Decentralized finance — DeFi — is the collection of smart contract-based products and platforms that allow anyone in the world to borrow, lend, optimize yield, and much more.
Geographical location and the local economic infrastructure are no obstacle to getting involved in this revolutionary new form of finance. No more credit checks, no more mortgage interviews, just trustless, on-chain data.
The radical opportunity presented by DeFi earned a lot of attention from investors and speculators alike. The total value locked (TVL) in DeFi protocols grew 2200% in 2020, from $692 million on January 1 to $15.3 billion on December 31. TVL is a more useful metric than market capitalization when it comes to DeFi, as it accurately represents the equity that investors are willing to commit to these protocols.
While DeFi’s growth over the last year can be largely attributed to retail investment, 2021 is shaping up to be the year institutions start getting in on the game. As yields from fixed income assets continue to drop to historically low levels and unprecedented stimulus packages ratchet up inflation expectations, a massive amount of money is now seeking higher returns.
Forward-thinking asset managers are turning to DeFi. Circle — issuer of the popular stablecoin USDC — is set to launch the first high-yield digital dollar account aimed at institutions. By lending out to the capital-hungry crypto asset markets rather than oversaturated traditional markets, the account can offer up to 10.75% APY. While it will initially serve only businesses, there are plenty of options that cater to individual investors.
Yet if institutions are to follow the path blazed by retail, DeFi needs to match or preferably beat the security guarantees offered by the legacy financial system.
During DeFi’s explosive growth in 2020, nearly 40 separate attacks drained over $500 million of investor funds. Some of these made use of tactics as new and innovative as the protocols themselves. Others were repeats of previous exploits and remain frustratingly easy to prevent.
While any loss of funds is unfortunate, the security of DeFi has improved greatly over the last couple of years. CertiK is proud to have led the shift in thinking that has taken auditing from an unnecessary extra to an absolute essential for any serious project.
CertiK has been at the forefront of blockchain security since 2017. Our auditing and monitoring solutions have secured billions of dollars of value, while CertiKShield provides an on-chain insurance alternative that protects user funds from loss and hack.
Getting listed on any major exchange now requires a project to have passed auditing, as it’s simply too risky for exchanges to compromise on the safety of their customers’ money. But meaningful security doesn’t end there.
While auditing ensures code is sound before or at the time of its deployment, it can’t take into consideration the interactions a contract will have once released into the wild. The rapid rate of change in DeFi means that new tools and programs can pose new risks.
Worryingly, in 2020 more than $300 million was stolen from protocols that had passed a security audit.
It’s important to be protected while your contract is running, even if everything seems to be going smoothly. Our solution is CertiKShield: a decentralized on-chain risk-sharing pool that can provide full coverage for users and developers if funds are lost or stolen.
There are currently nine DeFi protocols making use of CertiKShields, and any project owner can protect their assets and those of their community by creating a new pool. To open a new pool, the project owner purchases protection with CertiK’s token CTK. This grants them indemnity from loss up to the total value of the CTK locked during a 21 day period. Additionally, a user Protection Pool is created, allowing investors in the project to purchase Shields to protect their own assets.
While DeFi offers many advantages over centralized finance, it also comes with its own unique features. For example, counterparty risk is greatly reduced when transacting with decentralized protocols. Yet this can lead to complacency, with the result being that there is often no backstop when things go wrong. In DeFi there is no SIPC to cover the losses of bankrupt brokerages, no SEC to enforce transparency and protect investors, and no FINRA to regulate the markets.
This means that risk-conscious users must take security into their own hands. It’s all part of the be your own bank ethos that brings unprecedented opportunity at the cost of a few new responsibilities.
We envision a world of decentralized finance where protecting your assets is as simple as checking a box when investing in a project, where on-chain technology protects transactions before they happen, and where security is a foundational pillar of every platform.
To achieve this, CertiK works with developers and innovators to not just audit their code, but also to provide real-time security tools such as QuickScan and the CertiK Security Oracle.
QuickScan leverages automated scanning technologies to check deployed smart contracts against a wide range of known vulnerabilities. QuickScan complements auditing and monitors the contract’s security even while it’s running.
The Security Oracle monitors and guards on-chain transactions, preventing DeFi projects from malicious attacks through real-time security checks. For example, if Contract A is interacting with Contract B, it can ask the Oracle to feed a security score for Contract B onto the blockchain. Now armed with this on-chain information, Contract A can require a certain security threshold to be met before the transaction is executed.
CertiK takes a defense-in-depth approach to protecting smart contracts and user funds. Our security suite can be used to audit and monitor smart contracts from testnet to deployment and beyond.
In combination with its unparalleled yields, a reputation for comprehensive security will help attract the kind of interest that can take DeFi from its current share of 3% of cryptocurrency’s total market capitalization to a level rivalling the legacy financial system. It’s a big dream, but one that CertiK is working to make a reality.
