DeFi on BTC: Leveraging SMART Contracts to build a financial ecosystem affordable to all
DeFi has been the buzz word of 2020 as it is disrupting the financial sector. DeFi stands for Decentralised Finance and it has made investing, trading, borrowing & lending simpler and accessible to a wider audience. A user just needs an internet connection & a cryptocurrency wallet to get on with it. It’s decentralized as it uses distributed ledger technology and blockchain to achieve a consensus regarding a financial transaction.
The current financial institutions are bound to record personal data for KYC (Know Your Customer) and complete due diligence as they maintain a centralized database. Blockchain technology provides scope for a decentralized database and hence the transactions recorded on it are gospel truth. Popular DeFi DApps (Decentralised Apps) are Uniswap, Maker, Aave, Yearn.Finance and Curve Finance.
It has many use cases which include a gamut of traditional applications as well as innovative products like liquidity pools & yield farming.
Smart Contract Components
A contract is a written promise between two entities that comprise a pledge to complete a certain task. A smart contract is a contract executed digitally on a blockchain network. It has 3 components:
Covenator: the party making the promise
Covenantee: the party to whom the promise is made
Object or the subject: for eg, collateral or underlying asset
Terms of agreement: for eg, time period, participating rules, penalties, etc
DeFi use case: Lending
One of the applications of DeFi is lending. In traditional non-DeFi system collateral & a lot of paperwork are required but here only collateral is sufficient. The lender platform such as Maker would take the digital asset as collateral and lend a certain amount of stablecoin based on an over-collateralized ratio (lending amount/collateral value).
For eg: user deposits 1 BTC (=20,000$), over collateralized ratio is 80%, platform fee (pf) is 50$ per transaction then the amount lent is 16000$ and he will have to return 16050$ to reclaim the collateral.
C (Collateral Value) = 20000$
r (Over Collateralized Ratio) = 0.80
A (Lending Amount) = rC = 0.80 x 20000 = 16000$
Total Amount to be returned to portal for reclaiming = A + Portal Fees (pf) = 16000$ + 50$ = 16050$ USDT
Current DeFi Ecosystem: vulnerable to hacks
Smart contract functionality is supported by Bitcoin (BTC), Ethereum (ETH), Ripple (XRP), EOS.IO (EOS) and Tezos (XTZ) blockchains. According to defiprime.com 203 projects are using Ethereum, 26 are using Bitcoin and 22 are using EOS. Clearly Ethereum has been the most preferred blockchain platform for building DeFi DApps.
Ethereum has been the most accepted protocol for smart contracts implementation but it is highly vulnerable too, hackers to date have stolen $100 Million from DeFi projects this year. It has happened not by chance but the underlying blockchain has bugs when it comes to the implementation of smart contracts securely.
Shortcomings of ETH based smart contracts
- Reentrancy: it occurs when an external contract calls for the current contract before initial execution is over, this leads to a change of state of the first contract which can be exploited by hackers
- Access Control: contracts have been found with insecure visibility settings exposing the private keys to hackers
- Overflow & Underflow: while defining the data types if the contacts are not well written, the processed values may overflow or underflow the defined size, and its a potential bug
- Unchecked Return Values For Low Level Calls: if any function keeps on continuing with processing even after returning a value eg: a boolean output such as FALSE, it can result in unwanted outcomes
- Denial of Service: hackers can exploit ETH smart contracts to cause DoS attack by repeatedly abusing access control, or artificially increasing GAS amount to compute a function, or behaving maliciously when being the recipient of a transaction
- Bad Randomness: ETH being open source, hackers have been able to figure out predictable answers to random function outputs, this has given them a chance to exploit
- Time Manipulation: as the time is recorded for each transaction, malicious nodes may record it incorrectly making the chain vulnerable
- Short Address Attack: malicious miners may pass incorrect inputs to technical functions resulting in giving a chance for hackers to take over
Clarity: a language to leveraging Proof of Transfer (PoX) to enable secure complex smart contract on BTC
Bitcoin, the largest and by far the most widely used cryptocurrency does not offer support for complex smart contracts. Moreover, simple contracts that can be executed on Bitcoin are often cumbersome to design and very costly to execute.
Blockstack has introduced Clarity, a language for predictable smart contracts. It enables utilizing the strength of the BTC chain by using PoX as the consensus mechanism. It's more powerful than Solidity (used for ETH based smart contracts) and helps in writing detailed contracts which are secure and hack-proof.
This article is a repost of my recent Publish0x article: