Over the years that cryptocurrency trading gained dominance, there has been a tug of war between CeFi & DeFi insurance and which approach is best suited for investors.
Meanwhile they both represent different methods within a familiar market, each having its peculiarities, benefits and drawbacks.
For instance, while CeFi insurance premiums could be expensive; DeFi insurance premiums are distributed in a competitive market.
Let’s delve proper by comparing their benefits and drawbacks with a focus on how smart contract exploits; flash loan attacks, and re-entrancy bugs are pillaging DeFi protocols.
What Are CeFi and DeFi insurance?
CeFi “Centralized Finance” insurance offers yields with AML (Anti Money Laundering), KYC (Know Your Customer), and compliance security inn-acted to meet local and international security standards (central authority).
DeFi “Decentralized Finance” insurance is a framework that allows claims to be voted by DAO (decentralized autonomous organization) members rather than a central authority. Therefore, in case of being rekt-ed or rugged, there’s no guarantee of securing an impartial premium or even receiving the services at all.
Benefits of CeFi
- CeFi has a large user base globally because it’s been the primary method of trade.
- CeFi platforms require no special learning. Oftentimes, registration procedures are seamless and accessible.
- CeFi renders customer support and assistance to users.
- CeFi insurance is surrounded with intensive guidelines for the safety and privacy of users accounts. Thus, there’s low risk.
- CeFi offers flexible conversion from fiat currency to cryptocurrency and vice versa.
Drawbacks of CeFi
- Presence of intermediaries who allow or deny people access to the platform or to their funds.
- Users have no control over their funds and cryptos.
- Low interest rates of 1%.
- Tedious verification processes.
Benefits of DeFi
- DeFi enables peer-to-peer transactions. Giving users complete access to their funds with the absence of central bodies (exchanges or banks).
- DeFi offers transparency and accessibility to everyone; no verification or approval is needed. Thus, users transact behind a veil.
- Low costs and speedy transactions. Plus increased interest rate upto 12% or higher.
- Provides users with a trustless option to transact. Users can audit and check the efficiency of DeFi services.
- Since it’s an evolving technology, DeFi continues to enjoy new development and improvement of financial services.
Drawbacks of DeFi
- DeFi is technical and requires special learning for new users.
- It lacks regulations to safeguard users.
- Increased risk due to high volatility and market fluctuations.
- Due to DeFi’s open source smart contracts, transactions are public. This makes DeFi protocols vulnerable to smart contract exploits; flash loan attacks, and re-entrancy bugs that are pillaging DeFi protocols.
DeFi Attacks on The Rise
In the span of three years, DeFi attacks and smart contract exploits became serious as we’ve witnessed several million dollar heists. According to cointelegraph.com, DeFi projects lost a sum of $10.2 billion in 2021 to hacks.
So far, more than $1.6 billion in crypto has been pillaged from users on DeFi protocols. To further understand these vulnerabilities and security risks in DeFi, let’s look at how some occur.
Due to blockchain’s openness, anybody can see/track pending transactions in the mempool (a waiting arena for pending transactions).
Front-running happens when a bot monitors transactions and sees a profitable target, it then pays miners additional gas fees to bypass the queue and benefit from the incoming targeted transaction.
This happens in DeFi protocols where a user can instantly borrow large sums from an immediate block without collateral so long it’d be paid back within the block else the transaction reverts.
While flash loans is normal practice within DeFi protocols, attackers exploit the smart contracts arbitrage opportunity by inducing several buy and sell smart contracts orders. This influx of demand causes token prices to inflate. Thanks to smart contracts automatic execution, sales are finalized at inflated rates.
Though re-entrancy vulnerability is termed “old” because it’s been known as far back as 2016 during the DAO attack on the Ethereum Blockchain, and smart contracts hacks, the vulnerability is still present in today’s smart contracts and potent. Even though other Blockchain networks are prone to this vulnerability, it’s peculiar to the Ethereum Blockchain.
In this exploit, the attacker tricks smart contracts into releasing multiple tokens. It happens by faking additional deposits into a vault when the previous transactions are yet to manifest.
As a norm, most DeFi protocols use reentrancy guards (written codes to wade off such attacks). However, the attack on Grim Finance buttresses the fact that audits don’t guarantee 100% exploits prevention.
As it stands, malicious users will continue to find and exploit the vulnerabilities in DeFi as we may witness more hacks and rug pulls pillaging DeFi protocols. However, since DeFi is still emerging, we can hope to see developers improve these vulnerabilities for DeFi’s long-term validity.