Nothing is perfect and decentralized finance is no exception. Here are some of the negative aspects of0 the platform.
Security issues:
The smart contracts which form the backbone of the DeFi platform are susceptible to manipulation.
By default, these contracts are open-source.
This design allows you to inspect and review them before making your decision to invest in the DeFi protocol.
Most DeFi protocols hand their contracts over to security firms for auditing—and that’s where they may run into trouble.
Human beings can miss flaws in these contracts that might be exploited at some future date.
As an example, take a look at the DAO or Decentralized Autonomous Organization.
This investor-directed venture capital fund was launched in April of 2016.
It quickly grew to become one of the world’s biggest crowdfunding platform, managing around $120 million.
By June of that same year, hackers had located and exploited a vulnerability in the smart contract.
They stole about a third of the funds, relocating them into a “child DAO” with the same structure as the parent protocol.
It took weeks for some users to be able to access their funds, making this the largest hack in crowdfunding history.
This incident alerted the DeFi community and now, developers who build protocols ensure that their smart contracts undergo multiple rounds of auditing.
Data feed centralization: Blockchain protocols can’t access data that is off-chain.
In order to remedy this shortcoming, many use third-party services called oracles.
These allow access to needed external information.
As Forkast puts it, “Oracles serve as bridges between blockchains and the external world, relaying information to smart contracts for them to utilize.”
The major issue with all this is how to create a central trust point in a trustless and decentralized setup.
This can provide a vulnerability for the entire smart contract.
If an oracle should broadcast the wrong information, it could wreak havoc with the entire system.
Let’s look at the case of Synthetix, for example.
This is a DeFi asset issuance platform. In June, 2019, an oracle transmitted false price feed information to the platform’s smart contract.
One user’s trading bot took advantage of this error and bought big,
inflating the user’s balance, allowing that user to convert around 37 million Synthetic ETH (sETH) tokens—worth around $70 million! The company later reached out to the user, who agreed to reverse the transaction in return for an undisclosed “bug bounty.”
Hackers:
In September 2020, top crypto exchange KuCoin confirmed that hackers had transferred about $150 million in Bitcoun and ERC-20 tokens from its hot wallets.
Days after the actual event, blockchain intelligence software Elliptic did the math and discovered that the exchange had actually lost about $281 million.
The hackers laundered the funds through DeFi protocols Kyber Network, Uniswap, and others.
Elliptic explained that many centralized exchanges had frozen the hackers’ accounts so they couldn’t move the funds, but that they had utilized decentralized exchanges which had no central authorities to freeze their illegally obtained funds.
