Finance Redefined: The failure of audits, and the and rise of ‘CeDeFi’, Sept. 9-16

View this email in your browser

Finance Redefined

The failure of audits and rise of 'CeDeFi',
Sept. 9-16

Authored by Andrey Shevchenko
You can reach me via Twitter or Telegram
I think that the latest bZX hack is probably the most meaningful DeFi news of the week, despite strong competition.
For those who followed the space since at least this year, bZX was the first major DeFi platform to be the target of a successful hack in February. In fact it also received the silver medal, as it was hacked once again shortly after.
And now it was hacked for the third time, about two weeks after relaunching. The third hack was the worst — on paper — as the hackers scurried off with $8 million in collateral. The earlier hacks didn't even get to $1 million.
But it all seems to have ended well this time. The hackers were traced and they returned the money.
What is ironic about this hack is that bZX seems to have made real efforts in preventing such occurrences for its relaunch. At one point this week, I was even about to run a sort of "redemption story" on how they bounced back after the failures earlier this year.
bZX got two comprehensive audits from Certik and PeckShield, two respectable security audit companies. They also overhauled their bug bounty program, which previously had the fairly absurd requirement of forcing whitehat hackers to submit to an identity check.
People who read how Voatz threw helpful hackers under the bus should understand why that would've made aspiring bZX bounty hunters nervous.
I actually did three years of bug bounty hunting before discovering crypto. I was just a teenager with a passion for computers, and yet I was able to find three fairly severe vulnerabilities in Google that paid a few thousand dollars each.
True experts were able to find more than a hundred in a year, so clearly I wasn't all that. But the funny thing is that by the time I got pretty good at it, so much of the low-hanging fruit had already been picked. I kept stumbling on places where bugs existed... it's just that someone else had found them a few months before.

There aren't enough scrutinizing eyes around
The experience with Google taught me that even the biggest and most professional companies leave hundreds of exploitable bugs in their code. And only an army of incentivized eyes did enough to move the needle and discover a majority of them (until more bugs were added with new features).
The bZX hack highlights just how badly the DeFi space needs bug hunters. I think the fundamental problem here is the imbalance between the complexity of the systems and the rewards for breaking them. The good guys may only get a few thousands in reward for preventing millions from being stolen. While the bad guys can "easily" steal those millions... and if they're smart, they get away with it.
The fact that you need to learn the nuances of a new programming language doesn't help to attract the good guys either, especially since there's so much competition for whitehat hackers by now.
It's a true battle of good and evil, and I think that relying on a few audit companies is simply not enough by now. As good as they can be, they will never have enough eyes to find every single issue in a piece of code.
With that said, let's get into the highlights of this week in DeFi.

The rise of 'Centralized Decentralized Finance'
On Sept. 1 Binance finally launched its Smart Chain, a blockchain that is fully compatible with the Ethereum Virtual Machine and can thus inherit its DApps and wallets.
Last week it announced its intent to create a $100 million fund in support of the BSC ecosystem. The Smart Chain now features a Uniswap clone, as well as several projects like Cream.finance and a bunch of new food coins like Burger Swap and Bakery Swap.
Then, Crypto.com pitched in with an Ethereum-based clone of Uniswap named DeFi Swap.
Both Binance and Crypto.com's iterations are definitely more centralized than their peers. Binance essentially controls the Smart Chain due to its BNB stake, while Crypto.com added some geographic and listing restrictions to its DEX.
Binance's CEO Changpeng Zhao then came up with the meme-worthy term "CeDeFi," which is shorthand for the oxymoronic Centralized Decentralized Finance. Only in crypto.
Ironically, Binance looks poised to take a significant share of the "DeFi" market. Arguably the biggest barriers to entry for non-Ethereum DeFi projects are lack of liquidity, lack of users and unfamiliar developing environments. The exchange essentially solved all those and the market may end up rewarding it, even though its solution kind of goes against the (de)central premise of DeFi.

Are LINK Marines an organic community?
I had the pleasure of speaking with Michael Anderson, co-founder of Framework Ventures, an investment fund that counts Chainlink and Synthetix as its most successful investments.
We've talked about the state of yield farming, Sushi, Chainlink and the future of non-Ethereum DeFi.
Best of all, I was able to ask a question I've pondered often: are LINK Marines for real? If you go into the depths of Twitter you'll see a community of frog men that are weirdly fixated about the oracle project. Personally, I just don't see the appeal. It feels a bit like people making memes and cheering for Oracle, the database company. But Anderson gave his interesting take on it.
Check out the interview here.

