Bitcoin News Australia

gm readers and welcome back to another edition of Decrypting DeFi. 

DeFi faced its very own contagion event this week after Euler Finance was drained of nearly $200 million via six flash loans and a vulnerability. 

It was a major blow to the sector, as Euler had emerged as the next great building block after Compound and Aave. 

Beyond flinging long-tail assets into the protocol and gambling risk à la Cream Finance, the popular crypto lender created isolated lending pools to help silo collateral damage should degens borrow against the wrong memecoin. 

Now, though, the whole ship’s sunk. 

It’s not just that: along with Euler, roughly 10 other DeFi protocols were affected thanks to the various integrations established along the way. Yield App, Swivel Finance, Angle, and several others all announced their level of exposure to their communities. 

Ironically, this ability to clip and connect various liquidity pools and lending platforms throughout the ecosystem was one of the key pillars of DeFi. 

Composibility, the devs called it. Money legos, yelled the meme gurus. 

“Composable protocols are the backbone of DeFi and blockchain technology in general and they are a super power for builders and users,” OpenZeppelin’s solutions developer Gustavo Gonzalez told Decrypt. “But like any super power they also present risks that need to be taken into account when designing and developing a smart contract system.”

Tuesday’s events revealed precisely how those risks can snowball into pandemonium.

“The Exploit of Euler Finance and the inherent impact on more than 10 DeFi Protocols who relied on Euler Finance shows us the other side of composability,” yield protocol Spool’s head of risk Hendo Verbeek shared with Decrypt. “Contagion by extension, which is even more sour given that a healthy part of the DeFi user base has a limited understanding when it comes to how protocols use each other.” 

As Verbeek mentioned, many felt blindsided by the hack. After all, Euler had undergone six different audits from some of the leading software auditing firms in the game. 

So, what happened?

Turns out that there were several changes made to the underlying smart contracts after those audits were made. And it was these precise changes that led to the protocol’s vulnerability. 

In hindsight, it seems ridiculous that another audit wasn’t ordered, but Officer’s Notes, an anon Twitter account that tracks hacks and opsec in the crypto world, told Decrypt that the industry is still waiting for a standard security process. 

While the industry waits for said standard, projects should be actively combining audits and go heavy on the bug bounties, “which will end up being cheaper for a company/protocol/project that needs to have their smart contracts checked,” they said. 

Euler’s has to be one of the biggest losses in DeFi for some time. Still, it’s not over yet for the money lego narrative, said OpenZeppelin’s Gonzalez. 

“It’s only another reminder as to why security is difficult and monitoring is important,” he said.

But DeFi’s far from over—you just need to know where to look. 

How did DeFi do during the banking chaos?

As Circle was reeling with $3.3 billion locked up in a bank that was slowly sinking, its stablecoin plummeted as low as $0.87.

Many degens punted at this pico bottom, borrowing USDT against ETH to scoop up the discounted token, and have since reemerged victorious. 

Others cut their losses and fled to more decentralized pastures. 

The market cap for Maker’s DAI was one big winner in all this. Though its backing is primarily made up in USDC, and it too fell off its peg, the market capitalization for the largest decentralized stablecoin soared and has stuck there. 

Likewise for Liquity’s LUSD and the lesser-known RAI. Each of these stablecoins served up relatively safe decentralized alternatives when SVB hit the fan. 

And as they were scrambling for the exits, platforms that offered the best deals on broken stablecoins hit new record volumes (and earned their liquidity providers a pretty penny in the process). 

In the heat of the depegging, Curve Finance posted volumes of $6.03 billion. 

During the week of March 11, Uniswap did nearly double that across its WETH-USDC, USDT-USDC, and DAI-USDC pools.

In the end, it certainly wasn’t a win for DeFi. But it’s still here, and clearly, traders still need it. 

For now, perhaps that’s enough. 

– Liam Kelly, Europe News Editor (@Liam_Gallas)

Attend hack.summit() for free! hack.summit() is a massive blockchain virtual event, from the comfort of your home March 31-April 1. An unprecedented line-up of blockchain leaders are speaking — a great opportunity to learn!

We’ve negotiated free passes for the Decrypt community to attend using promo code DECRYPT.

Register here, FREE — https://hacksummit.org →

Paul Grewal is the Chief Legal Officer at Coinbase and a former U.S. magistrate judge in Northern California. He gave Dan Roberts and Stacy Elliott his candid takes on Sam Bankman-Fried and FTX, the SEC’s crackdown on staking, the sanctioning of Tornado Cash, and more alpha on how Coinbase is approaching the current unfriendly US regulatory environment.

Listen to the podcast here →

(Source: Twitter)

Enjoying our emails? Forward this to a friend! They can subscribe here.