Having a due diligence done by a competent firm is a must have for any project, and with the expertise of QuillAudits it will be done flawlessly. The due diligence process for DeFi is based on the comprehensive approach we follow to investigate the code for security flaws and potential vulnerabilities, and the best possible ways to mitigate them.
While interacting with DeFi protocols, users' and investors' funds are likely to be stolen. Due Diligence in a DeFi project is one of the crucial steps in analysing DeFi protocols before using them.
There is a steep rise in DeFi-related scams and cryptocurrencies being stolen; having a thorough analysis of the DeFi project can help avert them. Investigating a DeFi project by considering the movement of funds between address to address can save users and investors from fraudulent activities in the DeFi ecosystem that is vulnerable and should be approached cautiously.
QuillAudits acknowledges the significant threats linked to the DeFi ecosystem, which can lead to many critical possibilities.
We identify ways the system is susceptible to be gamed or abused, what parts are exposed to centralisation risks like the point of interaction with oracles, and what governance mechanisms are in place that could be a potential threat to the investor funds.
The complex nature of DeFi protocols is not surprising that there are errors in the code that can provide malicious parties with an attack vector through which hackers can steal funds. One such attack was on DeFi protocol SushiSwap which was exploited for between $10,000 and $15,000.
The risk posed as it is trivial for a malicious party to take control of the singular source of data and manipulate the market to their profit. Oracles are a possible source of systemic risk, and their data feeding role is prone to manipulation.
DeFi protocols are based on public blockchains. These blockchains typically have a native digital asset. The price-performance of the asset of the supporting blockchain is likely to affect the value of the holdings locked in a DeFi protocol. While this may lead to profit, it is also possible that there are losses.
Unfortunately, due to a combination of factors, such as a lack of understanding and the complexities in technology, some regulators and jurisdictions are not in favour of the DeFi space. Fortunately, this issue is likely to be alleviated with time.
Risk mechanisms that are, by default, incorporated into a protocol's design are referred to as intrinsic protocol risk. Even if the protocols function as they should, they pose significant dangers to investment plans. With DeFi due diligence, risks can be mitigated from centralised counterparties to programmable mechanics in a protocol.
Attacks such as oracle manipulations, flash loan exploits or attacks exploiting contract logic bugs are extrinsic risks associated with DeFi protocols. Thorough analysis helps in identifying whether a trustworthy firm audits the protocol you are dealing with or not.
DeFi protocols depend on the blockchain infrastructure on which they are built. Compromising parameters like consensus mechanisms on a specific blockchain can lead to vulnerabilities in DeFi projects on those platforms. We check for the dependency of these protocols on the underlying blockchains.
If the asset price significantly changes from when the liquidity was delivered to the pool, investors in non-stablecoin AMM pools may experience losses. We analyse the traditional market risk elements like volatility and price manipulations that can impact investors' funds.
You should be cautious if a white paper briefly summarises a protocol without detailed information on the working of the protocol. If a project fails to explain its mechanism, it should be considered a Red Flag.
It tells how to interact with the protocol; verifying the documentation's uniqueness is one way to spot potential scams, as a good project has its documentation written by the project team.
It's often not a good sign when team members only post about and hype up the token for their project. A successful project team concentrates on the result, which is the protocol itself rather than the token.
Approaching projects with a sizable portion of the token supply allocated to insiders and project team members should be done cautiously. Tokenomics helps to understand the economic condition of protocol.
Each year, millions drain down the crypto hacks. Here are a few examples how hackers took advantage of the loopholes in the code to escape with millions:
In March 2022, $615M were stolen from Ronin Network, a platform powering the popular mobile game Axie Infinity.
In August 2021, the criminals transferred $611M-worth of Poly Network tokens to three wallets they controlled.
In September 2020, $275m worth of cryptocurrency was stolen from the Singapore-headquartered exchange KuCoin.
Caption: Values calculated according to cryptocurrency prices at the time of the theft
Source: Statista/Bloomberg, Business Insider, TechCrunch, CNBC, Ronin Network, Vice.
Very professional and timed delivery. Also very prompt in responses and queries.
The team is very supportive and they were able to work as per our requirements
QuillAudits did a great job with our audit, was very professional and provided quick service
QuillAudits provided security enhancements for Polygon projects, earning positive feedback for their prompt and high-quality service as an auditing partner.
Visit our help centre to clear out any doubts you may have regarding our partnership program.
DeFi & NFT Hacks, CTFs, and Blockchain Security Insights Straight to your Inbox. Explore our weekly newsletter: HashingBits. Stay updated on everything we’re publishing. Stand a step ahead.