DeFi is entering an entirely new security paradigm:
Simply put, security measures are going from reactive -> proactive. Here are the emerging trends and projects. 🧵👇
1/ Zooming out, security remains one of the primary bottlenecks for crypto adoptions, particularly in DeFi. A survey earlier this year found it to be one of the primary reasons people don't invest.
1.2/ And just over the past 8 months, approximately $2b was lost in hacks. Notably events were Ronin ($616m), Poly Network ($602m), and Wormhole ($326m).
1.3/ Attacks are becoming more sophisticated, not only exploiting bugs in code but even broader protocol design.
For example, the $181m Beanstalk attack involved a flash loan to pass a governance proposal and steal tokens from lending pools.
Not code, but governance design.
1.4/ Here's a high level overview of the current main attack vectors in crypto:
1.5/ Importantly, as the industry grows, it becomes a bigger and bigger target for hacks. Much evidence has surfaced of North Korea using state resources to architect these attacks, and only more sophisticated actors should be expected to look at the space.
2/ The current security landscape is quite reactive and passes considerable risk to protocol users.
2.2/ Projects often audit their contracts and place a few bug bounties. If an attack occurs, they *react* by addressing the exploit and possibly compensating victims.
2.3/ Every project I speak with complains about the expense and length of audits. There are often wait periods lasting multiple months, and the expense is considerable. Even then, there's no guarantee that a hack won't occur, as seen with multiple projects like Audius.
2.4/ Finally, <1% of TVL in DeFi is insured, making the problem much worse. This not only makes retail afraid to participate on-chain, but almost becomes a non-starter for non-crypto institutions to enter the space.
3/ Considering the above, more proactive, scalable security tooling seems like a necessity for DeFi and crypto more broadly.
While early, two types of projects excite me.
3.2/ Automated bug engines - instead of relying on bug bounties or smart contracts, OS libraries like Echidna and engines from white hat hacker DAOs like @pwnednomore seem to be addressing a pretty clear need: constantly and cheaply identifying bugs throughout the dev process.
3.3/ Better testing - simulation based testing from projects like @TenderlyApp places far greater stresses on a protocol vs deploying on a testnet to identify potential bugs, attack vectors, etc before deploying on mainnet.
4/ Unlike web2, failures in crypto don't result in the loss of somewhat inconsequential personal data, but rather millions of dollars that can't be recovered. It could be someone's last straw, leading them to give up on crypto.
4.2/ Better security isn't a trend but an existential problem for the sector that needs to be resolved.
Comment the best security solutions below. DMs open for a chat 🙃
• • •
Missing some Tweet in this thread? You can try to
force a refresh
Let me explain the emerging net new gaming genre: 🧵👇
1/ Zooming out, block space becoming cheaper with rise of scaling solutions. More advanced computation can be brought on-chain. This vastly expands the design space for game devs.
2/ Important games aren’t P2E like Axie or upcoming AAA web3 games like Illuvium.
Don’t get me wrong – P2E was an important experiment in token design for broader X-to-earn, and I’m very excited to watch early AAA games with NFTs – a trojan horse for mass crypto adoption.
We think in decades, not months or even years. It’s too easy to fall into the trap of overreacting to hype / bust cycles when investing on the fringe of innovative tech.
Directionally, the rise of blockchains seems quite obvious. The tech industry has consistently seen a breakthrough in platform innovation, offering devs an entirely new design space for web apps.
1990s: PCs
2000s: early internet
2010s: smartphones
2020s: blockchains
1/ Uniswap is the almost uncontested dominant DEX in the Ethereum ecosystem. They control the majority of volume, users, and have 5-10x the number of token listings of their competitors.
2/ They're also quickly expanding to newer L2s and EVM L1s... and growing rapidly. For example, the DEX grabbed ~30% market share in a week on Polygon and now controls the majority of the chain's volume:
@variantfund@EmpiricNetwork 1.1/ Zooming out, oracles will be a vital piece of infrastructure across all of web3. Data feeds are required for almost every DEX, lending protocol, yield aggregator, etc users interact with. Oracles provide price data to these smart contracts.
@variantfund@EmpiricNetwork 1.2/ Many oracles run permissioned off-chain infrastructure. They often involve 3P price feeds from external nodes. This architecture introduces an additional layer of consensus, which creates inefficiencies and can be compromised.