UX
June 13, 2023

Ensuring Cross Chain DeFi Security: Umee's Robust Protection Measures

A look at some notable instances of security breaches in the DeFi space, and a discussion of the actions that Umee takes to prioritize security and protect both users and the platform.
By Cris
Share:

This post is brought to you by a member of the Umee Community DAO.

Author: @seniorpomidor95 / SeniorPomidor#4270

Edited by Cris & Daniel

As the decentralized finance (DeFi) continues to expand, ensuring the security of users’ funds and protecting against vulnerabilities becomes paramount. Umee, a pioneering cross-chain DeFi protocol built in the Cosmos ecosystem, recognizes the importance of security and has implemented various measures to safeguard users' assets. In this article, we will explore the importance of DeFi security and highlight Umee's proactive approach to mitigating risks. We will also examine some notable instances of security breaches in the DeFi space and discuss the security protection types deployed by Umee.

Notable Security Breaches in DeFi 

To emphasize the significance of security in DeFi, let's examine three notable cases with significant losses incurred due to safety vulnerabilities:

Paid Network

Losses: $127,000,000

Reason: Vulnerability in the smart contract

The original smart contract was updated and replaced with a malicious version. This allowed attackers to burn existing tokens and mint new ones, all of which eventually came to be under their complete control.

Cream Finance

Losses: $130,000,000

Reason: Re-entry vulnerability

Attackers exploited a re-entry vulnerability that arose because CREAM integrated AMP into its protocol. Using this vulnerability, attackers could borrow more assets than what was available to them.

Polynetwork

Losses: $610,000,000 (The attackers returned the funds)

Reason: Vulnerability in the smart contract

Through interactions between several of the project's smart contracts, the attackers were able to configure the custodian role to point to their address, allowing them to transact at will.

The Significance of DeFi Security

With the rise of DeFi, the industry has witnessed several security breaches and exploits. It is crucial to acknowledge these incidents to understand the importance of robust security measures. Since 2011, over 140 attacks with security vulnerabilities and more than 80 cases of exploiting DeFi protocols have been reported. The financial losses incurred by users in these incidents have been in the Billions.

Built with safety in mind, Umee’s strong security measures guarantee that users' funds are safeguarded.

Types of Security Risks in DeFi

Understanding the various security risks that exist in the DeFi landscape is crucial for implementing effective protective measures. Some common types of security risks include:

Code Vulnerability:

Neglecting security auditing or insufficient validation of smart contracts can lead to overlooked vulnerabilities, potentially resulting in irreparable consequences.

Access Control:

Inefficient or absent access control implementation can allow attackers to gain privileged access to smart contracts, enabling unauthorized operations.

Compromised Private Keys:

Weak generation of private keys can pose risks of theft or leakage, compromising the security of user funds.

Attacks Using Instant Credits:

Instant loans can be taken advantage of by attackers to borrow governance tokens and manipulate the protocol to their advantage, potentially causing significant disruptions.

MEV Attacks:

Attackers may compromise transactions using miner's extractable value (MEV) to include their own transaction in the ledger before or after the original one, leading to manipulated sequence of transaction to make profit.

Liquidity Pool Exploitation:

Incorrect valuation of tokens within liquidity pools can be exploited by attackers, leveraging instant credits and smart contract vulnerabilities for their own gains.

How Does Umee Keep Itself Safe?

Umee prioritizes security and employs best practices to ensure the safety of its platform and users. Over 20+ borrow and lending parameters implemented by Umee cater to specific risk profiles of each token. Other security measures include:

IBC Rate Limiting

Umee implemented IBC rate limiting as a failsafe mechanism in face of DeFi risks. IBC rate limiting safe guards users’ fund by putting a cap on the maximum outflow from the Umee blockchain over a certain period time, which effectively limits the max profit any exploits or hacks can make on Umee.

Partnerships

Umee has partnered with leading security firms like Forta and Halborn, ensuring comprehensive security coverage and continuous monitoring.

Code Auditing

Umee conducts extensive code audits, collaborating with renowned auditors such as Peckshield, Trail of Bits, Halborn, Least Authority, and Runtime Verification. These audits thoroughly examine every line of code to identify and address potential vulnerabilities. Here’s a list of each below:

Auditor: Peckshield

Date: January 15, 2022

Auditor: Trail of Bits

Date: March 5, 2022

Auditor: Halborn

Date: March 17, 2022

Date: June 3, 2022

Date: August 31, 2022

Date: June 6, 2022

Date: June 9, 2022

For more updates on Umee, stay connected with our official channels.

Share: