Home News Nearly 10 billion dollars! The more assets on DeFi, the more you...

Nearly 10 billion dollars! The more assets on DeFi, the more you are afraid of “rolling over”, and insurance has begun to become a “hot potato”?


It was reported on social media that the audit team of the new liquidity mining project CHICK was found that there was a back door to the contract, and the team could transfer the funds from the contract at any time.

This is a true epitome of the booming defi midsummer. In the face of endless mining projects with extremely high income and liquidity, the attraction of “1000% annualized” and “10000 times increase” often conceals the fatal risk of “non contract audit”.

Under the explosive growth volume, especially the “10000 times wealth making effect” which makes market participants excited, the emotion of Fomo (fear of missing out) is spreading unprecedentedly.

The fiery “DeFi Summer”, the approaching “skyline”.

Since uniswap and other AMM-type DEX applications detonated the market, oracles, liquidity mining, Yield Farming and many other DeFi concept sectors have taken over alternately, pushing market sentiment to a climax step by step.

As of August 30, 2020, the total lock-up volume (TVL, the total value of ETH and various ERC-20 tokens) in the entire DeFi world has reached 9.38 billion U.S. dollars, which is only a short walk away from tens of billions of dollars. It may also be the first time in human history that nearly tens of billions of dollars of assets are directly and explicitly managed on a pile of nestable protocol codes.


In the ever-expanding DeFi market, the top three currently locked assets are:

The total value of Aave’s locked assets is $1.6 billion;

The total value of Maker’s locked assets is US$1.4 billion;

The total value of Curve’s locked assets is US$1.3 billion;

The differentiation of the market is also accelerating in the explosive growth of DeFi. In addition to Maker, Aave, Curve, and Yearn are almost new comers,and various projects with new designs and rules of play are dazzling.

The DEX has also begun to gradually crush the second-line and even challenge the first-line trading platform.On August 30, uniswap reached a new milestone again – the 24-hour trading volume was higher than coinbase for the first time in history. The 24-hour trading volume of uniswap exceeded $426 million, while that of coinbase Pro was $348 million.

But under the prosperity, hidden worries have gradually emerged. Under the wheel of rushing forward, there are also many loopholes, especially for the multi-layer nested defi protocol – various kinds of Defi.The combination of financial instruments has become the norm, driven by automatic algorithms. Although the value can flow in a more rapid way in the whole blockchain network, it also means that any single point of risk may lead to “Butterfly Effect”.

An endless stream of “chaos”, a paradise for technical talents

Especially when the volume has reached the tens of billions level, any slight loophole under the huge volume will cause immeasurable consequences, and even become a universal cash machine for technical talents (hackers).

In the first half of this year, there was a “bZx event” that obtained hundreds of thousands of dollars through “DeFi Lego” within 15 seconds. “Attackers” use bZx’s “contract loopholes” to make full use of “DeFi Lego” within an Ethereum block time (less than 15 seconds)-between 5 DeFi products (dydx, Compound, bZx, Uniswap, kyber) Mutual contract calls, on the premise that they have not used their own funds, tightly looped one link, and finally managed to “arbitrage” hundreds of thousands of dollars by manipulating prices between loopholes.

Recently, there was the “YAM vulnerability incident” on August 13. In just 24 hours, prices and community atmosphere experienced a rare “roller coaster”, which eventually caused 750,000 yCRVs in the governance contract to be permanently locked.

At the same time, in all types of contract risks, if negligent contract vulnerabilities are considered unavoidable “probabilistic natural disasters”, then maliciously designed scams are completely unavoidable “man-made disasters”, especially if there is no contract audit. Under the premise of, once a user transfers assets without investigation, it is tantamount to giving money to the “hacker”.

At the same time, in all types of contract risks, if negligent contract vulnerabilities are considered unavoidable “probabilistic natural disasters”, then maliciously designed scams are completely unavoidable “man-made disasters”, especially if there is no contract audit. Under the premise of, once a user transfers assets without investigation, it is tantamount to giving money to the “hacker”.