Stay safe with yield farming
When one farm withers, ten others take its place. The latest flavor of the week is Cream.finance. It's a Compound fork that prides itself to be more "permissionless" by having much more lax criteria for adding assets as collateral.
That idea is not terrible. Compound generally adds new coins based on a complex risk assessment, but it hasn't actually added a new asset in months.
So Cream is nice and all, but what happens when you combine yield farming with a "throw everything in" lending platform? Leveraged Ponzi schemes.
I'm not even joking, the platform rewards you for supplying Cream tokens and it lets you use the tokenized shares of the Cream lending pool to farm even more. Leveraging up on the token can increase your yield in several different ways.
The price already fell by more than half since its peak of $287 a few days ago, but it's still trading at a fully diluted valuation of $1.2 billion. If you really must participate in these schemes, take precautions.
Most of all, avoid the no-name forks. The ones that make it to the top of the chain have at least some legitimacy to them, as all the famous people promoting them could get in serious trouble for putting their weight behind what turns into an exit scam.
But as always, verify before trusting. The Just Foundation on Tron actually whitelisted a project that ended up appearing to pull an exit scam for $2 million. The idea of the whitelist was to direct users to "legitimate" yield farms as scammy tokens started landing on the platform en masse.
Perhaps trust is the rarest commodity in DeFi, right now.

Authored by Andrey Shevchenko
You can reach me via Twitter or Telegram
1.5 million people follow us on social media
Download our official app:






This email was sent to olaiyavf01.elloveth@blogger.com
why did I get this?    unsubscribe from this list    update subscription preferences
Cointelegraph · PO box 309 · Ugland House, Grand Cayman KY1-1104 · Cayman Islands

Popular posts from this blog

Reddit Community’s MOON Tokens Soar

Image
Plus, Celsius settles with shareholders from its Series B funding round July 18, 2023 The latest moves in crypto markets, in context By Lyllah Ledesma, CoinDesk reporter Was this newsletter forwarded to you? Sign up here .    Supported By   Happy Tuesday! Here's what you need to know today in crypto: MOON, the native token of Reddit's r/Cryptocurrency community, has surged following the recent change in terms of service for the website.  Coinbase Earn is particularly vulnerable to being defined as a security, said Berenberg in a research report.  Celsius has agreed with its Series B shareholders over proceeds from the GK8 sale.     Latest Prices CoinDesk Market Index (CMI) 1,295 −9.3 ▼ 0.7% Bitcoin (BTC) $29,773 −327.5 ▼ 1.1% Ethereum (ETH) $1,887 −18.0 ▼ 0.9% S&P 500 futures 4,550.25 −3.5 ▼ 0.1% ...
Read more

Are Crypto Investors Protected?

Image
Webinar March 31 at 1 p.m. ET Sponsored by Trulioo As cryptocurrencies become increasingly mainstream and digital trading and investment platforms attract experienced and novice investors alike, regulatory reform, specifically the acceleration of new measures to mitigate financial crime, is adapting to protect consumers. Join Trulioo's exclusive webinar to hear how crypto exchanges can navigate the dynamic and evolving regulatory landscape.   Nick Lord of Blue Pool Communications will moderate a discussion with Trulioo SVP, Identity Solutions, Garient Evans and Bitbuy Chief Compliance Officer, Torstein Braaten.  Garient Evans SVP, Identity Solutions Trulioo Torstein Braaten Head of Regulatory Affairs & CCO Bitbuy Moderator Nick Lord Founder Blue Pool Communications   Copyright © 2022 CoinDesk, All rights reserved.    250 Park Avenue South New York, NY 10003, USA You can manage your preferences here or unsubscribe from all   CoinDesk ...
Read more

Coinbase's revolving door

Image
To view this email as a web page, go here. July 31, 2019 US FIRST: Any U.S. resident with a government-issued I.D. can now trade futures contracts for real bitcoin. Revealed exclusively to CoinDesk, LedgerX has officially launched the first physically settled bitcoin futures contracts in the U.S., beati...
Read more
powered by Coinlib
Advertise with Anonymous Ads