A senior security researcher at a16z Crypto, Daejun Park, has called for a shift in DeFi protocols from 'code as law' to 'specification as law,' advocating for a more principled security approach. According to ChainCatcher, Park suggests implementing standardized specifications and invariant checks to hard-code security measures, automatically reversing transactions that violate predefined rules. He notes that nearly all known vulnerabilities would trigger these checks, potentially preventing hacker attacks during execution.
A report from Slowmist highlights that hackers stole over $649 million last year through code vulnerabilities. Even established protocols like Balancer, which has been operational since 2021, suffered a $128 million loss due to code vulnerabilities in November last year. Developers are increasingly concerned about hackers using AI to find vulnerabilities.
The head of security at Immunefi points out that invariant checks could increase gas costs, potentially driving away users, and are not a cure-all solution. The co-founder of Asymmetric Research mentions that many vulnerabilities are challenging to write invariant rules for that can detect attacks without false positives.