Centralization issues have emerged as the main attack vector in decentralized finance (DeFi), facilitating the largest share of the hacks -- with USD 1.3bn worth of user funds stolen in 44 DeFi attacks last year, according to a recent report by security-focused ranking platform CertiK.
CertiK’s experts say they identified some 286 discrete centralization risks throughout the 1,737 audits they performed in 2021.
Data on centralization’s impact on DeFi security “underscores the importance of decentralization and highlights the fact that many projects still have work to do to reach this goal,” according to the report.
It added that,
“Centralization is antithetical to the ethos of DeFi and poses major security risks. Single points of failure can be exploited by dedicated hackers and malicious insiders alike.”
Among the attacks, DeFi lending protocol bZx (BZRX) was found to be exploited for more than USD 55m last November as a result of a private key mismanagement -- serving as an example of privileged ownership which enabled the attackers to gain complete control of all contracts controlled by the key. In total, privileged ownership was detected 76 times in the company’s audits, according to the study.
Missing event emissions were the second most common potential vulnerability after centralization risks, found in 211 instances by CertiK’s auditors.
The utilization of an unlocked compiler version was another common code error found by the firm’s experts, at 176 instances, and CertiK’s experts came across 104 lines of code which lacked proper input validation.
Reliance on third-party dependencies, with 102 instances, was another identified potential source of trouble, according to the figures from the report.
Set up in 2018 by
Read more on cryptonews.com