DeFi Security Issues: Hidden Risks and the Importance of Decentralization

Since February 2020, the DeFi sector has suffered hundreds of millions of dollars in losses. Despite experts repeatedly warning about the potential risks of the DeFi ecosystem, developers seem to have not fully taken this issue seriously in an environment where the market remains hot and the scale of locked assets continues to rise. However, the hidden dangers lurking beneath the surface of the celebration still exist.

YFI Protocol Encounters Flash Loan Attack

At the beginning of 2021, the former DeFi king Yearn Finance became the first victim of a flash loan attack that year. According to analysis from a security company, the attacker targeted Yearn Finance's DAI strategy pool. The attack process was complex and involved multiple steps:

1. Borrow a large amount of ETH from multiple platforms
2. Use borrowed ETH to obtain DAI and USDC on a lending platform.
3. Inject most of the funds into a stablecoin trading pool to control the majority of liquidity.
4. Causing an imbalance in the pool ratio by withdrawing part of the USDT
5. Deposit DAI into the Yearn DAI strategy pool using the imbalanced ratio.
6. Triggering withdrawals after restoring the pool balance, resulting in losses for the strategy pool.
7. Repeat the above steps multiple times to ultimately profit.

The attack resulted in losses of up to tens of millions of dollars for Yearn Finance.

Root of the Problem: Fragile Price Mechanism

The core issue exposed by this incident is not the flash loan itself, but the fragile pricing mechanism that exists within DeFi protocols. The combination of certain protocols uses LP shares to determine prices, and this mechanism is easily manipulated.

Different DeFi protocols can be compared to different countries, each "country" has its own rules. Savvy "traders" look for arbitrage opportunities by studying the differences between these rules. This behavior is essentially hard to blame, as it merely exploits the loopholes within the established mechanisms.

Key to DeFi Development: Emphasizing Security

Currently, many DeFi protocol developers focus too much on speed and efficiency, neglecting the core values of blockchain. Unlike Bitcoin, which ensures security through a complex consensus mechanism, some DeFi projects adopt overly simplified pricing determination methods, such as relying on a few "trusted" nodes or simple LP share calculations.

This approach is contrary to the essence of blockchain decentralization and consensus-driven mechanisms. A truly secure pricing mechanism should be permissionless, verifiable by anyone, and become more robust as the scale of participants grows.

Adhere to the principle of Decentralization

Some projects are attempting to establish a permissionless, verifiable no-arbitrage space price synchronization mechanism. This mechanism generates on-chain price data through multi-party games, and its quality improves as the scale of participation increases.

The on-chain prices generated by this multidimensional, non-cooperative game mechanism are the cornerstone of safety that the DeFi industry should pursue. Upholding the decentralized nature of blockchain is not only a technical choice but also a fundamental principle for the development of the entire industry.