Audited or not, DeFi DApps present risks
Andre Cronje, the creator of Yearn.Finance, has recently made security audits of his project publicly available. He explained to Cointelegraph that he had been previously withholding these audits, which were completed months ago, so as to not give users a false sense of security:
I always refused to publish the audits because I don’t want people to get a false sense of security because of them.
Yesterday, Cronje published five audits on the project’s GitHub repository. The audits were performed between February and July by leading auditors, such as Certik and Quantstamp. Some of the vulnerabilities that were discovered are classified as “critical”. For instance, Certik identified “a major vulnerability, which under quite common situations could temporarily block users from withdrawing all of their funds.” Cronje explained that although this was a design choice, it is still a vulnerability:
If you lend, the risk always exists that there are more assets borrowed than the available liquidity to withdraw.
He added that other major DeFi projects like Compound and Aave share this vulnerability. Cronje decided to publish these audits as proof that he subjects his code to external scrutiny, but regardless, people “throw money into contracts when they see ‘audited'”:
“But since the whole ‘no audit yolo’ narrative, decided to share them, so people understand, I still do audits, I just don’t share them, because I want people to understand the risk.”
Another DeFi project called Yam.Finance recently collapsed due to an irreconcilable bug after launching without external audits.
Source: , CoinTelegraph
Articles listed with Cash Tech News as the author are either general information, or may have been imported from another website, to bring our readers a rich media experience that encompasses articles that we find interesting, as well as those curated by others.
The views and opinions expressed here are for informational purposes only, and should not be confused with professional financial advice. These opinions are solely those of the author and do not necessarily reflect the views of CashTechNews.com. Every investment and trade involves risk. You should conduct your own research, and contact your professional financial advisor before making any investment.
Corrections, feedback, and ideas should be submitted through the website contact form.