AAVE itself has touched $60B deposits, but it's still SCARY to use DeFi -- did you know a while ago SAFE, the standard for managing billions of dollars in crypto had it's front-end hacked
front-end hacks have stolen billions of dollars in crypto
why? and how to improve?
a front-end of a dapp itself is a lot of moving pieces and variables each touching many different parts of a transaction lifecycle originating from the user
a front-end of a dapp has many attack vectors possible including domain registrar itself to it's team pushing a bad commit
i think it should be very important and a standard security practice for each app to do disclosures around how they manage the domain itself
which registrar, has the domain provider ever been hacked before? and if they do get hacked, what are failsafes against it
after proper domain maintenance hygiene is done, dapp developer should then disclose or should have clear rules about commit, merge and review
i think maybe SEAL team should also publish best practices around that
and always, always, ask your devs to never download anything from the work laptop
it's better if you can give work laptops which are pre-loaded with all the restrictions like how corporates do this
ik it sounds weird, but its important to set proper firewalls against scenarios like SAFE hack, where one dev downloaded a malware unknowingly and that injected a malware into the front-end itself
i mean even if you do all that, and someone's wallet itself got hacked also due to a front-end hack, you still are at risk
imagine someone took over a tier-2 extension wallet and attempted to get the private keys itself or just the password
then also you're f*cked
what should we do then? i think every dapp to best of their extent try to focus and create a front-end that is super secure against these kind of attacks, there's no perfect way. you just have to be paranoid all the time, thinking anything that can go wrong will go wrong.
and be fast in detecting and responding to any such kind of issue -- forget that you have a life if you're building in defi
on top, always do kyc of your employees, do good domain hygiene, good git access control hygiene, work-laptop hygiene and block by default any wallets that you think are shady
limit access by wallets that follow the best standards only
or introduce a yolo and safe mode for your users
in yolo mode, every wallet is allowed, and think are yolo and but in safe mode you're really really focused purely on the safety, which means you're completely even hosted over an ipfs and only necessary things are accessible
for analytics, users can see in yolo mode
to conclude, i just want to make it clear that building in defi has many attack vectors and it takes more than textbook reading to really serve your users in the best way possible
we at @SuperlendHQ take this very seriously for what we are building -- a unified intergace for onchain finance
btw, this was only about front-end attack vectors, i am sure there might be more scenarios as well which we are constantly debating and working on
but there's a whole lot of pandora box when we talk about economic security itself of defi protocols itself
more on than soon, about how do we handle all aspects of security at @SuperlendHQ while building the best ux
@SuperlendHQ interface*
excuse the typos
2.46K
4
The content on this page is provided by third parties. Unless otherwise stated, OKX TR is not the author of the cited article(s) and does not claim any copyright in the materials. The content is provided for informational purposes only and does not represent the views of OKX TR. It is not intended to be an endorsement of any kind and should not be considered investment advice or a solicitation to buy or sell digital assets. To the extent generative AI is utilized to provide summaries or other information, such AI generated content may be inaccurate or inconsistent. Please read the linked article for more details and information. OKX TR is not responsible for content hosted on third party sites. Digital asset holdings, including stablecoins and NFTs, involve a high degree of risk and can fluctuate greatly. You should carefully consider whether trading or holding digital assets is suitable for you in light of your financial condition.