Editor's Note: This article comes fromVernacular Blockchain (ID: hellobtc), Author: A Poplar, reproduced by Odaily with authorization.
Editor's Note: This article comes from
Vernacular Blockchain (ID: hellobtc)
, Author: A Poplar, reproduced by Odaily with authorization.
This is a true microcosm of the hot DeFi summer. In the face of endlessly high-yield liquidity mining projects, the attractiveness of "annualized 1000%" and "10,000-fold increase" often conceals the fatality of "not audited by the contract" risk. Under the explosive growth in volume, especially the "ten thousand times wealth creation effect" that makes market participants excited, the Fomo (Fear of Missing Out) sentiment is spreading like never before.Liquidity miningsecondary title
The fiery "DeFi summer", the approaching "skyline"
Since uniswap and other AMM-type DEX applications have detonated the market, oracle machines,
Liquidity mining
, Yield Farming and many other DeFi concept sectors took over alternately, pushing the market sentiment to a climax step by step.
As of August 30, 2020, the total lock-up volume (TVL, that is, the total value of ETH and various ERC-20 tokens) in the entire DeFi world has reached 9.38 billion US dollars, which is only a short distance away from 10 billion US dollars. It may also be the first time in human history that assets of nearly tens of billions of dollars are directly hosted on a pile of nestable protocol codes.
In the ever-expanding DeFi market volume, the top three currently locked assets are:
The total value of Aave's locked assets is US$1.6 billion;
The total value of assets locked by Curve is US$1.3 billion;
The differentiation of the market is also accelerating in the explosive growth of DeFi. Except for Maker, Aave, Curve, and Yearn are almost all newcomers who came from behind. The projects with new designs and gameplay rules are dazzling, and even the ice and fire are double sky.
The DEX class has also begun to gradually crush the second-tier and even challenge the first-tier trading platforms. On August 30, Uniswap once again reached a new milestone-the 24-hour trading volume was higher than Coinbase for the first time in history, and the 24-hour trading volume of Uniswap exceeded 426 million U.S. dollars, while Coinbase Pro’s 24-hour trading volume was $348 million during the same period.
However, under the prosperity, there are also hidden worries. Under the wheels that are rushing forward, many loopholes are also buried, especially for the multi-layer nested DeFi protocol-the combination of various DeFi financial tools has become the norm, and Driven by automated algorithms, although value can flow more rapidly throughout the blockchain network, it also means that any single point of risk may trigger a "butterfly effect".secondary titleEndless "chaos", a paradise for technical talents
Especially when the volume has reached tens of billions, any slight loophole under the huge volume will cause immeasurable consequences, and even become a universal cash machine for technical talents (hackers).
far away
In the first half of this year, the "bZx event" that acquired hundreds of thousands of dollars through "DeFi Lego" in 15 seconds
. The "attacker" took advantage of bZx's "contract loophole" to make full use of "DeFi Lego" within one Ethereum block time (less than 15 seconds) - between 5 DeFi products (dydx, Compound, bZx, Uniswap, kyber) Mutual contract calls, under the premise of not using their own funds, are tightly linked one after another, and finally successfully "arbitrated" hundreds of thousands of dollars by manipulating prices between loopholes.
Recently, there was the "YAM vulnerability incident" on August 13. In just 24 hours, the price and community atmosphere experienced a rare "roller coaster", which eventually caused 750,000 yCRV in the governance contract to be permanently locked.
At the same time, among all types of contract risks, if negligent contract loopholes are unavoidable "probabilistic natural disasters", then maliciously designed scams are completely unavoidable "man-made disasters", especially if there is no contract audit Under the premise of this, once the user transfers assets in without any consideration, it is tantamount to sending money to the "hacker".
"If you haven't read the contract, it is estimated that most of the leeks have no brains to authorize. In this case, it is useless to take the money out of the contract, and you need to manually cancel the authorization. It is really a killing pig. It is estimated that many leeks are still dead for no reason”, including the liquidity mining project chick mentioned at the beginning of the article. Later, it was discovered that the team’s first fund transfer to the contract was through the Tornado cash anonymous currency transfer, which was also huge. Probably an inning made from the beginning.
In the current hot "mining" atmosphere, there are only a lot of similar scams. Therefore, DeFi, which seems to be advancing rapidly, is more like a game of "picking chestnuts from the fire" in which tens of billions of dollars of gold are placed in an open-air undefended environment. .
As a bunch of nested protocol codes hosting nearly tens of billions of dollars in assets, DeFi already has enough confidence to gradually undertake the possibility of change. In the eyes of most "blockchains", it is also gradually becoming a A "Land of Promise" where possibilities are endless.
But it needs to go more steadily. There is only a thin line between the "land of hope" and the "root of all evil".
secondary title
Decentralized insurance is in the ascendant, can it escort DeFi?
In the DeFi world, the smart contract itself means everything, and any loophole in the contract code may directly cause fatal consequences. Different from the relatively clear logic of claim settlement and the delineation of rights and responsibilities in the traditional world, the insurance attempt of the smart contract itself has just started.
Take the decentralized insurance Nexus Mutual (NXM) as an example. As a mutual insurance project built on the Ethereum network, NXM is the first and almost the only relatively mature "smart contract insurance" product in the current blockchain ecosystem. The total locked value ranks 14th among all DeFi projects ($78 million), and it is also the only decentralized insurance project on the list.
As an insurance product with smart contracts as the subject of insurance, NXM insurance liability is clearly defined as "unintended uses of code". In the specific use process, the user needs to pass KYC to become a member before paying the corresponding DAI, Ether or NXM to purchase the insurance product (if paying with DAI or Ether, the system background will automatically convert them into NXM tokens for payment) .
90% of the NXM will be destroyed after purchasing insurance, and the remaining 10%. When the designated smart contract is hacked, the insured member can make a claim to recover the loss. If there is no claim, it will be returned to the user.
The "bZx incident" is also a typical case of NXM's claim settlement, which preliminarily proves the beneficial attempt of decentralized insurance such as NXM in preventing the risk of user table smart contracts.
However, the current decentralized insurance in the DeFi field is still in an early stage of exploration compared with the mature traditional insurance industry. Claims governance needs to be carried out after a claim event occurs, but in decentralized insurance, combined with In the token governance model, the claim is exactly opposite to the interest of the token holder who has the right to decide whether to settle the claim.
