DeFi has been quite popular among investors and hackers over the past few years. Hackers are taking advantage of a wide variety of loopholes in DeFi projects and smart contracts. However, by understanding the root causes of DeFi hacks, we can protect our projects against future hacking incidents.
Root Cause of Major DeFi Hacks So Far
A comprehensive list of the root causes of over 100 smart contract hacks, including the affected project’s name, type of security incident, the amount lost, the snippet of vulnerable code, etc., was created by Sun of the XREX security team.
This list was created so that the root causes of hacks can be understood so that future projects can be benefited.
As per this list, most hacks happened due to “insufficient validation.” Moreover, in the DeFi space, code is often re-used, and projects end up inheriting similar vulnerabilities from other projects.
It demonstrates that the developers in the DeFi space need to pay special attention to the code used, particularly the conditional code, so that the user input can be validated before processing it.
DeFi Projects and Smart Contracts Must Be Audited to Shield Against Hacks
The projects that became victims of hacks could be saved with a proper security audit. According to the Rekt Leaderboard, the top 20 biggest DeFi hacks were of unaudited projects.
Mudit Gupta, chief information security officer of Polygon, said, “smart contracts should be audited before being released into the market.”
New audits should happen every time updates are made to the project to ensure security. It is because security audits help recognize and rectify any vulnerability that hackers can exploit.