Crucial next step for a more secure DeFi ecosystem will be for developers to minimize or eliminate governance and oracles, said Dan Elitzer, co-founder of venture firm Nascent.
Thank you for reading this post, don’t forget to subscribe!
Oracles introduce a centralized point of failure to a primitive which is aiming to become a hub of financial activity, said Elitzer of Nascent, which has investments in Optimism, Balancer, and Messari. Oracles are an external source of data which provide information to smart contracts on the blockchain.
Meanwhile, governance systems are vulnerable because tokens represent votes. This means that votes can essentially be bought. For example, a project called Beanstalk lost $182M in one of the largest hacks in DeFi history thanks to a governance attack.
And Chainalysis, a data platform, estimated that oracle attacks led to $403.2M in stolen assets in 2022.
Elitzer previously co-founded IDEO CoLab Ventures and launched Yam Finance at the height of DeFi Summer. He penned an essay in 2019 on the now-prevalent yield-accruing tokens, and now, he says, here’s a new trend emerging: “Oracle-free” protocols which reduce these attack vectors.
Ajna Protocol, is a lending protocol aiming to launch this quarter, is one of them — the project emphasizes that it “requires no governance or external price feeds to function,” in its documentation.
Bring-your-own Oracle Design
Elitzer specifically argues not for DeFi primitives to eliminate oracles altogether, but to rather use a “bring-your-own-oracle” design.
“Some users may choose to use a service that relies on Chainlink and mirrors the collateral assets and ratios of Aave,” he wrote in his essay. “Others may choose to use a Bloomberg API and only lend against ETH at conservative collateral ratios.”
Governance as Security Threat
On the governance side, Elitzer sees the ability to vote on changes to protocols as a security threat. If governance can make changes to a protocol that protocol has a dependency — this contrasts with the idea that a primitive in DeFi is dependency-free, and not subject to change.
The investor said now is the time to re-think DeFi’s building blocks.
“When things are going crazy and everything’s up and to the right, no one is going to go back and do the hard work to clean up,” he said. “Let’s see if we can actually put ourselves on more solid footing before the next bull market.”
take from: https://thedefiant.io/