Decentralized finance (DeFi) is growing rapidly. Total Value Locked, a measure of money managed by DeFi protocols, has increased from $10 billion to just over $40 billion over the past two years after peaking at $180 billion.
Elephant in the room? In 2021 alone, over $10 billion was lost to hacks and exploits. Feed that elephant: Today’s smart contract programming languages fail to provide adequate functionality for creating and managing assets, also known as “tokens.” For DeFi to become mainstream, programming languages must provide asset-oriented features to make DeFi smart contract development safer and more intuitive.
Current DeFi programming languages have no concept of assets
Solutions that can help reduce DeFi’s years of hacking include code audits. To some extent, auditing works. Of the 10 biggest DeFi hacks of all time (give or take), 9 went unaudited. But putting more resources into this problem is like adding an engine to a car with square wheels. I can run a little faster, but I’m running into an underlying problem.
Problem: Programming languages used for DeFi today (like Solidity) have no notion of what an asset is. Assets such as tokens and non-fungible tokens (NFTs) exist only as variables (mutable numbers) in smart contracts such as his ERC-20 on Ethereum. Protections and validations that define how variables should behave. For example, variables should never be used twice, never drained by unauthorized users, transfers should always be balanced and net zero. All should be implemented by Each smart contract is written from scratch by a developer.
Related: Developers could have prevented crypto 2022 hack if they had taken basic security measures
As smart contracts become more complex, so do the necessary protections and validations. people are people. Mistakes happen. A bug occurs. money is lost.
Case in point: One of the best DeFi protocols, Compound, was exploited for $80 million in September 2021. Why? The smart contract contained ‘>’ instead of ‘>=’.
knock-on effect
As smart contracts interact with each other, such as when a user trades a token for another, messages are sent to each smart contract to update its list of internal variables.
The result is a complex balancing act. It is entirely her DeFi developer responsibility to ensure that all interactions with smart contracts are handled correctly. Solidity and the Ethereum Virtual Machine (EVM) do not have built-in inherent guardrails, leaving DeFi developers to design and implement all necessary protections and verifications themselves.
Related: Developers Must Stop Crypto Hackers in 2023 or Face Regulation
As such, DeFi developers spend almost all of their time securing their code. And if you double-check, triple-check it, some developer reports that he spends up to 90% of his time validating and testing, while he spends only 10% of his time building features and functionality. increase.
With the majority of developer time spent fighting insecure code, and a shortage of developers, how has DeFi grown so quickly? Despite the challenges and risks, there seems to be a demand for self-sovereign, permissionless and automated forms of programmable money. Now imagine how much innovation would be unlocked if DeFi developers could focus their productivity on features rather than impediments. The fledgling is the kind of innovation that enables a $46 billion industry to disrupt an industry as big as the $468 trillion global finance.
innovation and safety
The key to DeFi being both innovative and secure comes from the same source: providing an easy way for developers to create and manipulate assets, making assets and their intuitive behavior native capabilities. The assets created should always behave predictably and adhere to common sense financial principles.
The asset-oriented programming paradigm makes creating assets as easy as calling native functions. The platform knows what the asset is: .initial_supply_fungible(1000) creates a fungible token with a fixed supply of 1000 (beyond the supply, more token configuration options are also available) . On the other hand, functions like .take and .put get tokens from somewhere. and put them elsewhere.
Instead of a developer writing complex logic to tell a smart contract to update a list of variables, asset-oriented programming intuitively expects DeFi’s fundamental operations to be written in the language’s native functions. is. Asset-oriented programming ensures that no tokens are lost or leaked.
This is how DeFi can be both innovative and secure. And this is how we change the mainstream perception that DeFi is a western to the perception that DeFi is a place where you have to save your money.
Ben Farr He is responsible for partnerships with RDX Works, the core developer of the Radix protocol. Prior to joining RDX Works, PwC and he held management positions at Deloitte, serving clients on issues related to financial technology governance, audit, risk management and regulation. He holds a Bachelor’s degree in Geography and Economics from the University of Leeds and a Master’s degree in Mapping.
Authors who have disclosed their identities to Cointelegraph have used pseudonyms for this article. This article is for general information purposes and is not intended, and should not be construed as legal or investment advice. The views, thoughts and opinions expressed herein are those of the author and do not necessarily reflect or represent the views or opinions of Cointelegraph.