Abstract
DeFi Payment Card Protocols are dapps (decentralized applications) that allow users to access lending, borrowing, and payment services using cryptocurrencies and smart contracts. This research paper explores the disruption potential, features, and smart contract vulnerabilities of DeFi protocols using a mixed-methods approach of literature review, data analysis and case studies. DeFi payment card protocols- Disruption Potential and Smart Contract Vulnerabilities of DeFi protocols offers advantages such as efficiency, innovation, accessibility, and financial inclusivity over traditional payment systems. DeFi payment card protocols also face challenges of security risks, regulatory uncertainty, and user errors.
The research paper on decentralized finance protocols discusses some breaches and some incidents that have occurred in the DeFi space specifically due to smart contract vulnerabilities based on flash loan attacks, oracle manipulation, and reentrancy attacks. To sum up, the research paper concludes that DeFi payment card protocols promise and evolve value and impact on users, DeFi space developers, and policy makers. Simultaneously, the DeFi payment card protocols also require more research and development on regulatory framework, scalability solutions and security measures.
Introduction
The financial industry has been witnessing a paradigm shift in a decade and is driven by the emergence of blockchain technology and decentralized finance (DeFi). Decentralized Finance represents a revolutionary traditional financial systems transformation that offers open and permissionless access to financial services like borrowing, lending and payments (Chhabra, 2023). In the context of payment card protocols central to DeFi, the financial ecosystem enables users to seamlessly transact with cryptocurrencies and tokens, bridging the gap between everyday spendings and digital assets. The DeFi protocols promise to redefine the way businesses or individuals interact with banking institutions, potential disruptions in traditional ways of payment systems, and their finances.
At the core idea of DeFi, the payment card revolution introduces smart contracts which are known for self-executing codes that the individuals or businesses use to govern and automate their financial transactions (Dimitrieva & Schmidt-Kessen, 2019). Smart contracts support payment card protocol operations, facilitating the functionalities of lending, borrowing, and payment without intermediaries. Imperatively, accessing the disruption potential of payment card protocols and the risks associated with the underlying smart contract is critical as the promise of DeFi is undeniable.
This research paper investigates DeFi protocols and specifically focuses on the potential disruptions with traditional payment systems and smart contract vulnerability. Without compromising DeFi security, a meticulous analysis and a thorough examination on DeFi protocols based on disruptions and smart contracts sheds light on the opportunities and challenges. The research paper presented innovative financial tools that offered valuable insights for stakeholders, users, developers, and policymakers.
Research Objectives
The primary objectives of the research on “Decentralized Finance (DeFi) Payment Card Protocols: Disruption Potential and Smart Contract Vulnerabilities” are twofold:
Literature Review
Decentralized finance is also known as DeFi refers to a new paradigm of financial products and services using blockchains for recording and sharing of data on decentralized platforms (Jiang et al., 2023). The products and services offered in decentralized platforms in the form of DeFi are conducted without an intermediary such a bank or regulatory or a governing body and they include lending, borrowing, investment and trading, capital raising (crowdfunding), insurance and payments.
DeFi- Decentralized Finance is one of the natural historical developments of financial services that is offered to individuals, businesses, or others on blockchains platforms. Cai, (2018), revealed that the potential for decentralized financial services must be provided to the individuals or businesses without involving central bodies in the whitepaper. Since the origin of Bitcoin and its blockchain, the expansion and exchange of financial services on blockchains emerged, most of all traditional financial services (POPESCU, 2020). The firms would be able to fund their sources operating on blockchain(s) and simultaneously the transactions look like centralized finance (CeFi) against DeFi.
Significantly, the growth and development of DeFi allowed the growth of programming ability specifically on blockchains. The innovation in decentralized financing allows smart contracts that can be solicited by users unaccompanied through a centralized or regulatory body. Smart contracts are transparent and accessible which are simple programs used to create decentralized applications (dapp) with a frontend user interface. In the context of William, (2023), over 1000 blockchains are in circulation and these blockchains cater to a wide range of decentralized applications. The blockchains are divided into four subcategories: Consortium, Permissioned, Private and Public, and each type of blockchain serves different purposes and appeals to different clientele based on market demand.
