According to a recent report by security-focused ranking platform CertiK, centralization issues have emerged as the main attack vector in decentralized finance (DeFi), facilitating the largest share of hacks — with USD 1.3 billion worth of user funds stolen in 44 DeFi attacks last year.
According to CertiK’s experts, during the 1,737 audits they conducted in 2021, they discovered 286 discrete centralization risks.
According to the report, data on the impact of centralization on DeFi security “underscores the importance of decentralization and highlights the fact that many projects still have work to do to achieve this goal.”
It went on to say,
““Centralization is incompatible with DeFi’s ethos and poses significant security risks.” Dedicated hackers and malicious insiders alike can take advantage of single points of failure.”
Last November, the DeFi lending protocol bZx (BZRX) was discovered to have been exploited for over USD 55 million as a result of private key mismanagement — serving as an example of privileged ownership that allowed the attackers to gain complete control of all contracts controlled by the key. According to the study, privileged ownership was discovered 76 times in the company’s audits.
CertiK’s auditors discovered missing event emissions as the second most common potential vulnerability after centralization risks, in 211 cases.
Another common code error discovered by the firm’s experts was the use of an unlocked compiler version, which occurred 176 times, and CertiK’s experts discovered 104 lines of code that lacked proper input validation.
According to the report’s figures, reliance on third-party dependencies was another identified potential source of trouble, with 102 instances.
CertiK, founded in 2018 by Yale and Columbia University professors, claims to specialize in blockchain security, employing artificial intelligence (AI) technology to secure and monitor blockchain protocols and smart contracts. There are 1,464 projects on the company’s security leaderboard, with a total market capitalization of USD 291 billion.