-chain governance (, specifically DAO governance ). Secondly, if the governance assets themselves are attacked, contract forking may be necessary, which is an important step often overlooked in the industry. Additionally, insurance mechanisms can be utilized to mitigate losses caused by potential risks. Finally, the community can leverage on-chain data tracking and collaborate with relevant institutions to recover losses.

Currently, the industry's understanding of DeFi security is still in its early stages, and the mindset is relatively traditional. To adapt to future developments, it is necessary to introduce new ideas and concepts such as boundaries, completeness, consistency, formal verification, downtime, anomaly triggering, governance, and forking. Only by changing our mindset can we better address the security challenges in the DeFi field.