Security Measures for Building in DeFi in 2021
The significant growth in DeFi from $700M total value locked in the beginning of 2020 to $40B+ today (and this activity excludes DeFi beyond Ethereum) means that the security model for DeFi protocols has to be adjusted to match this 40B+ industry. The model used back in 2020 may not be as applicable to the DeFi landscape nowadays.
At Alpha Finance Lab, we have thought through and implemented the new security model for all Alpha products and want to share with the broader DeFi community, as building a stronger DeFi ecosystem requires everyone's effort.
This security model is not only to mitigate exploit, direct impact on users from the exploit, but also any indirect impact on users. For instance, while there is no direct impact on Alpha Homora V2 users from the exploit, there is an indirect impact. Since C.R.E.A.M. V2 contract has been upgraded to halt borrowing interest rate on the bad debt and since the bad debt in ETH contributes a significant portion of the current lending pool size, ETH lenders on Alpha Homora V2 bear indirect impact from the low lending interest rate even when the utilization rate is high. As a result, we have implemented a short-term solution to distribute ALPHA to ETH lenders on Alpha Homora V2. Although this indirect impact on users will be unnoticeable as the lending and borrowing sizes continue to grow when borrowing is re-enabled, we still want to share with our community the new security model that will help prevent and mitigate any direct or indirect impact on users going forward.
New Security Model
The new security model that we have implemented for all the Alpha products include:
- Continuous peer reviews
- Continuous internal reviews
- Internal monitoring tools
- Active bug bounty program
Every Alpha product has been audited, and will continue to be audited by top audit firms. Additionally, we will conduct multiple peer reviews by top builders and security researchers in the industry through Reviews DAO and other similar programs. This continuous review will be applicable to not only the new products, but also the existing Alpha products. For instance, ALPHA staking contract is currently being audited by an audit firm and reviewed through Reviews DAO.
Internally, we will also conduct consistent internal reviews on the existing products. The internal monitoring and tracking tools that we have built will further help us maintain a top standard across all Alpha products at any given time.
Lastly, the standard bug bounty program in DeFi is deemed a ‘passive’ one (relying on external security researchers to come and hunt for the bug bounty). While this may work before, we believe the bug bounty program has to be an ‘active’ one, which we will implement and share more details soon.
As mentioned before, Alpha Finance Lab is committed to not only growing the Alpha ecosystem, but also setting a new standard in building a stronger DeFi ecosystem. We hope this information that we have shared will be helpful for others. Since building a stronger DeFi ecosystem is an ongoing process, feel free to drop us a message if you have more ideas in building a safer DeFi ecosystem!