a16z Crypto Proposes New DeFi Security Approach: Transition from Code to Regulatory Law

A New Path for DeFi Security

Daejun Park, Senior Security Researcher at a16z Crypto, has proposed a shift in how DeFi protocols approach security. Instead of the traditional 'code is law' model, Park suggests moving towards a framework where security is governed by standardized rules and invariant checks. These checks can hardcode safety mechanisms to automatically roll back any transactions that violate predefined rules.

This approach could detect and prevent attacks in real-time, as Park notes that nearly all known vulnerabilities would trigger such checks. By implementing these safeguards, DeFi protocols can potentially stop hackers before they can exploit system weaknesses.

Industry Challenges Amid Rising Attacks

According to a report by Slowmist, hackers stole over $649 million through code vulnerabilities last year. Even established protocols have fallen victim, with Balancer losing $128 million in November 2021.

Developers are also growing concerned that attackers are increasingly using AI to identify and exploit vulnerabilities, adding pressure to strengthen DeFi's security infrastructure.

Technical Limitations and Industry Debate

• A security lead at Immunefi pointed out that invariant checks may increase gas costs, which could lead to a worse user experience.
• Co-founder of Asymmetric Research highlighted the difficulty in creating invariant rules that can accurately detect attacks without generating false positives.

Despite these challenges, Park's proposal opens up a new direction for DeFi security, encouraging the industry to explore a more balanced approach between code and regulation.