Everyone is looking forward to the last day of October. What we are looking forward to is whether PlanB's prophecy will be fulfilled again. Dabing is now 62k, which is less than 1,000 away from the predicted 63k. As I said, there is actually a trick to this prediction. The trick is, is it the closing price, the highest point, or the lowest point? A reader left a message saying it was the closing price, but I didn't see him admitting it. An example is that when the big pie broke through 63k on October 20, he retweeted his prediction. When he retweeted, he wrote 63k and put a check mark on it, indicating that he believed the prophecy had been fulfilled.
I saw DeFi losing coins again, and I saw DeFi running away. The full name of DeFi is decentralized finance, which claims to operate autonomously on the chain. Decentralized finance is decentralized, which sounds like a bunch of bullshit. But such an analytical proposition is often a blindfold.
Is the hen female? Is the blue sky blue? Is the green hill green? Is the old man old? Is beauty beautiful? Is decentralized finance decentralized?
The blue sky is blue. This is an analytical proposition. Unlike synthetical propositions, analytical propositions do not need to rely on the understanding of other concepts, and only need to analyze the meaning of the subject to get the predicate. The predicate of an analytic proposition adds no meaning to the subject and provides no new knowledge.
We would feel a little awkward if we said that not all blue skies are blue. But if we say that not all DeFi (decentralized finance) is decentralized, it is not only not inconsistent, but also correct.
In fact, a lot of DeFi is realized through smart contracts on the blockchain. Take Ethereum, the largest smart contract running platform, as an example. After the smart contract is developed and deployed on the blockchain, its code cannot be rewritten, but its state can be controlled by external accounts.
For example, we can set one or a group of administrator addresses for the contract, and these administrators can have various preset abilities to manipulate the contract. For example, the well-known USDT stable currency is an ERC-20 contract on the Ethereum blockchain. Then this contract has a management account, which can freeze any USDT payment.
For most contract developers, it is a very common practice in the industry to retain the ultimate control of the contract and reserve some backdoor functions such as emergency suspension and emergency asset transfer.
Of course, the reasons are usually high-sounding and understandable: the contract code is immature, and in order to prevent the assets from being locked when a bug occurs, it is necessary to reserve an emergency transfer function. Or for safety reasons, in order to prevent the loss of user assets when abnormal problems occur, we have retained the emergency brake function.
These "functions" are actually "backdoors" left for controllers—often developers or project parties.
Backdoors are a double-edged sword. Developers can use it to deal with some unknown problems urgently. Hackers can use it to steal assets. The project party can pretend to be hacked, guard and steal, and run away after transferring assets.
There are more advanced techniques. We can use the proxy invocation mechanism to implement so-called upgradable contracts. When we authorize a DApp, we grant the control of the wallet assets to the proxy contract. The logic actually executed by the proxy contract is another contract behind it. But this logical contract can be replaced.
In this way, everything works fine with the initial version of the software. We securely authorize the contract in the wallet. This authorization is usually an unlimited authorization.
Then the project party upgraded the logic contract and quietly transferred all the assets in your wallet. Or, the hacker stole the authority of the project party, upgraded the contract, and stole all the assets in your wallet. Or, the project party pretends to be a hacker, pretending that the hacker has stolen the authority and stole all the assets in your wallet.
Almost all DeFi applications, such as swap, such as the second-tier bridge, require you to perform authorization operations.
Every authorization opens the door to risk.
Are DeFi projects audited by so-called security audit companies safe? Not really.
Auditing companies only ensure that the contract does not have some low-level technical loopholes. However, the audit company will not raise objections to whether the contract has reserved super authority for centralized control and management.
To put it in a technical stalk, centralized control is a feature (characteristic), not a bug (problem).
If you look at the current DeFi projects on the market from a strictly decentralized perspective, nine out of ten are not truly completely decentralized, and most of them retain certain characteristics of centralized control.
Truly complete decentralization means that if there is an unexpected loophole in the code, the project party may not be able to do anything, because he cannot suspend the operation of the contract, or transfer and protect assets urgently, or upgrade the contract to fix the problem.
Incomplete decentralization means theft by hackers, internal and external cooperation, self-stealing, project parties running away, and the full spread of centralization risks.
DeFi, which retains the centralization characteristics, is nothing more than a semantic deception.
Decentralized finance that cannot be truly completely decentralized requires regulatory agencies to supervise centralization risks. This is the underlying logic behind the US SEC’s proposal to strengthen supervision of DeFi.
(Public account: Liu Jiaolian. Knowledge Planet: Reply to "Planet" from the public account)
(Disclaimer: The content of this article does not constitute any investment advice. Cryptocurrency is a very high-risk product, and there is a risk of zeroing at any time. Please participate carefully and be responsible for yourself.)