The Merlin lab project

bestmanbuka (28)in #merl • 3 years ago (edited)

DeFi is no longer a new term as more and more DeFi projects are created on the Binance smart chain(BSC). But, do these projects handle the farming capacity of individuals in the DeFi space? The truth is no. And, this is what gave birth to Merlin lab.

Merlin lab platform helps to maximize yield for users while offering them functionality, and it the equals a fully capable DeFi platform which most DeFi platforms has failed to provide to its users for years now. This platform understands the need to accumulate important cryptocurrencies and the benefits it brings. This is why they have built Merlin lab which can help you:

Auto-compound your assets as it serves as a yield aggregator, and therefore makes the process easier.

Gather more cryptocurrencies when you stake Merlin lab's token($MERL) without having to buy it the usual way.

The enhanced security measures adopted by Merlin lab

DeFi serves as a transparent financial ecosystem that is raised on Blockchain systems. This has resulted in DeFi attracting interest and regeneration of financial products. It is also open to faults and exposure. And, one of these exposures seen to be attacked by the DeFi space is flash loan attacks which has been the most recent.

What are flash loan attacks?

Flash loans can simply be put as a loan which a stranger can take without having to give away his/her money(collateral) like it is normally done. It can be seen as an unsecued loan, but in this case, no credit score is involved. This can only be possible when the borrower agrees to return the money which the lender has given out similarly and transaction the loan was given out. So, the question comes up? What can one do with a loan that needs to be related just after seconds of borrowing it?

The good side of the story is that you can make use of smart contracts in that transaction. It is quite possible to find means to make money using that loan, then keep your profits aside and return the original money that you were lent.

However, these flash loans also have problems of their own. Cryptocurrency and DeFi are exploratory fields, so it is highly expected especially when it involves a large sum of money. Ethereum has also had its fair share of flash loan attack i.e the 2017 DAO hack.

Features of a flash loan attack

Smart contracts: This can be used in flash loans as it allows the funds borrowed to be controlled in other ways.
Instant: Flash loans are given out immediately. The same contracts used for a particular flash loan should be made use of in the same transaction where the funds are lent out.
Unsecured loan: The fact that the lender does not collect a collateral to borrow out money doesn't mean that the borrower won't pay back. Instead, the borrower pays back the flash loan lender in an entirely different way, and it is immediately after borrowing.
Price manipulation: This is one of the easiest and commonest way to manipulate the flash loans by acquiring profits, and it is through arbitrage.

Flash loan attacks are common in the DeFi world, because it is easy to operate and also cost-effective for anyone to partake in.

What steps has Merlin lab taken to protect themselves from these flash loans attacks?

Here are the following changes that have been made to their code to guard them from flash loan attacks:

Preventing a different smart contract communication with the platform's own smart contract. The attacks on flash loan normally occur through smart contracts, so Merlin lab has come up with a way to prevent it, and this is by putting a hold on external smart contracts communicating with their own smart contracts. That means the risk of a flash loan attack happening on their protocol has been lowered.
Introducing a fair LP price calculation and using a fair asset price. This helps them to come up with a fair LP token price which makes it difficult for flash loan attacks to occur.
Merlin lab is currently making plans to carry out an insurance deal with Soteria. When the deal is active, it will allow their users to acquire insurance that will guide them from failures from smart contracts and possible exploits.
Merlin lab has sent their security updates to Certik and Haechi labs. Once they have been reviewed, the firms can now audit the updated codebase.

Security of the users on Merlin lab matters a lot to them, and this is why they have taken steps to make that possible. Merlin lab's development team has put in checks on the smart contracts and codes to reach the security measures which the platform looks forward to.

The recent hack on Merlin lab

Most DeFi projects are bound to be faced by one security exploit or the other. It is not a new case in the DeFi world. This security exploit happens on the BSC-based Merlin lab, and $680,000 was lost in the process.

Merlin Lab is already on its way to doubling up their security performance for the safety of their users. They plan to go through different audits from 3 different blockchain security audits. They have succeeded in completing one with Hacken which is a security audit that centres mainly on the security of blockchain. Certik and Haechi firms will follow soon, although they are in the process of completing the audits.

The hack that occurred on this yield aggregator is the method that was used in carrying out the attack and not the amount. The method noticed is similar to the hack on Autoshark and Bunny.

Conclusion: This platform has a very high potential especially for farmers in the DeFi space. Almost anybody in the DeFi space can participate, because it is easy to access and control by Merlins. The security of the platform is also commendable as they strive to make it possible within their power to fully protect their users and their funds from any form of attacks even in the future.