DeFi
Kofi Kufuor proposed his personal classification of assaults on decentralized finance (DeFi) protocols and indicated core vulnerabilities this turbulent phase is uncovered to.
4 main forms of assaults in DeFi
In line with his detailed put up, all assaults that resulted in cash being stolen from crypto protocols might be divided into 4 varieties based mostly on “vulnerability stack.”
1/ I collected knowledge on over $4B of crypto utility hacks
On this piece, I break down how the hacks have been executed, the instruments we have now to cease historical past from repeating itself, and predictions for the way forward for crypto securityhttps://t.co/W2A9lPz69O
— Kofi (@0xKofi) October 6, 2022
That mentioned, all current assaults are executed both in opposition to the ecosystem, protocol, good contract language, or infrastructure. Infrastructure assaults goal weaknesses of consensus, Web techniques behind DeFis, non-public keys and so forth.
Good contract language assaults exploit design flaws of programming languages used for good contract creation. Protocol logic assaults are executed beneath unhealthy enterprise logic and tokenomical weaknesses.
Final however not least, ecosystem assaults goal the interactions between varied DeFi protocols: to provoke an assault (or amplify it), malefactors borrow cash from one protocol and inject it into the liquidity swimming pools of one other DeFi.
Multi-chain apps and bridges beneath hearth
Ecosystem assaults are probably the most frequent: over 41% of all DeFi hacks belong to this group. On the similar time, ought to we exclude the three most devastating hacks from the evaluation (Ronin Bridge, Poly Community, BNB Chain bridge), infrastructure assaults resulted within the largest losses.
Out of ecosystem hacks, flash mortgage assaults with worth oracles are probably the most frequent; varied assaults on non-public keys (phishing, brute power, compromised keys and so forth) are dominant in anti-infrastructure hacks.
Ethereum-based apps witnessed $2 billion in stolen funds. Multiple half of assaults in 2020-2022 focused cross-network bridges and multi-blockchain apps.