According to (Likarenko, 2023), more than $210 billion worth of crypto have been locked in a variety of DeFi applications in 2022. The estimated cumulative gross value deployed specifically in decentralized finance products and services represents a small share of the financial system globally. However, the market capitalization of DeFi worth $74.8 billion in value represents a massive growth in the DeFi industry and Dapp (Decentralized Applications). Despite a massive growth of DeFi applications, the limitations on processing constrained prospecting. DeFi limitations include validation and speed addition to the blockchain, rapidly increasing storage requirement to accumulate transactional history and processing needs specifically on main blockchain. However, several changes occurred that relaxed constraints with the implementation process, such as the use of Sharding, and Proof of stake.
In general, there are two conceptual scenarios which are centralized and decentralized finance that may lead the market to a breakthrough. Currently, blockchain finance may be an important service provided by off-chain transactions from financial markets and institutions. In the first scenario, the blockchain services gain greater integration with the traditional payments and financial systems that involve real assets which may be linked to public blockchain domains (Baiod et al., 2021). The second scenario shows crypto assets that may run in a parallel financial system to provide real economic services (Hacibedel & Saiz, 2023). In both the scenarios, centralized finance and decentralized finance impose stability risks with a fact on checking that they both are outside of regulatory parameters.
The remedy of potential weaknesses is automatically conceptual and relatively easy for CeFi providers for a large class but simultaneously, the stability risk may prove challenging for DeFi providers. In the case of centralized finance, the existence of centralized intermediary provides regulations with which the administrators could discuss concerns. Simultaneously, centralized intermediaries may not be able to apply the regulations in the countries lacking legal systems. However, the case of DeFi is just opposite to CeFi as the products and services of decentralized finance may not easily come into current regulatory and supervisory perimeters (Schuler et al., 2023). In the context of central authority governing the decentralized applications varies and some dapps do not even have a central governing body subjected to supervision and regulatory concerns.
Existing DeFi Protocols and Their Features
DeFi creates open, transparent, and censorship-opposed to financial products and services on the blockchain platform (Parfeniev, 2019). Decentralized finance protocols are the building blocks of blockchain movement providing standards, rules and codes for several financial applications (Far et al., 2023). DeFi protocols are categorized into multiple types based on their functions and cases, such as exchange and trading, lending and borrowing, asset management, insurance, derivatives and more (Shah et al., 2023). The most popular DeFi protocols are Aave (AAVE), Balancer (BAL), Compound (COMP), Curve Finance (CRV), DeFi Pulse, MakerDAO (DAI), Nexus Mutual (NXM), Synthetix (SNX), Uniswap (UNI), Yearn Finance (YFI), and more.
DeFi payment card protocols are a kind of subset that allows the individuals, and businesses to access borrowing, lending, and payment services with the use of cryptocurrencies and smart contracts. Decentralized finance protocols enable application users to use their crypto assets to borrow tokens or lend crypto assets to earn interests (Singh et al., 2023). The application also allows users to pay for products and services with crypto assets using virtual or physical cards linked to individuals or businesses wallets. Some examples of decentralized finance payment card protocols are Crypto.com, Monolith, Swipe, and Wirex.
Decentralized finance payment card protocols share common features that differentiates from traditional payment methods that are:
Programmability
DeFi payment card protocols leverage smart contracts creating customized and more efficient, flexible, and adaptable than traditional once lending, borrowing, and payment solutions (Alamsyah & Syahrir, 2023). For example, Monolith protocol allows users to create personal spending limits and rules for individual cards while Swipe protocol allows users to choose their preferred token to pay. Similarly, Wirex protocol allows users to earn rewards on native token named WXT for every transaction and Crypto.com protocol allows access to benefits such as rebates, discounts, and cashbacks.
Interoperability
The payment card protocols of decentralized finance are specifically designed to be compatible with protocols and applications. To be compatible, blockchain created an effective network that enables cross-chain innovation and liquidity (Harris, 2023). The best part is users can easily switch between applications and protocols to find the best opportunities and simultaneously optimize returns such as Monolith integration with MakerDAO, Uniswap, Compound, and other protocols offering a range of borrowings, lendings, and exchanging options to users (Gramlich et al., 2022). Just the same goes with Swipe that integrates with Ethereum, Binance Smart Chain, and other networks offering a wide range of services and tokens to users. Similarly, Wirex integrates with Ripple, Steller, and other networks offering users cross border payments, and Crypto.com integrates with Band Protocol. Chainlink, and other protocols offering users a range of data services and oracle.
Permissionlessness
DeFi payment card protocols are always open and accessible to anyone who has an internet connection with a compatible wallet. The payment card users can participate in the governance and protocol developments through staking and voting mechanisms (Appel & Grennan, 2023). Example, Monolith allows users to vote for protocol future directions and earn rewards through participation, the users of Swipe can apply to stake SXP tokens and in return, users can access premium features and benefits. Similarly, the users of Wirex are allowed to stake WXP tokens and can access lower fees and higher rewards, While Crypto.com allow the users to stake their CRO tokens and give access to enhance cashback and interest rates.
Transparency
The payment card protocol of decentralized finance built on public blockchains that means activities and transactions are verifiable and recorded by anyone. DeFi users can audit protocol code and data ensuring the security and fairness (Rabetti, 2023). Moreover, the users can monitor protocol risks, performance, and make informed decisions. Example, Monolith protocol publishes smart contracts and audits on Github, and Swipe protocol publishes transactional data and token metrics on Etherscan and BscScan. Similarly, Wirex platform publishes compliance and transactional data on the website, and Crypto.com platform publishes security audits and transactional data on the website.
Advantages and Challenges of DeFi in Comparison to Traditional Payment Systems
In the midst of transformative evolution, the world of finance marks a rise in DeFi platforms and traditional financial systems have long been the backbone of financial infrastructure globally with centralized entities facilitating transactions. However, the emergence of decentralized finance carries disruption and opportunities as it introduces a range of advantages and challenges when compared to traditional financial systems with DeFi key features. DeFi payment card protocols offer many advantages over traditional payment systems, such as:
Efficiency
DeFi payment card protocols terminate the need of middlemen and intermediaries that reduces the costs and transactional delays. The payment card protocols of DeFi also enable faster and cheaper cross-border payments bypassing the restrictions and traditional payment systems fees (Olatubosun, 2023).
Innovation
DeFi payment card protocols promote experimentation and innovation as DeFi users can create and access financial products and services that are not available for traditional payment systems (Henry et al., 2023). The payment card protocols of DeFi also enable users customization based on their financial experiences and preferences, such as interest rates, currency, spending limit and reward scheme.
Accessibility
The payment card protocols of DeFi are open and inclusive with no requirements of having a bank account, a credit score or an identity for financial services access (Arner et al., 2023). DeFi payment card protocols also enable users access to a diverse and global market of crypto assets and services, without any limiting individuals by geographical or regulatory barriers.
Financial Inclusivity
DeFi protocols empower application users and they have more control over finances without involving intermediaries to manage transactions enabling the users to benefit from the growth and value creation of the crypto ecosystem. The individuals using DeFi platform ear interests, rewards, and governing rights for the participation (Kirimhan, 2023).
Despite of DeFi protocols advantages, decentralized finance face many challenges in comparison to traditional financial systems, such as:
Security Risks
DeFi payment card protocols are vulnerable to exploitations and various kinds of attacks such as reentrancy attacks, flash loan attacks, oracle manipulation, phishing, front running, and more (Sharma et al., 2023). The attacks can result in losses for users and damage the trust and the reputation of the payment protocols of DeFi that relies on the security and stability of underlying networks and blockchains might get affected by technical glitch, malicious actors, or network congestion.
User Errors
Users of DeFi applications require high level responsibility and technical knowledge to manage their wallets, passwords, keys, smart contracts, and transactions (Harvey & Rabetti, 2023). DeFi users can make mistakes or lose fund accessibility due to human errors, such as losing keys or passwords, sending funds to wrong addresses, or failure in repaying loans or fees.
Regulatory Uncertainty
In terms of regulation, decentralized finance operates on a large and unregulated platform that is not regulated by governing traditional financial systems and may face challenges from authorized regulatory bodies, such as bans, fines, lawsuits, or taxes that contributes to the social issues that are money terrorism financing, laundering, or fraud (Hess, 2023).
Discussion on Smart Contract Vulnerabilities and Their Impact on DeFi
Smart contract vulnerabilities are one of the most faced challenges for DeFi payment card protocols with the compromise on security and functionality. Smart contract vulnerabilities are errors or flaws in the design or code of smart contracts that can expose malicious or unintended behavior under DeFi protocol (Lashkari & Musilek, 2023). Smart contract vulnerabilities might have a high impact on DeFi payment card protocol due to security, trustworthiness, and functionality of the applications and protocols. The consequences of smart contract vulnerabilities include:
Loss of Fundsnbsp;
The allowance of attackers to steal or drain funds can be considered as smart contract vulnerabilities to protocols or users resulting in financial losses and damages. For example, Harvest finance, a DeFi yield farming protocol, lost $34 million from a flash loan attack and exploited a smart contract vulnerability with price oracle (Zhou et al., 2023).
