Showing results for 
Show  only  | Search instead for 
Did you mean: 

Understanding Cybersecurity Management in Decentralized Finance Series.

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Understanding Cybersecurity Management in Decentralized Finance Series.

Understanding Cybersecurity Management in Decentralized Finance Series.

Newcomer II

Understanding Cybersecurity Management in Decentralized Finance: Role of Smart Contracts and Decentralized Finance in Modern Financial System (Article 1)


Author: Gurdip Kaur, PhD, CySA, CISSP



Finance is an inseparable part of modern civilization. Although there are some inefficiencies in the modern financial system, it is far better than that of the past. Modern financial system has not only adopted a paperless workflow, but it has also drifted towards a decentralized ecosystem where the entire control is not held with a central authority who used to take all the imperative decisions.


Understanding Cybersecurity Management in Decentralized Finance is a series of articles that aims to explore a range of cybersecurity issues in decentralized finance. The articles in this series are based on the extensive research work behind our book titled Understanding Cybersecurity Management in Decentralized Finance’, published by Springer in January 2023. This series provides insight into the cybersecurity implications which stem from the modern financial system.


Centralized vs Decentralized Finance System


A centralized financial system (CeFi) is a financial structure in which the exchanges govern the entire system. All the financial transactions are routed through the exchanges. A centralized decision-making committee makes all the decisions, alternatively referred to as head office. There are no other competing markets. Since the inception of the banking system, the global financial system has become a centralized entity. For example, the New York Stock Exchange is a centralized financial system where stockholders purchase and sell stocks.


On the contrary, decentralized finance (DeFi), also called crypto-based finance, is an ecosystem that supports no use of intermediaries in a transaction. It comprises two or more users who want to execute a financial transaction. DeFi is an emerging financial technology based on secure distributed ledgers used by cryptocurrencies. It is a decentralized system that supports non-centralized control over financial transactions and eliminates intermediaries by allowing people, merchants, and businesses to conduct financial transactions using emerging technologies. This is achieved through peer-to-peer financial networks that use security protocols, hardware, software, and connectivity. 


Use of Blockchain Technology in DeFi


DeFi uses blockchain technology (also used by cryptocurrencies) to handle financial transactions through decentralized applications called dApps. Blockchain plays a pivotal role in realizing decentralized finance and smart contracts. Blockchain is a technology that uses blocks to store and verify users' information. Once the recorded information is verified, the block is closed and encrypted, and another block is created that stores the information related to previously closed and encrypted blocks. This chain of blocks is called the blockchain. All information stored in a blockchain is secure as blocks are encrypted. This is the reason why blockchain is used as a technology to handle secure financial transactions.





Figure 1: High-level overview of blockchain technology


A user requests a transaction that is broadcast to a peer-to-peer (P2P) network consisting of computers. These computers are also known as nodes. A block of the requested transaction is created. In the validation step, the network of nodes validates the transaction and the user’s status using known algorithms. It is imperative to mention that the verified transaction can involve cryptocurrency, smart contracts, records, or other information. Once the transaction is confirmed, the current block is added to the previously encrypted block to create a new data block for the ledger. The newly created block is now permanent and unalterable. That means it cannot be reversed to obtain the information stored. This makes blockchain technology secure. Finally, the transaction is marked complete.


Based on the fundamental understanding of blockchain, DeFi can be formally defined as a blockchain-based financial infrastructure that is open, permissionless, and a highly interoperable protocol stack built on top of the smart contract platforms, such as Ethereum blockchain.


Smart Contracts


Smart contracts are a modern version of the traditional paper-based legal agreements. It is an evolving concept which is reshaping the way legal contracts used to bind the involved parties to do business. Smart contracts are computer programmed by a software developer who codifies the terms and conditions of the paper-based legal agreement. Thus, smart contracts are used to automate the execution of legal agreements so that all parties immediately come to know the outcome. There is no involvement of an intermediate party in execution of the contract. 


Smart contracts are a critical component of several applications and platforms built using blockchain or distributed ledger technology. It is a self-executing contract that contains the terms of an agreement between buyer and seller. It represents lines of code written in a programming language to execute across a decentralized and distributed blockchain network. The smart contract helps control the transactions and ensures that one can track them. Smart contracts communicate the semantics of the transaction to the parties involved. They hide the details of the protocol used for communication but control the knowledge and execution of contractual terms. Smart contracts also use encryption to hide the documents in an envelope and place digital signatures on it to ensure the document's integrity.


Smart contracts are a term used to describe a computer code that automatically executes all or part of an agreement and is stored on a blockchain-based platform. For example, a smart contract executes specific provisions to complete the transaction to transfer a fund from party A to party B. To add to the fundamental functionality of smart contracts, any party who disobeys the rules of engagement is automatically punished. To continue the previous example, if party A does not follow the contract terms, a specifically mentioned amount of penalty in terms of the number of bitcoins is automatically deducted from its account.


To instantiate, consider two parties, a buyer and a property seller, as shown in Figure 2. The seller wants to sell the property, and the buyer wants to purchase it. Both buyer and seller leverage smart contracts to write the mutually agreed terms and conditions and perform the transaction if those terms are met. Conditions of the smart contracts are stored in the form of a blockchain, where each condition is stored in a new block, and it is appended to the existing blockchain.




Figure 2: Functionality of smart contracts in real estate


Once the conditions of the contract are laid down in the blockchain, the contract is enforced and automatically executed. If all the terms/conditions are met on execution of the contract, the property is sold and the prespecified number of bitcoins is transferred from buyer’s digital wallet to seller’s digital wallet. If the terms/conditions do not meet, the contract is canceled. It is pertinent to mention that there is no need for a real estate agent or intermediary to execute the smart contract in this example. Furthermore, the role of a legal counsel or other advisory services also becomes less crucial. This potentially reduces the miscellaneous costs associated with sale and purchase of the property.


Assume the initial state of a banking transaction involving a balance sheet with data stored in five blocks. For exemplary purposes, all data in this example is dummy. The transaction in this example is to transfer $X from A’s account to B’s account. To begin with, the state transition function reduces $X from A’s account and credits it into B’s account. If A’s account has less than $X at the beginning of the transaction, then the state transition function raises an error. If everything is alright, then new blocks are created, the digital signature of the sender is attached and the transaction becomes successful, resulting in a new state. 






Figure 3: State transition function


Mathematically, the state transition function for this example can be defined as:


               APPLY(S,TX) —> S’ or ERROR


It simply means, on applying a state transition function to a transaction TX, the initial state S changes to S’ if the transaction is successful or an error is generated.


The state transition function for transaction TX can be defined as:


               APPLY({A:$100,B:$200},"transfer $50 from A to B")={A:$50,B:$250}


This means if A’s account balance in the initial state is $100 and B’s balance is $200, then A’s balance is more than $50 (transfer amount) and the transaction becomes successful, resulting in new account balances for both A and B.


However, if A’s initial balance is less than $50, then an error message is generated as defined below:


               APPLY({A:$40,B:$50},"transfer $50 from A to B")=ERROR


If the signature in the transaction does not match with the sender's provided signature, the state transition function raises an error in this case as well.


What’s next


This article introduces the role of smart contracts and decentralized finance in modern financial system. It provides an overview of an exemplary scenario to demonstrate the use of smart contracts and blockchain in financial system. The next article in this series will shed light on several important DeFi platforms and investigate the security and safety issues of those platforms.