The DeFi Attacks Will Keep Coming
There were more losses on DeFi this weekend(~$25million), and sadly in the short term, they will keep coming. One of our investors IOSG Ventures shared their thoughts via Twitter and asked my thoughts. I had more thoughts than what would fit on in the limited character allowance on Twitter so I decided to write a Medium post.
Yes, it was a very rough weekend. It sucks that there was a loss, but I hope it didn’t happen to people that need the money to survive.
I believe that there is definitely a shared responsibility. The developers/companies that write and release the code should slow down and make sure it’s safe code. I understand the need to push code fast, but this isn’t centralized development, if there is a mistake it can be catastrophic to the users.
However, blockchain isn’t ready for people that can’t afford to lose their investment. Nobody wants to lose their money, but the risk is quite high of it happening on blockchain because of potentially bad code. Nobody should tell the user what to do with their money, but that doesn’t mean there isn’t any repercussions.
The complexity is far beyond that anyone, even a team of people, to be able to map out in their heads. In a world that has potential for big losses like this the tools need to be much more advanced than what exists today, or at the very least a LOT more money will need to be spent on auditing, and manual formal verification.
I agree 100%, people are trusting toys and prototypes with millions of dollars.
The problem with existing auditing is that it’s too expensive for startups to afford, it extends the timeline of delivery, and on top of all that it’s still extremely risky. The developers are still trusting a human, a smart human, but still a human to manually validate the code with zero guarantees.
All the auditors are doing is saying, hey trust me I’m super smart, and this code gets a thumbs up from me.
If you really want to trust code you need the power of math or in other words formal verification.
I don’t believe the context of this point is correct. This IS correct, but it doesn’t apply here.
The reason why there are high yields in crypto lending is not that the risk is high, but because the overhead is low. If the code was 100% perfect there wouldn’t be much of a risk at all, and the yield would still be the same. By far the biggest risk here is a risk that can be fixed with better tooling which would provide better code. That being said there should be a warning that is put on blockchain in general.
THIS IS A PROTOTYPE, YOUR MONEY ISN’T SAFE. IF WE MADE A MISTAKE, AND WE PROBABLY DID, THERE IS A CHANCE THAT YOU WILL LOSE EVERYTHING.
I don’t think it will. Blockchain is still in its infancy. This latest problem won’t slow down the growth of blockchain.
This is because we are still in the Innovators portion of the adoption curve. A lot of people say we are in the Early Adopters portion, but I think they are wrong. It’s just that the potential of blockchain is so great that the innovator's adoption feels like early adopters. Innovators are much more comfortable with risk and know that issues will happen. My worry is for the people that can’t take the risk are playing and are caught in the crossfire.
When I speak about “lowering the barrier” I don’t mean for the user. That definitely needs to happen, but that is not the next problem that needs to be solved. The next problem is “lowering the barrier” but not for the end-user, but for the developer.
Innovation is a numbers game. If we get more builders in the space and give them the tools to succeed they will then be able to lower the barrier for the users, and then we will have mainstream blockchain adoption.
I biasedly disagree with this. Reach is tackling the safety and the ease of development problems. We have made tremendous progress in the past 6 months. We have onboarded our first user, we’ve made our Ethereum compilation much more efficient, we’re almost finished being able to compile to a completely new chain, and we can now compile to Go on the client-side instead of just JavaScript.
We provide tools that not only make this problem go away but make development on blockchain exponentially faster. I agree that the intrinsic value of DeFi isn’t as great as it could be, but with Reach, we will make the value of DeFi as valuable as CeFi if not more because DeFi removes the overhead of CeFi.
This is our number one priority and we are making great progress.
Join our community on Telegram to help us, give feedback, or just cheer us on. (https://t.me/reach_sh)
