David Vorick of Siacoin (SC) on the Centralized Frontend For Defi
David Vorick Expressed: Using a centralized frontend for defi is like going to a nightclub with no fire escape. It’s fine until it’s not, and then it’s really not fine. A better standard already exists: Homescreen – demand it the way you would demand seatbelts in a car.
Losses due to a frontend attack estimated to be more than $100 million. The frontend is security surface area just as much as the smart contract itself. The only safe frontend is Homescreen.
Community Reaction: How can I protect myself against these types of attacks? Have a wallet only for the transaction you want to do and a wallet for cold storage.
Some Scammy situations are like: I saw something that it was a front-end attack and users unknowingly approved a fake contract then the contract rugged after a few days.
Well surely that’s an interesting one. Seems the new exploit will start to be more and more front-end attacks as we’ve started to see. Seems more prevalent now, no?
Yeah. First, I have heard of something like this. I would imagine there was so social engineering or phishing involved to get front end access.
Right. Makes me wonder if we are finally getting to the point where the contracts are getting good enough that it’s becoming hard enough to attack that you would go this route instead.
Interesting perspective, but I think it’s still early to say that contracts are good enough. It’s hard to say 100% secure as there are always new ways to exploit when the tech evolves.
And of course, I fully expect contracts to be exploited from now until oblivion. I just wonder as the tech does evolve if we start to see more of this approach. Kind of signifying to me at least that the contracts are getting at least better.
Glad I didn’t put all my eggs in one basket – still pisses me off. Hopefully moves will be made to rectify as much as possible.
What exactly was the attack? How did they pull out the attack? Did the attack injected malicious code into the Badger frontend?
I saw something that it was a front-end attack and users unknowingly approved a fake contract – then the contract rugged after a few days.
I’ve heard of something like this for the first time. I would imagine there was so social engineering or phishing involved to get front end access.
The first such approval occurred on Nov 11 through20 – Year 2021.
Post Views:
23
