The recent token duplication incident at bZx, a DeFi lending protocol, which put their team a whopping USD 8 million in debt thanks to a bug in the code, raises a few important questions for DeFi.
First, as the project claims to be “the most powerful, fully functioned lending protocol in the space,” and still falls prey to malicious actors, what does that say about other DeFi protocols? This would make them ticking time bombs.
Second, their incident report also states that this incident is “surmountable,” which leads to the question of decentralization — should they be able to “move forward unimpeded,” as they claim?
Both this issue and the proposed remedy prove that DeFi, as a whole, doesn’t deserve its name with the glaring lack of decentralization. Even partial centralization is still not decentralized, as the latter does not allow for partial anything.
We know that a full hard fork was needed to mitigate the effects of the Ethereum DAO hack, setting a precedent as to how issues like this should be handled in a fully decentralized space.
Ideally, people who opt for decentralization understand the risks coming with it, and the lack of security that derives from having a central authority that is able to start anew whenever an incident like this occurs.
And third, bZx has already suffered two attacks before this. All three of them stem from exploitation of bugs present in their code, in spite of several audits that have been made by different security firms.
While nobody can expect every piece of code to work perfectly and some issues are bound to slip through after the launch, protocols should be held to higher standards when it comes to handling money.
In the light of all the issues bZx, as a self-proclaimed leader in the DeFi space, has seen recently, can DeFi as a whole expect to be taken seriously by non-participants?