Managing Third-Party and Infrastructure Risks in Stablecoins and DeFi

Supply chain risks have always existed in IT. Applications use third-party libraries to implement key functionality and have environments defined by operating systems, other software, and third-party integrations. All of these introduce potential risk to the system, since a compromised vendor could provide a vector for an attacker to target the system.

Third-party and technology risks are exacerbated for stablecoins and DeFi, which relies on complex infrastructure with fragile connections. Understanding the risks of various technologies and their interactions is essential to implement secure stablecoins and other DeFi projects.

DeFi security is dependent on a complex assortment of on-chain and off-chain systems. When considering the security risks of stablecoins and DeFi, some important components to consider include:

Stablecoins and other DeFi projects are implemented as smart contracts, which run on top of the immutable digital ledger. Vulnerabilities or business logic errors in these contracts threaten the security of the project, especially since blockchain immutability makes attacks irreversible and decreases the likelihood that stolen funds will be recovered.

Many stablecoin and DeFi projects have multi-chain support, making them dependent on cross-chain bridges to transfer funds and maintain adequate liquidity on the various platforms that they support. These bridges are also the targets of some of the most expensive DeFi hacks in history, which took advantage of their complexity and the large amount of value transferred through them.

Price oracles provide insight into current market prices for various cryptocurrencies. Custom implementations or oracle designs can be vulnerable to price manipulation via flashloans or access control vulnerabilities.

Stablecoin and DeFi smart contracts run on top of the blockchain, which is implemented in software as a decentralized network. Vulnerabilities within the blockchain software — or incorrect assumptions about how it works — can undermine the security of smart contracts hosted on these platforms.

Most DeFi users interact with the blockchain via traditional Web2 frontends, websites that offer a familiar user experience while crafting transactions for the user to approve and digitally sign before submitting them to the blockchain. Vulnerable or malicious frontends can impact DeFi security in various ways, such as attackers exploiting a cross-site scripting (XSS) vulnerability to inject malicious code into a legitimate site and use it to harvest private keys.

These Web2 frontends need to interact with Web3 smart contracts, which they do by crafting transactions that are submitted on-chain and update the official state of the distributed ledger. Mismatches or vulnerabilities in these interfaces between Web2 and Web3 systems may offer opportunities that an attacker can exploit, such as sending transactions directly to smart contracts to use hidden features or leave the frontend in an invalid state.

Blockchain private keys are used to generate digital signatures for transactions. These digital signatures act as the root of trust within a decentralized blockchain environment, and attackers with access to a private key have full control over the digital assets that it holds and the ability to exercise any special privileges granted to it by stablecoin and other DeFi smart contracts.

While all of these risks apply to the DeFi space, stablecoins also face unique architectural and technology risks. These tokens are growing in popularity among traditional financial institutions due to their ability to act as a stable store of value — relative to a fiat asset — and rapidly perform settlements both domestically and internationally.

However, these use cases require stablecoins to be connected to traditional financial infrastructure, including the systems of the banks using them and the software used to track, approve, and receive deposits. These introduce additional interfaces and potential security risks, since an attacker who identifies a vulnerability in an interface or compromises a bank’s systems may be able to steal stablecoins or abuse privileged access to the stablecoin’s smart contracts.

The S&P Global Stablecoin Stability Assessment framework identifies infrastructure and third-party risks as one of the factors that can degrade the quality of a stablecoin. Key elements of a stablecoin infrastructure and third-party risk management program include:

Stablecoins may have various single points of failure, such as smart contracts, cross-chain bridges, interfaces between on-chain and off-chain systems, and more. When possible, stablecoin issuers should implement redundancy to manage the risk of an outage or develop strategies to manage the potential risk to the protocol.

In addition to protecting infrastructure against faults, stablecoin issuers also need to consider potential attacks against their infrastructure. Weak smart contract access controls, compromised backend systems, and an exploit targeting a Web2/Web3 interface can all pose a substantial threat to stablecoin security.

Price oracles provide smart contracts with insight into the value of various cryptocurrencies, which is especially important for non-stablecoins, whose values are defined by the market. Oracles providing misleading price information can enable an attacker to drain value from a protocol by exploiting the difference between the oracle’s reported prices and the reality.

Private keys are the foundation of blockchain security since a compromised key can be used to generate valid, malicious transactions on behalf of a legitimate account. Multi-sig or MPC wallets and cold storage help to mitigate the risk of an attacker abusing account privileges or stealing stablecoins or other tokens.

Infrastructure and third-party vulnerabilities largely aren’t the types of errors to be identified and managed as part of a smart contract security audit. Instead, they involve critical design decisions or off-chain infrastructure that falls outside of the scope of these audits.

Halborn offers advisory services designed to take a holistic approach to security, helping with everything from defining initial system requirements through on-chain deployment. By offering guidance on system design, vendor selection, and security best practices, Halborn helps organizations to model threats, assess risks, and develop appropriate controls and countermeasures. To learn more about securing your stablecoin or other DeFi project with Halborn, get in touch.