How to evaluate DeFi platforms for safety and security: the DeFi Trust Pyramid
Ask these 5 questions before investing on a DeFi platform to keep your money safe while profiting from Decentralized Finance’s enormous advantages over traditional banking.
Security is one of the main issues if not the top concern for most people entering DeFi. While DeFi has proven itself from a technology perspective, many investors are confused about how their money is exposed to risk. Media headlines suggest the frequency of hacks and rug pulls is increasing. Nevertheless, some platforms are safer than others. Asking the right questions empowers you to invest with confidence.
The DeFi pyramid of trust is divided into 5 layers. Characteristic of a pyramid is that the bottom layers must be supported sufficiently before moving on to the top layers. As you inform yourself about a DeFi platform by asking the questions below, you move up the pyramid and reduce your exposure to risk.
Is the network stack secure?
The pace of technological innovation is fast in the blockchain world. Often, new tech is released to the public before all the security vulnerabilities have been identified. That’s why it’s best to avoid platforms built on untested technology.
One example is the choice of so-called Layer 1 technology. In other words, which blockchain is used, e.g., BSC vs. Ethereum. While networks like the Binance Smart Chain (BSC) offer some advantages over Ethereum in terms of speed and lower transaction fees, they tend to have fewer validators, fewer code contributors, and fewer stakeholders monitoring chain security. It’s no wonder that they are not generally accepted by institutions and are hacked more regularly than Ethereum chain platforms.
The tools used to transact with Layer 1 can be just as important. Industry standard wallets like MetaMask have been subject to real-world testing in the marketplace for years. Restricting platform interactions to tried and tested technology may cause friction, as users are forced to transition to safer wallets and workflows, but the trade-off is reduced risk.
Are the smart contracts audited?
It’s essential that a platform’s smart contracts be both public and audited by respected industry professionals whose job it is to understand security vulnerabilities. Audited smart contracts show that platform creators have the investor’s best interest in mind and are committed to improving their own code.
In the early days of blockchain, people thought any evidence of human involvement was inherently untrustworthy — a smart contract was all you needed to be safe. While that may be true for a developer who can read code, today’s typical investor is unlikely to be a smart contract expert.
In the end, all smart contracts are audited — either by professionals working to improve safety of the platform or by hackers looking to exploit bugs. Don’t risk your money with platforms who give hackers the first opportunity to find vulnerabilities.
Who are you transacting with?
One of the most important questions you can ask is whether the organization you are entrusting with your money is open to interacting with you directly. Accountability to users is central to building trust. Someone that can be named is someone that can be blamed, as the saying goes.
DeFi allows decentralized transacting — direct peer-to-peer trading with self-custody of assets — but DeFi platforms are built by individuals working together with common enterprise. The names and professional histories of a platform’s creators should be easy to find. The company should have a physical address and support channels where you can talk directly with team members should you have a problem.
Who are they transacting with?
DeFi platforms are not always transparent about the service providers responsible for carrying out essential platform functions and often cannot assure users they are not transacting with bad actors. These secondary repercussions can lead to tainted assets which cannot be converted back to fiat.
Funds earned on a platform that uses a mixer service to anonymize wallets could automatically be flagged as fraudulent or suspicious. The same is true of trades involving wallets belonging to hackers or associated with money laundering. Those funds will be sanctioned by Chainalysis and the tainted assets restricted from exchanges or prevented from conversion back to fiat.
If the platform doesn’t know who is transacting, then you cannot be sure your assets won’t be tainted.
Who are they accountable to?
The real people who build a DeFi platform should be accountable to authorities in specific jurisdictions whose job it is to protect investors. Government regulators use a rule set created after decades of experience with bad actors in the traditional financial system. DeFi platforms should benefit from this experience and view compliance as a tool to build stronger protections for users.
Swarm Markets operates under the watchful eye of Germany’s Federal Financial Supervisory Authority, BaFin. Working with government regulators means answering all of the questions above and more. Our governance, technology, data handling, etc. are all monitored to ensure we maintain the same level of security as other financial service providers like banks and hedge funds.
Now that you’re armed with the knowledge to assess risk in DeFi, you can feel confident when you put your money to work for you in DeFi. Visit the Swarm Markets website to learn more about the world’s first licensed DeFi platform.
