Is DeFi really decentralized?

On the last day of October, everyone is looking forward to it. What we look forward to is whether PlanB’s divine prophecy will be fulfilled again. The pie is now 62k, which is less than a thousand away from the prediction of 63k. I once said that this prediction is actually a trick. The trick is to calculate the closing price, the highest point or the lowest point? Some readers commented that it was the closing price, but I did not see him admit this. One example is that when the pie crossed 63k on October 20, he retweeted his prediction. When retweeting, 63k was written and a tick was also placed, indicating that he believed that the prophecy had been fulfilled.
I saw DeFi dropping coins, and DeFi running away. DeFi stands for decentralized finance, which is known as autonomous operation on the chain. Decentralized finance is decentralized, which sounds like nonsense. But such analytical propositions are often also a blinding trick.
Is the hen female? Is the blue sky blue? Is the green hill green? Is the old man old? Are beauties beautiful? Is decentralized finance decentralized?
The blue sky is blue. This is an analytical proposition. Unlike the sythetical propostition, the analytical proposition does not need to rely on the understanding of other concepts. It only needs to analyze the meaning of the subject to get the object. The object of the analysis proposition does not increase the meaning of the subject, and does not provide new knowledge.
If we say that not all blue skies are blue, we would feel a little awkward. But if we say that not all DeFi (decentralized finance) is decentralized, it is not only not against the peace, but also correct.
In fact, a lot of DeFi is implemented through smart contracts on the blockchain. Maximum operating platform for smart contract Ethernet Square , for example. After the smart contract is developed and deployed on the blockchain, its code cannot be rewritten, but its state can be controlled by an external account.
For example, we can set one or a group of administrator addresses for the contract, and these administrators can have various preset capabilities to manipulate the contract. For example, the USDT stable currency we are familiar with is an ERC-20 contract on the Ethereum blockchain. Then this contract has a management account that can freeze any amount of USDT funds.
For most contract developers, it is a very common practice in the industry to retain ultimate control over the contract and reserve some backdoor functions such as emergency suspension and emergency transfer of assets.
Of course, the reason is usually high-sounding and understandable: the contract code is immature. In order to prevent the asset from being locked when a bug occurs, the emergency transfer function needs to be reserved. Or for safety reasons, in order to prevent the loss of user assets when abnormal problems occur, we retain the emergency brake function.
These “functions” are actually the “backdoors” left to the controller-often developers or project parties.
The back door is a double-edged sword. Developers can use it to deal with some unknown problems urgently. Hackers can use it to steal assets. The project party can pretend to be hacked, guard and steal, and run away after transferring assets.
There are more advanced technologies. We can use the proxy call mechanism to implement the so-called upgradeable contract. After we authorize a DApp, we grant control of the wallet assets to the agency contract. The actual execution logic of the proxy contract is another contract behind it. But this logical contract can be replaced.
In this way, everything is normal for the initial version of the software. We authorized the contract with confidence in the wallet. This type of authorization is usually an unlimited authorization.
Then the project party upgraded the logical contract and quietly transferred all the assets in your wallet. Or, the hacker has stolen the project authority, upgraded the contract, and stole all the assets in your wallet. Or, the project team disguised as a hacker, pretending to be stolen by the hacker, and stole all the assets in your wallet.
Almost all DeFi applications, such as swap, such as the second-tier bridge, require you to perform authorization operations.
Every authorization opens the door to risk.
Are DeFi projects audited by a so-called security audit company safe? Not really.
The audit company only ensures that there are no low-level technical loopholes in the contract. However, the audit company will not raise objections to whether the contract has reserved super authority for centralized control and management.
In a technical way, centralized control is a feature (feature), not a bug (problem).
If you look at the DeFi projects currently on the market with a strict decentralization perspective, nine out of ten DeFi projects are not truly completely decentralized, and most of them retain a certain degree of centralized control.
Really complete decentralization means that if there are unexpected loopholes in the code, the project party may have nothing to do because he cannot suspend the operation of the contract, or urgently transfer and protect assets, or upgrade the contract to fix the problem.
Incomplete decentralization means the theft of hackers, internal and external cooperation, self-stealing by guards, running away from the project team, and the full spread of centralization risks.
DeFi that retains its centralized characteristics is nothing more than a semantic deception.
Failure to achieve truly and completely decentralized decentralized finance requires supervision of centralization risks by regulatory agencies. This is the underlying logic of the US SEC’s proposal to strengthen the supervision of DeFi.

Posted by:CoinYuppie,Reprinted with attribution to:
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Leave a Reply