In the past four years (2018 ~ 2022), the blockchain-based distributed finance (DeFi) industry has raised 253 billion US dollars, and the losses due to attacks have exceeded 3 billion US dollars. Although this is lower than the loss of the traditional financial system, it still sounds the alarm for fintech scholars. Distributed finance is not a silver bullet in the face of multi-level complex attacks.
The paper "SoK: Decentralized Finance (DeFi) Attacks Liyi" co-authored by Imperial College London, Technical University of Munich, University of Macau, Swiss Institute of Technology, University of California, Berkeley, etc. analyzed 77 papers, 30 audit reports, and 181 incidents. Some interesting analysis came up.
First of all, in terms of architecture, the attack involves four layers, from top to bottom:
- Protocol layer: realize the application of distributed scenarios, digital currency, exchange services, etc.;
- Smart contract layer: code, data structure and execution environment for implementing financial logic;
- Consensus layer: consensus algorithm (including PoW, PoS, etc.), incentive mechanism;
- Network layer: communication and network protocols, traffic analysis, data transmission, etc.
In addition, there are auxiliary services outside the chain, including client, operation layer, Oracle, etc.
A few statistics:
- The attack trend is increasing, with the highest in August 2021, with a monthly loss of 600 million US dollars. 3.1 attacks per month in 2020 and 8.5 in 2022;
- Attacks mostly occur at the protocol layer (mostly stablecoins and lending applications), smart contract layers and auxiliary services;
- Academic research is relatively average across layers, including network and consensus layers. However, almost all audit reports in the industry focus on smart contracts, and a small amount of them are auxiliary services;
- Most attacks are not fast and can be prevented by a pause at the protocol layer. But in fact, only 1 of the 87 protocols can respond within an hour;
- Auditing in advance can effectively prevent attacks. 15.49% of unaudited protocols were attacked, while only 4.09% of audited protocols;
- Early detection is a more effective method, and most contract loopholes can be detected in advance. However, there is currently a lack of effective protocol layer detection tools;
- Most attackers can be traced due to the centralized trading and mining mechanism used.
From the above statistical results, it can be seen that the attack and defense of DeFi is actually very close to the traditional attack and defense. The most common attacks are often not technically sophisticated enough to be identified at an early stage and effectively stopped, but systematic detection tools are currently lacking. In addition, academia and industry focus differently.
