Decentralized finance (DeFi) is growing rapidly. Total value locked, a measure of money managed by DeFi protocols, has risen from $10 billion to just over $40 billion in the past two years after peaking at $180 billion.
The elephant in the room? Over $10 billion has been lost due to hacks and exploits 2021 alone. Feeding that elephant: Today’s smart contract programming languages don’t provide adequate functionality to create and manage assets, also known as tokens. For DeFi to become mainstream, programming languages need to provide asset-centric functionality to make the development of DeFi smart contracts more secure and intuitive.
Current DeFi programming languages have no concept of assets
Solutions that could help reduce perennial DeFi hacks include audit code. To a certain extent, audits work. Of the 10 biggest DeFi hacks in history (more or less), nine of the projects were unaudited. But putting more resources into the problem is like putting more motors into a square-wheeled car: it might go a little faster, but there’s a fundamental problem at play.
The problem: the programming languages used for DeFi today, such as Solidity, have no idea what an asset is. Assets such as tokens and non-fungible tokens (NFTs) only exist as a variable (numbers that can change) in a smart contract like with Ethereum’s ERC-20. The protections and validations that define how the variable should behave, for example, that it should not be spent twice, that it should not be drained by an unauthorized user, that transfers should always be balanced, and nets to zero – everything must be implemented by the developer from scratch, for each smart contract.
As smart contracts become more complex, so do the protections and validations required. People are human. Errors occur. Bugs happen. The money is lost.
A concrete example: Compound, one of the most blue-chip DeFi protocols, was mined for $80 million in September 2021. Why? The smart contract contained a “>” instead of a “>=”.
The ripple effect
For the smart contracts to interact with each other, like a user exchanging a token with another, messages are sent to each of the smart contracts to update their list of internal variables.
The result is a complex balancing act. Ensuring that all interactions with the smart contract are properly handled is entirely the responsibility of the DeFi developer. Since there are no innate safeguards built into Solidity and the Ethereum Virtual Machine (EVM), DeFi developers must design and implement all required protections and validations themselves.
DeFi developers therefore spend almost all of their time ensuring that their code is secure. And double-checking – and triple-checking – as some developers report spending up to 90% of their time on commits and testing and only 10% of their time building features and functionality. .
With the majority of developer time spent fighting insecure code, compounded by a shortage of developers, how has DeFi grown so quickly? Apparently, there is a demand for self-sovereign, permissionless, automated forms of programmable money, despite the challenges and risks of providing it today. Now imagine how much innovation could be sparked if DeFi developers could focus their productivity on features and not failures. The kind of innovation that could enable a fledgling $46 billion industry to disrupt an industry as large as, say, $468 trillion in global finance.
Innovation and security
The key to making DeFi both innovative and secure comes from the same source: giving developers an easy way to create and interact with assets and making assets and their intuitive behavior native functionality. Any asset created should always behave in a predictable manner and in accordance with common sense financial principles.
In the asset-oriented programming paradigm, creating an asset is as simple as calling a native function. The platform knows what an asset is: .initial_supply_fungible(1000) creates a fungible token with a fixed supply of 1000 (beyond supply, many other token configuration options are also available) while functions like .take and .put take tokens somewhere and put them somewhere else.
Instead of developers writing complex logic instructing smart contracts to update lists of variables with all the error checking that entails, in asset-oriented programming the operations that everyone would intuitively expect to be fundamental to DeFi are native functions of the language. Tokens cannot be lost or depleted because asset-oriented programming ensures that they cannot.
This is how you get both innovation and security in DeFi. And that’s how you change the perception of the general public from where DeFi is the Wild West to where DeFi is where you have to invest your savings or you lose.
Far away is Head of Partnerships at RDX Works, the lead developer of the Radix protocol. Prior to RDX Works, he held senior positions at PwC and Deloitte, where he served clients on issues related to fintech governance, audit, risk management and regulation. He holds a Bachelor of Arts in Geography and Economics and a Masters in Mapping Software and Analysis from the University of Leeds.
The author, who disclosed his identity to Cointelegraph, used a pseudonym for this article. This article is for general informational purposes and is not intended to be and should not be considered legal or investment advice. The views, thoughts and opinions expressed herein are those of the author alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.