DeFi security risks – Is it safe to connect wallet to DeFi platforms?
This is a quick topic on the security of the DeFi platforms.
You all know that DeFi (Decentralized Finance) is the hottest topic right now in the blockchain space.
There are many DeFi platforms that have been in circulation for years. But only in 2020 this subject came to the center of the cryptocurrency space.
Currently a wave of new applications are being build everyday providing all kinds of financial services which was previously limited to the traditional banking sector. All these applications that are built on top of the Ethereum network for the purpose of hosting DeFi applications have different benefits.
The main application branches are:
- Lending – Users lend their cryptocurrency and earn interest on them.
- Borrowing – Users borrow cryptocurrency by depositing securities and then paying a loan interest.
- DEX – Decentralized exchange service where users can exchange cryptocurrencies without any central authority.
- Derivatives trading – Applications offering complex financial instruments such margin trading, options and futures trading.
- Payments – Services providing cheap and fast payment solutions in a decentralized way.
To use these DeFi services that is whether you wish to trade, swap, stake or yield farm; you need to connect your wallet.
You cannot connect all wallet types. Only web3 wallets that allows users to connect to the decentralized web and interact with the DApps can be used. Some of the popular wallets that users use to connect to these DeFi platforms are MetaMask, Trust wallet and Coinbase wallet.
Now the question is; is it safe to connect your wallet to DeFi platforms especially connecting and giving access to some not so well known unaudited DeFi platform.
Is it safe to connect wallet to DeFi platform?
Recently one of our user asked “is it safe to connect my MetaMask wallet to a DeFi site that is not audited and is not so well known. I’m wondering whether they could somehow steal the funds that I have on my Metamask wallet.”
First of all when you connect your wallet to any of the DeFi platform you are only allowing the site to view the addresses of your permitted accounts. That is they can read the value of Ether and the ERC20 tokens that you have in your account. They cannot spend your funds until unless you approve it.
But when you have to use the platform you have to allow the app to withdraw tokens and automate transactions for you. So when you grant this permission you are basically giving the smart contract permission to transfer tokens on your behalf.
Only after granting access the smart contract will withdraw the necessary funds from your wallet and execute the transaction.
Now if the smart contract which you are giving approval to is broken then there is a possibility of stealing tokens from your wallet other than what you’ve actually specified. This is why you only need to connect and grant permission to sites that are popular and trustworthy.
Also some services have infinite approval option as default. So before you grant permission and allow the site to withdraw your tokens click edit permission and set custom spend limit. This way the site can only spend tokens that you’ve approved. Even if the smart contract is faulty you’ll only lose the number of tokens that you’ve given access.
Hope that makes sense.
Now here are few risks that you need to understand before you interact with DeFi protocols.
DeFi security risks
One of the biggest advantages of DeFi over CeFi (centralized finance) is that they are anonymous and trustless. Other than that they are considered to be extremely secure since they are not operated on a centralized server by some third party. But the fact is there are some security risks on decentralized platforms as well.
While they may not be at high risk of security breach like some of the centralized platforms; there are still some risks. Like for example if the smart contract has some exploitable vulnerabilities which is unaudited then it can posses a huge risk to its stakeholders.
In 2020 alone there have been more than a few incidents where the DeFi exploits have happened. All because of the vulnerability in the platform’s code. Some well known examples are Bzx and Lendf.me protocol.
Remember that in blockchain applications there is no quality assurance process. Also most of the DeFi applications don’t have any insurance pools like some of the centralized exchanges has. If the platform gets hacked then the money is gone.
So how do you ensure that the DeFi platform that you are interacting with is safe?
DeFi safety measures
DeFi projects are open source and so their code is auditable. However majority of cryptocurrency users do not possess the technical knowledge to audit the code nor have a reliable method to check the security of the DeFi platform.
So how can a regular user know whether or not a DeFi platform is safe? Should they blindly trust the smart contract written by some unknown programmer?
Most DeFi projects supply the audit report of their platform. Other than that there are specialized teams in the space (for example: consensus) auditing these protocols and providing the scores based on security and transparency.
Just give a simple Google search and you will learn more about it.
There are sites like https://defiscore.io/ and https://defisafety.com/ that consistently evaluates DeFi projects.
Other than that use websites like https://defipulse.com/ that provides analytics and rankings of DeFi protocols.
Only Use websites that are popular and as an user do your own research before you interact with these sites.
Use a separate wallet only to interact with these platforms.
Also as we pointed out before do not grant access to all of your holdings. If a DApp has a malicious bug then the attacker could steal your funds without your consent.
Stay away from scam tokens and most importantly risk only what you can afford to lose.
Remember that DeFi is still in its early stages. The tech is huge but it still needs a lot of polishing.
What do you think about the security of the DeFi platforms? Feel free to comment below.