Someone revealed a recent typical liquidity mining trap. The project gave the staking contract when the user first authorized it, but it further required the user to authorize the transfer right to them during the second authorization (transferFrom function authorization) .

“If you didn’t look at the contract, it is estimated that most leeks would have no brain authorization. In this case, it is useless to take the money out of the contract. You need to manually cancel the authorization. It is really the killing plate in the killing plate. It is estimated that many leeks are still dead”, including the liquid mining project chick mentioned at the beginning of the article. It was later discovered that the first funds the team made into the contract were transferred through Tornado cash anonymous coins. It may be a round made from the beginning.

However, in the current hot “mining” atmosphere, there are only a lot of similar scams. Therefore, the seemingly rapid development of Defi is more like a “chestnut in the fire” game in which tens of billions of dollars of gold mountain are put in the open air without fortification.

As a stack of nested protocol codes hosting nearly tens of billions of dollars in assets, DeFi has the confidence to gradually take on the possibility of change. In the eyes of most “blockchains”, it is also gradually becoming owned “Hopeland” of infinite possibilities.

But it needs to go more steadily. The “Land of Hope” becomes the “Source of All Evil”, and there is only a thin line.

Decentralized insurance is in the ascendant, can it escort DeFi?

In the DeFi world, the smart contract itself means everything, and any vulnerability in the contract code may directly cause fatal consequences. Different from the clearer claims logic and delineation of rights and responsibilities in the traditional world, the insurance attempt of smart contracts itself has just started.

Take the decentralized insurance Nexus Mutual (NXM) as an example. As a mutual insurance project built on the Ethereum network, NXM is the first and almost the only relatively mature “smart contract insurance” product in the current blockchain ecosystem. The total lock-up value ranks 14 ($78 million) among all DeFi projects, and it is also the only decentralized insurance project on the list.

As an insurance product with smart contracts as the subject of insurance, NXM’s insurance liability is clearly defined as “unintended uses of code”. In the specific usage process, the user can pay the corresponding DAI, Ether or NXM to purchase the insurance product by first becoming a member through KYC (if DAI, Ether are used for payment, the system backend will automatically convert them into NXM tokens for payment) .

Among them, 90% of NXM is used to purchase insurance and destroyed, and the remaining 10%. When the designated smart contract is hacked, the insured member can make a claim to recover the loss, if not, it will be returned to the user.

The “bZx incident” is also a typical case of NXM claim settlement, which preliminarily proves that decentralized insurance such as NXM is a useful attempt to prevent the risk of smart contracts in the user table.

However, compared with the mature traditional insurance formats, the decentralized insurance in the field of Defi is still in the early stage of exploration.After the claim event occurs, the claim governance needs to be carried out. However, in the decentralized insurance, combined with the token governance model, the claim is just opposite to the holder who has the right to decide whether to make a claim.

Still take NXM as an example. So far, of the 26 related claims, only 3 cases have been successfully claimed. “Fhrp” hit the nail on the head, “Whether to pay is decided by the holders of the coin. You bought insurance, and the insurance company’s shareholders decide whether to pay for it after a car crash? The answer is of course NO.

Moreover, in a strict sense,NXM’s claims payment is more inclined to be enforced by symbolic economic incentives, which is still very different from traditional insurance company claims.

However, due to the volume of birth, everyone is gradually focusing more and more on the demand for decentralized insurance. YFI has also announced its formal entry into the DeFi insurance field in the near future. I believe that more new insurance mechanisms will emerge in the future.

For hackers, the tens of billions of assets hosted on the code are no more than a gold mine exposed in front of them, and for the distant place that DeFi is about to reach, tens of billions of dollars are just the starting point. We will wait and see who will escort the unlimited possible Defi world in the future.


Please enter your comment!
Please enter your name here