The Auditing Chicken-Egg Paradox
For some people, audits are the solution to the security problem of DeFi smart contracts. In reality, they're just a boomer-trap. "Auditing" has the reputation of a holy grail, but really it just refers to the process whereby coders test the code of others. This is undoubtedly helpful; the more experts who test a program, the less human-based errors it will experience. However, audits are ultimately overvalued, for three reasons:
  • Humans cannot fully trust other humans; auditors can have different incentives than issuers, and may actually be less-skilled than them.
  • In general, bugs only end up revealing themselves in unpredictable conditions. Even with audits it is often impossible to be sure if software is 100% secure, and in finance, you have to take this into account.
  • Trusting auditors as the final security measure is on par with trusting Credit Rating Agencies in 2008. As we all know, that led to lobbyism, and worse… 💥!
Consider some of audited DeFi startups that have experienced the consequences of bugs and multiple points of failure: MakerDAO | Balancer | dForce and others. These organizations have lost user funds and are over-reliant on centralized, unsustainable emergency strategies. (Ironically, some unaudited DeFi dapps never experience such problems, even in weird market conditions.) To summarize: auditing doesn't equal security. Indeed, it's often nothing more than a marketing buzzword. We need a more pragmatic and reliable approach to ensure dApp security. This is why we are proposing a new one: Responsible DeFi!
Last modified 9mo ago
Copy link