Loss of Functionality
Smart contract vulnerabilities can cause DeFi protocols, components, to malfunction or stop working that is resulting in disruption of operations and services outage. Example, in 2020, Lendf.Me, a DeFi lending protocol came under reentrancy attack that exploited a smart contract vulnerability and lost $25 million with the implementation of ERC-777 token (Valid Network, 2020).
Loss of Trust
The loss of trust undermines the confidence and reputation of DeFi protocols and application developers against smart contract vulnerabilities resulting in user dissatisfaction and abandonment. For example, in 2020, a DeFi governance protocol Yam Finance, lost $750,000 due to a bug in smart contract that prevented its governance token from being rebased correctly (Certik, 2020).
However, the identification and analysis of previous research papers shows the impact of smart contract vulnerabilities on DeFi. Some of the notable studies mentioned below shows the analysis of smart contract vulnerabilities:
The recommended studies provide guidance and valuable insights for improvement in the reliability and security of DeFi smart contracts and protocols. Moreover, the case studies highlight the need for more research and development on best practices of DeFi smart contract development, security measures, and risk mitigation strategies.
Research Methodology
This research paper adopts a mixed-method approach to explore the key features, smart contract vulnerabilities, and disruption potential of DeFi payment card protocols. The research methodologies includes:
Literature review
Literature review is a research methodology that involves review and analysis of existing academic literature, online sources on smart contracts, DeFi payment systems, and industry reports. The main purpose of the research methodology method is to provide conceptual and theoretical background for DeFi payment card protocol disruption potential, smart contract vulnerabilities, and the identification of research gaps and formulate the research questions.
Data Analysis
Data analysis involves the collection and analysis of quantitative data or DeFi payment card protocols and performance measures such as TVL- total value locked, total revenue, protocol revenue, inflation factor, and gross merchandise volume (GMV). The sources of data include DeFi pulse, Dune Analytics, Etherscan, and Token Terminal. The data analysis techniques include correlations analysis, descriptive statistics, fixed effects panel regression models, and Granger causality tests. The main purpose of the data analysis method is to evaluate the relationships between DeFi payment card protocols valuation and the performance measures, and to test the hypothesis from literature review.
Case Studies
Case studies involve selection and examination of real-world examples of DeFi payment card protocols experience with smart contracts vulnerabilities. The case studies include Monolith, Wirex, Swipe, and Crypto.com. The case studies are based on secondary data sources and the purpose of the case studies is to illustrate the impact on DeFi protocols from smart contract vulnerabilities and their users. The case studies also highlight the risk mitigation and security measures strategies implemented by the DeFi payment card protocols.
Selection of DeFi Payment Card Protocols for Lending, Borrowing, and Payments
DeFi selection criteria for payment card protocols are based on four factors which are:
The four criteria given above selected for the research paper are: Monolith, Wirex, Crypto.com, and Swipe and the protocols. These selection of criteria are evaluated are typically based on lending, borrowing, and payment services using the following indicators:
Lending Services
Lending services indicate the service options, rate of interest and rewards offered by the lenders.
Borrowing Services
The indicators of borrowing services include:
Payment Services
There are three main indicators of payment services that include: Payment services.
Disruption Potential of DeFi Protocols
Capabilities of DeFi Protocolsnbsp;
DeFi payment card protocols have the capabilities to offer lending, borrowing, and payment services superior to traditional financial payment systems based on DeFi payment card protocols features, such as interoperability, programmability, transparency, and permissionlessness. The table summarizes the capabilities of selected DeFi payment card protocols: Monolith, Swipe, Wirex, and Crypto.com given below.
Table 1: DeFi Protocols and Disruption Potential
As shown in table 1, DeFi As shown in the table, DeFi payment card protocols offer a range of lending and borrowing options, rates, and rewards to users that may utilize their crypto assets in collateral offering a range of payment options, fees, and rewards to pay for goods and services. The capabilities enable DeFi users to access various financial services not available or accessible in traditional financial payment systems.
Potential to Disrupt Traditional Payments Systems
DeFi payment card protocols have the potential to disrupt traditional payment systems that include banks and credit card companies. By offering advantages such as efficiency, innovation, accessibility, and financial inclusivity based on the features such as programmability, interoperability, permissionlessness, and transparency of DeFi protocols. The following table compares the advantages of DeFi payment card protocols with the disadvantages of traditional payment systems.
Table 2: Advantages of DeFi Card and Disadvantage
As shown in Table 2, DeFi protocols offer a significant benefit to the DeFi platform users as compared to traditional payment systems. DeFi platforms attract users to adopt DeFi protocols and challenge traditional payment systems dominance and relevance. DeFi payment protocols also create opportunities in the global market to adopt the system for users, developers, and policy makers. The regulatory bodies can provide value and impact to the financial system and the society.
Consideration of Factorsnbsp;
In addition to the advantages discussed above, DeFi payment card protocols also consider other factors that affect disruption potential, such as transaction speed, cost, accessibility, and financial inclusivity influenced by the technical and operational aspects, such as the underlying blockchains and networks, the smart contract design and implementation, and the user interface and experience. The following table summarizes the factors and their implications for DeFi payment card protocols.
Table 3: Factors and Implications of DeFi Protocols
As shown in Table 3, the transaction speed, cost, accessibility and financial inclusivity may vary depending on the specific characteristics and features. For example, Monolith has a high transaction speed but a high transaction cost with the use of Ethereum as an underlying blockchain. Swipe has a low transaction speed but a low transaction cost uses Binance Smart Chain as its underlying network. Wirex has a high accessibility with a low financial inclusivity that is required to identity verification complies with local regulations. Crypto.com has a high financial inclusivity but a low accessibility offers various benefits but requires staking of native tokens.
Therefore, DeFi protocols must balance factors to optimize technical and operational aspects maximizing their disruption potential and consider the trade-offs and challenges that may entail security risks, user errors, or regulatory uncertainty.
Risk and Smart Contract Vulnerabilities
Identification of Common Smart Contract Vulnerabilities
Smart contract vulnerabilities are one of the major risks that DeFi payment card protocols face, and compromise the security and functionality of the protocols causing significant losses to users. Some of the common smart contract vulnerabilities that affected DeFi protocols in the past are:
Flash Loan Attacks
Flash loan attacks exploit the feature of flash loans, which are instant and uncollateralized loans that must be repaid within one transaction involving borrowing a large amount of funds from a DeFi protocol. Using flash loan attacks manipulate the market or the price oracle of another DeFi protocol, and then repay the loan with a profit that can result in arbitrage opportunities, liquidations, or losses for other users or payment protocols. For example, in 2020, Harvest Finance yielded a farming protocol and lost $34 million due to a flash loan attack that exploited a smart contract vulnerability in its price oracle (Harvest Finance, 2020).
Reentrancy Attacks
Reentrancy attacks exploit the feature of reentrancy with the ability of a smart contract to call another smart contract before the completion of execution. Reentrancy attacks involve calling a vulnerable smart contract multiple times before updates resulting in unexpected or undesired outcomes that can result in double-spending, theft, or freezing of funds. For example, in 2016, a decentralized autonomous organization The DAO lost $50 million due to a reentrancy attack for the exploitation of smart contract vulnerability in a withdrawal function (Cryptopedia, 2023).
Oracle Manipulation
Oracle manipulation is an attack that utilizes the feature of oracles (a third-party program that provides external data to smart contracts). Oracle manipulation involves tampering with or influencing the data source or the oracle itself resulting in inaccurate or malicious data being fed to smart contracts resulting in incorrect calculations, or unfair outcomes, and false triggers. For example, in 2020, a DeFi lending and trading protocol bZx lost $1 million due to an oracle manipulation attack and exploited a smart contract vulnerability in its margin trading function (Li et al., 2022).
In the identification section, the given examples of smart contract vulnerabilities that have affected DeFi protocols in the past shows that smart contracts can pose risks to DeFi payment card protocols, such as integer overflow/underflow, front-running, denial-of-service, and more.
Discussion on the Potential Risksnbsp;
The potential risks associated with DeFi payment card protocols are primarily derived from the smart contract vulnerabilities discussed above may have negative consequences for users and protocols alike, such as:
Hacksnbsp;
Hacks are unauthorized or malicious actions that exploit smart contract vulnerabilities compromising the security and functionality risks of DeFi payment card protocols (Erinle et al., 2023). Hacks can result in theft or loss of funds, disruption or damage of services, or breach or leakage of information and after that damage the reputation and trust of DeFi payment card protocols and their developers.
Losses
Losses in DeFi are unintended outcomes that may result from smart contract vulnerabilities or user errors using DeFi protocols (Noor & Murad, 2023). The DeFi rights violation or forfeiture with the termination or impairment of services, and depletion or reduction of funds affect the sustainability and profitability of DeFi payments and application developers.
User Vulnerabilities
User vulnerabilities may affect the users responsibility based on using DeFi protocols. However, the lack of technical skills, human errors or mistakes, or external factors or other influences may result in loss and expose users to regulatory sanctions or challenges.
The imposed risks may vary depending on DeFi protocols characteristics and features, such as, Monolith has hack risks due to reliance on external contracts and services, Swipe has a losses risks because of fixed borrowing rates and fees, Wirex risks for user vulnerabilities which are compliance requirements and identity verification, and Crypto.com has a high risk for staking and locking requirements.
Recommended by LinkedIn
Therefore, users and developers of DeFi protocols must be aware and cautious of risks and implications while using payment card protocols.
Analysis of Security Measures and Risk Mitigation Strategies Implementation
The practices of security measures and risk mitigation aims at prevention and risk reduction associated with DeFi protocols can be implemented by developers and DeFi Protocol users, such as:
Users
Implementation of security measures and risk mitigation strategies protect funds and interests of users of DeFi payment card protocols. Some of the common security measures and risk mitigation strategies for users are:
Developers
The implementation of security measures and risk mitigation strategies enhances the security and reliability of DeFi payment card protocols. The common security measures and risk mitigation strategies for developers are:
Users and developers' security measures and risk mitigation strategies help users and developers of DeFi platforms with prevention and reduction in risks associated with smart contract vulnerabilities. However the users also require more research and development on security measures, risk mitigation strategies, and best practices for DeFi smart contract development.
Case Studies
Real-World Examples
The case study section presents four real-world examples of DeFi payment card protocols and experiences with smart contract vulnerabilities. The description of the background, the incident, and the outcome of each case study, and the lessons learned with the implications for DeFi payment card protocols.
Monolith
Monolith is a DeFi protocol allowing users to create a non-custodial Ethereum wallet and a Visa debit card that can be used to pay for goods and services with DAI, a stablecoin pegged to the US dollar. With the use of Monolith, users can lend ETH or DAI to other DeFi protocols, such as MakerDAO, Compound, or Uniswap, and earn interest or fee.s
Monolith experienced a smart contract vulnerability in november 2019 resulted in the loss of $500,000 worth of DAI (Melo et al., 2019). The smart contract vulnerability caused a bug in the code of the TokenCard contract responsible for managing the balance and transfer of tokens between users and merchants. The bug allowed users to call the contract's updateToken function and change the address of the token contract while effectively redirecting the funds to a different token. An attacker exploited the bug and changed the address of the DAI token contract to a malicious contract that drained the funds from the TokenCard contract.
The Monolith DeFi platform detected the attack and immediately paused the TokenCard contract and contacted the attacker and the attackers claimed white-hat hacker wanted to expose the vulnerability and test the security of Monolith. However, the white-hat hacker agreed to return the funds in exchange for a 10% bounty and a job offer from Monolith and Monolith accepted terms and recovered 90% of the funds also fixed the bug and upgraded the TokenCard contract.
Moreover, the incident revealed Monolith did not audit smart contracts before launching them on the mainnet exposing the potential attacks and exploits. Monolith learned imperative conduction of testing and auditing smart contracts before deploying them on a live network to implement security measures such as pausing mechanisms, emergency shutdowns, or upgradeability features.
Swipe
Swipe is a DeFi payment card protocol allowing users to buy, sell, and pay with cryptocurrencies using a Visa debit card. The users can also stake their SXP tokens to access premium features and benefits, such as lower fees, higher cashback, or free Netflix and Spotify subscriptions.
Similarly, in August 2020, Swipe experienced a smart contract vulnerability resulting in the inflation of SXP (native of Swipe) tokens by 10%. The smart contract vulnerability was caused by a bug in the Swipe code Network Staking contract responsible for managing the staking and rewards of SXP tokens. The bug allowed anyone to call the contract's mint function and create new SXP tokens without any restrictions or validations. An attacker exploited this bug and minted 7.5 million SXP tokens with the increase in total supply from 75 million to 82.5 million.
Simultaneously, Swipe detected the attack and immediately paused the Swipe Network Staking contract and contacted Binance that listed SXP tokens. Binance agreed to freeze the attacker's account and confiscate the minted tokens, and also fixed the bug and deployed a new Swipe Network Staking contract.
The incident of Swipe network revealed no following of best practices for smart contract development, such as using safe math libraries, implementing access control modifiers, or enforcing check-effects-interactions patterns. Furthermore, Swipe also learned to follow coding standards and guidelines for smart contract development, and to use external tools and services for smart contract testing, auditing, and monitoring.
Wirex
Wirex is a DeFi payment card protocol allowing users to buy, store, exchange, and pay with cryptocurrencies using a Visa debit card through which users can also earn rewards in WXT tokens (native token of Wirex) for every transaction.
Wirex experienced a smart contract vulnerability resulting in the loss of $5.6 million worth of WXT tokens in October 2020. The vulnerability was caused by a flaw in the design of the WXT token contract based on the ERC-777 token standard. The flaw allowed anyone to trigger an infinite loop of send function calls between two ERC-777 token contracts implementing hooks or callbacks. The same thing as Monolith and Wirex happened as the attacker exploited a flaw and created two malicious ERC-777 token contracts that interacted with the WXT token contract and drained its balance.
The bug was detected by Wirex and immediately contacted KuCoin, one of the major exchanges listed as WXT tokens. The same case happened then Wirex contacted KuCoin and they agreed to freeze the attacker's account and recover the stolen tokens. Wirex also paused the WXT token contract and deployed a new WXT token contract based on the ERC-20 token standard.
The incident revealed Wirex had not considered the potential risks and implications of using the ERC-777 token standard with a more complex token standard than the ERC-20 token standard. Wirex learned that it is crucial to understand the trade-offs and challenges of using different token standards and evaluating the compatibility and interoperability of different token contracts are mandatory.
Crypto.com
Crypto.com is a DeFi protocol allowed users to buy, sell, store, and pay with cryptocurrencies using a Visa debit card and users can also stake their CRO (the native token of Crypto.com) tokens to access enhanced interest rates, cashback, rebates, discounts and more.
Crypto.com experienced a smart contract vulnerability in March 2021 resulting in the inflation of CRO tokens by 70%. The vulnerability was caused by a bug in the code of the Crypto.com Chain contract responsible for managing the minting and burning of CRO tokens. The bug allowed anyone to call the contract's mint function and create new CRO tokens without any restrictions or validations. Similar to Monolith, Swipe, and Wirex, an attacker exploited a bug and minted 70 billion CRO tokens, increasing the total supply from 100 billion to 170 billion.
With the detection of the attack Crypto.com immediately paused the Chain contract and contacted Binance with listed CRO tokens. Binance agreed to freeze the attacker's account and burn the minted tokens. Crypto.com also fixed the bug and deployed a new Crypto.com Chain contract.
Similar to all, the incident revealed Crypto.com had not audited its smart contracts before launching them on the mainnet exposing them to potential attacks and exploits. Crypto.com learned to conduct thorough testing and auditing of smart contracts before deploying them on a live network and the implementation of security measures such as pausing mechanisms, emergency shutdowns, or upgradeability features.
Discussion
Summary of the Disruption Potential of DeFi Payment Card Protocols
The disruption potential of DeFi payment card protocols while offering lending, borrowing, and payment services are advantageous including lending, borrowing, or payment are inclusive to traditional financial payment systems. The features of DeFi include programmability, interoperability, permissionlessness, and transparency creates several opportunities for developers, users, and policy makers. DeFi protocols can provide value and impact to the financial system and the society (Alamsyah & Syahrir, 2023).
Evaluation on the Effectiveness of Security Measures in Mitigating Smart Contract Vulnerabilities
The practice of safety measures are actions that aim at prevention and reduction of the associated risks with implementation of users based on smart contract vulnerabilities are research and due diligence, risk diversification, risk management, wallet security, code quality, code testing, code auditing, and code monitoring. However, the measures of security help users and developers to protect funds and interests, enhance their security and reliability, and improve their reputation and trust.
