Hacker News new | ask | show | jobs
by joyfylbanana 1174 days ago
The so-called DeFi is full of centralized choke points, such as stablecoins and other centrally issued securities
1 comments
therein 1174 days ago
Not to mention the use of `ProxyContracts` that obfuscate changes to the actual contract implementation.

When you interact with a certain contract, you are likely interacting with the ProxyContract which relays your calls to the actual contract. The proxycontract is often under lock or has multiple signatories to amending but the "origin" contract doesn't.

So many DeFi projects get "audited by Certik" actually just get their proxy contracts audited and there is nothing in there but a single line per function, calling the origin contract.

link
arbol 1173 days ago
Proxy contracts are necessary to perform upgrades to functionality over time. However auditing the proxy only is shady
link
cryptoboy2283 1173 days ago
Care to share an example?
link
therein 1169 days ago
MMF was one of many. I reckon the recent SafeMoon incident was also under a similar cover of "audited but not audited".

https://twitter.com/CertiKAlert/status/1640974656696991745?c...

`This upgrade was not within the scope of our audit.`

link