How to deal with the safety problem in DeFi

On July 11th 2021, AnySwap and ChainSwap, two decentralized cross-chain trading protocols, were attacked to varying degrees.On July 16, THORChain was attacked again, losing 4000ETH.

The bear market is accompanied not only by the collapse of the trading market, but also by black swan incidents.

Two questions:

What about the financial security of users?
What else can teams and users do in the process?

Insurance

For C-end users, there are insurance projects such as NXM based on B to C mode and Cover based on C to C mode, but because the asset insurance habits on the user chain have not formed a scale, the new project can not participate in insurance at the first time, single insurance category, low insurance capacity and other reasons, DeFi’s current insurance products have not been recognized by the market.

So, can we expand the insurance business for B-end products?

The development team can take out insurance against the project assets while participating in the contract audit before the project is launched, and get claims when the assets are stolen.
The core problem here is how to achieve effective scientific pre-review and build an effective product matrix to solve the capacity problem.

Here, put forward the answer of possibility:

1. The B-end insurance business is provided by the security audit company, and the pre-insurance review can be completed at the same time as the contract audit is carried out.
2. Form B-terminal C-end product game and build multi-level product ecology.

On-chain data monitoring

Distributed and big data are two words that are familiar and closely related.

However, in the chain world, the current data service is still in its infancy, and the most common product analysis basically stays at the block chain data level, without in-depth data learning and training, and has not formed an effective data market.

In the traditional Internet, there are many data processing companies to provide data-related services, and then in the chain world, the current data services are still in the early stage, the most product analysis basically stays at the blockchain browser level, has not formed an effective data market.

As we all know, the data monitoring platform is not only an important part of the traditional cloud service provider product matrix, but also to obtain the core competitiveness of enterprise users.

Then there should also be a kind of data service providers on the chain that monitor and analyze the data on the chain in real time and provide normal operational data support, so that when the data is abnormal, the team can find it in time and remedy it as soon as possible.

WhiteHatDAO

There are two problems in the current security audit:
1. Single: the audit process is before the launch of the project, the audit company will conduct an one-time audit, and then issue an audit report after completion, but the risk is long-term, so security should be a long-term task, not a single task.
2. One-sidedness: the audit results are strongly related to the ability of the audit company, and there is also a certain contingency, so the security of the project is excessively dependent on the audit report.
3. Irresponsible: the security company will not participate in anything other than the security audit and will not bear any responsibility throughout the process. When there are some risks in the project audited by the security company, the security audit company is irrelevant and irresponsible for any remedial compensation and other procedures.

The safety of the block chain comes from the consensus of most miners, so we can also return to the source of the safety problem and give full play to our ability of decentralization.To build WhiteHatDAO, the task is to constantly check online projects. When it is found that there is a risk in the contract code of a project, hack the contract in advance, transfer the funds to a secure contract account, and inform the project team to deal with it.

The most important thing about WhiteHatDAO is its own economic model, and WhiteHat’s constant work for the security of assets and data on the chain should be rewarded equally, not as a public benefit activity.

End

Security has always been a serious and unsolved problem in DeFi, and the recent attacks on various projects have raised the security issue to the forefront of the wind and waves. Security is an area that needs to be paid attention to, security companies need to undertake more support, the field of insurance should be further developed, and more security-related means need to be discovered, so that the DeFi world can go further.