Distilled News

Flash Loans are here to stay.

Much confusion and disinformation has continued to flow since the BzX “hacks” last month, so maurelian’s tweet from Feb 19 is worth repeating here:

TLDR re: security implications of flash loans: There are no NEW vulnerability classes known to the world this week. But security assumptions based on an attacker not having access to large quantities of a token are much weaker with flash loans in the mix.

If you’d like to learn more about the use cases and security considerations of flash loans, our favorite recent sources are:

“After the bZx hacks, being hit by a flash attack will be as embarrassing as getting hit by re-entrancy after the DAO hack: you will get no sympathy. You should have known better.”

- Haseeb Qureshi

Questions DeFi users should be asking DeFi Developers — ConsenSys Diligence

We wanted to step back a bit from the focus on flash loans and oracles, and look more holistically at security challenges in DeFi. Of course we’re more than happy to help developers, but in order for them to place a true priority on security, users need to start asking tough questions, and putting their money into the protocols that can answer them thoughtfully.

We put this list of questions together to help users ask better questions, and make better decisions about their risk tolerance. The question are broken down into these categories

Admin permissions

External Dependencies

Responsible disclosure and bounty programs

Incident response planning

Audits and Secure development

ProgPoW discussions are heating up again, and with that the possibility of another ETC-style fork. Cyrus and many others are discussing the effects of such a fork on DeFi.

We are seeing a rise in creative attacks on Proof of Stake systems. Justin Sun, CEO of TRON, recently bought the decentralized exchange Steemit.com, and Steem users voted to block him from accessing some money held on the network. It seems that with the help of Binance, Tron is trying to take over Steem. Although Justin Sun describes this as defeating the hackers.