What Makes a DeFi Protocol Trustworthy？
The booming of decentralized finance (DeFi) has bought endless opportunities for crypto users.
Although this new industry is revolutionizing the way we access financial services, it’s still in the early stage of development and bears risks. Like banking, credit card, and financial industries, the DeFi industry also faces multiple shortcomings and attacks.
Even with security protocol advancements, increased third-party code audits, and the maturation of the crypto space in general, we still witness millions of funds being lost through hacks, smart-contract bugs, and theft. As of 2021, approximately $300 million worth of assets has been looted from DeFi platforms.
Here are some severe theft incidents in 2021 with the various reasons why they happened.
To summarize, the major sources of theft come from:
- Flash loan attacks: hackers multiply their holdings and abuse the system by engaging in high-volume transactions to inflate the price feed
- Rug pull: developers have a “back door” to withdraw all their locked funds in the smart contract from the liquidity pool
- Smart Contract Vulnerabilities: primary cause for DeFi exploits.
Phantom’s Approach: Security Code Audit
Regarding the 3 types of risks mentioned above, Phantom will use over-collateralization to create synthetic assets to prevent flash lending. The developer backdoor and smart contract vulnerability issue will be avoided through third-party audits.
A smart contract security audit is the technical assessment of blockchain applications and related artifacts to detect and eliminate smart contract vulnerabilities. The audit also checks the reliability of the contract’s interactions by following four primary steps: Assessment, Verification, Testing, and Reporting.
DeFi projects are public and therefore have auditable codes. DeFi products can effectively prevent security breaches by conducting a formal code audit before they go live. Audits are an essential part of Phantom’s code security management process. Phantom will publish the smart contract code and address on our official website.
Phantom will submit our smart contracts to the industry’s leading code audit organization before officially going live on the main network. This includes, but not limited to:
The Phantom team believes that only by following the best security guidelines and development rules can Defi provide customers with more efficient and secure services.
PS: Be Aware of the Scammers
Recently, there have been multiple fake users promoting Phantom token sales through messages on the market
To prevent and avoid scammers, please take note that:
- Currently, Phantom Protocol has NO token sale events
- We will NEVER ask you to send money to any contract address
- ANY offer that is NOT published through Phantom’s official accounts are fake & scams
Be sure to check everything in our official channels: