In the continuous heat of the burning DeFI landscape, allowing all participants earning potential beyond the wildest dreams of those using traditional finance, there are still some concerns to be ironed out. This article is dedicated to the most important subject in the realm of DeFi: Security.
The original idea of a decentralized exchange was that you would never have to worry about the management of the DEX, maintenance, or servers crashing. The decentralized nature of the DEX would ensure that the network continues to run even if a few nodes go down. Especially when nodes are theoretically scattered across the world.
However, in view of hacks continuing to occur specifically due to the mistakes in smart contracts you should take a closer look at the security on DEX subject.
How the DEXes operate and why the hackers can find the way in?
There is a whole universe of decentralized exchanges out there; They all differ, and they all are built on different blockchains. The most popular being Ethereum, with Cardano and Solana following.
First of all, it matters which blockchain the DEX is using, as the various protocols each provide different infrastructure. While Ethereum is currently the most popular smart contract platform, it is not always nice to be a pioneer.
The DAO case illustrates this well. The Ethereum DAO (decentralized autonomous organization ) was launched in 2016. After raising $150 million USD worth of ether (ETH) through a token sale, The DAO was hacked due to vulnerabilities in its code base. The Ethereum blockchain was eventually hard forked to restore the stolen funds, but not all parties agreed with this decision, which resulted in the network splitting into two distinct blockchains: Ethereum and Ethereum Classic.
History has a way of repeating itself and unfortunately, we are seeing continuous problems with the roll-out of smart contracts on Ethereum. It took years of testing, and billions of dollars in lost funds to get smart contracts on Ethereum to where they are today, and even now billions are lost per year on that platform in scams and frozen in poorly written smart contracts.
If you look at other protocols built now, such as Cardano or Solana, they actually could be in a better position if they are wise enough to heed the previous mistakes already made during development on the Ethereum chain. For our purposes we will consider and compare Cardano-based DEXes as examples.
Let’s have a look at Minswap; this DEX is an automated market-maker (AMM) decentralized exchange (DEX) based on Cardano. Here the DEX is apparently having similar problems to early-stage Ethereum smart contract development. The recent security issue found in Minswap’s smart contracts is not a mark against the Minswap team, and neither do we suggest that Plutus as a language is insecure; quite the opposite, Plutus has the potential to create the most secure contracts in the DeFi space. It does however illustrate the fact – uncomfortable as it may be – that there will be more security faults and breaches. That even a veteran, and quality team such as Minswap’s (not to mention the team that audited the code separately) could miss such a critical vulnerability speaks volumes as to the young nature of the language and tools being used.
Then there are other solutions that can be implemented for the DEX, and they are starting to look smarter and safer at this moment in time. The MeowSwap team has taken the view that using a nascent smart contract language that has yet to have best practices or standards implemented would be irresponsible when dealing with user funds. This is why at this early stage they have implemented a solution using Cardano native multi-signature scripts; which by their nature are far more secure, with a view that when proper standards are in place, and they are satisfied from a security perspective – MeowSwap will migrate to Plutus smart contracts.
MeowSwap’s solution is not perfect, but it is the most secure way to handle your assets at this point in the adoption of Plutus smart contracts; using native multi-signature wallets to store funds and distributing the signatures between trusted parties in the community so no single individual can ever access our user’s assets. MeowSwap’s pathway to full decentralization includes adding many user-controlled full-cardano nodes to their L2 network; in this manner, your funds will become ever more secure over time.
Smart contracts and decentralization
Let’s now move on to the decentralization question. Somehow there is a huge misunderstanding regarding the nature of decentralization in relation to smart contracts, a smart contract actually has nothing to do with decentralization! Bitcoin for example has no smart contracts and yet is almost perfectly decentralized.
A smart contract in which the developer has the signature to update the contract at will is on the other hand fully centralized. Building a truly decentralized smart contract with DAO functions that allow to update it with token votes, and distributing the token to enough people so it can be considered decentralized enough is a serious undertaking that takes a great deal of time and effort. Rushing such solutions to be the first on the market generally leads to security risks and loss of user’s funds. So ask yourself – where do you want to store your hard-earned assets?
We can not force you to use a known, reliable method of securing funds over a new method that may or may not have further security flaws caused by the infancy of the tech and human error – what we can do is give you a choice and help you in understanding the risks.