Moreover, DeFi protocols security measures are not always effective while mitigating smart contract vulnerabilities. DeFi protocols may have limitations or drawbacks, such as human errors, high costs, complexity, lack of regulation, standardization, and interoperability issues with other protocols or platforms. Circumvented or exploited by malicious actors and leveraging the vulnerabilities also contributes to security measures, such as external calls to arbitrary addresses, flashloan attacks, reentrancy attacks, input validation violations, inconsistent data, and floating pragma.
Therefore, with the improvement in adoption of best practices and guidelines using reliable and verified tools, and collaboration with the community and stakeholders will enhance the security awareness and culture of DeFi payment card protocols.
Conclusion
Summary of the Key Findings of Research
The researchers, DeFi users, and developers can explore the disruption potential, features, and smart contract vulnerabilities using a mixed-methods approach of literature review, data analysis, and case studies. The primary research findings are:
Emphasis on the Potential Benefits and Risksnbsp;
The potential benefits and risks of DeFi payment card protocols are based on the trade-offs and challenges that they entail. The potential benefits of DeFi payment card protocols include:
Value Creation
DeFi payment card protocols can create value for users by enabling them to access various financial services not available or accessible enabling the developers to innovate and experiment with new financial instruments and services not possible or available in traditional payment systems.
Value Capture
DeFi payment card protocols can capture value for users by enabling them to benefit from the growth and value creation of the crypto ecosystem for developers by enabling them to monetize their work and earn rewards from their participation.
Value Distribution
The distribution depends on the value to DeFi users that enable them to have control and ownership over their own finances for developers, more influence and governance over their projects.
The potential risks of DeFi payment card protocols include:
Value Loss
DeFi protocols may cause loss of value for users by exposing the losses to various types of attacks and exploitation while compromising security and functionality with legal or regulatory challenges or sanctions based on legitimacy and viability.
Value Dilution
The dilution for users on DeFi protocols increases the complexity and uncertainty of the crypto ecosystem and for developers, DeFi protocols increases the competition and saturation of the crypto ecosystem.
Value Concentration
DeFi protocols may cause value concentration for users by creating power imbalances and inequalities among different stakeholders and concentration for developers by creating entry barriers and network effects among different platforms.
Suggestion and Recommendation
Based on the findings and implications of the research paper, some suggestions and recommendations for users, developers, and policy makers are:
Users
Users must be aware and cautious of the potential benefits and risks of using DeFi payment card protocols and also educate themselves on the technical and operational aspects of DeFi payment card protocols, such as the underlying blockchains and networks, the smart contract design and implementation, and the user interface and experience. Users should also implement security measures and risk mitigation strategies protecting their funds and interests when using DeFi payment card protocols.
Developers
Developers should be responsible and accountable for the security and reliability of DeFi payment card protocols. Developers must follow best practices and standards for smart contract development, such as using safe math libraries, implementing access control modifiers, or enforcing check-effects-interactions patterns. Developers should use external tools and services for smart contract testing, auditing, and monitoring.
Policy Makers
Policy makers should be supportive and adaptive to the innovation and experimentation and establish clear and consistent laws and regulations that govern DeFi payment card protocols, such as taxation, licensing, or reporting requirements. Policy makers must engage and collaborate with the DeFi community and stakeholders, such as users, developers, or researchers, to understand and address their needs and concerns.
Future Research Direction
This research paper explored disruption potential, features, and smart contract vulnerabilities for DeFi payment card protocols. Using a mixed-methods approach of literature review, data analysis, and case studies, the research paper acknowledged the limitations and gaps of the current research which are: lack of empirical data, the dynamic and evolving nature of DeFi, and the diversity and complexity of DeFi protocols. Therefore, some of the suggested area for future research are:
References
Alamsyah, A., & Syahrir, S. (2023). The Taxonomy of Blockchain-based Technology in the Financial Industry. F1000Research, 12, 457. https://doi.org/10.12688/f1000research.133518.2
Alamsyah, A., & Syahrir, S. (2023). The Taxonomy of Blockchain-based Technology in the Financial Industry. F1000Research, 12. https://doi.org/10.12688/f1000research.133518.2
Appel, I., & Grennan, J. (2023). Decentralized Governance and Digital Asset Prices. Darden Business School Working Paper No. 4367209, 55. https://dx.doi.org/10.2139/ssrn.4367209
Arner, D. W., Sijuade, Charamba, K., & Cai, Y. (2023). Access to Finance and the UN Sustainable Development Goals: Building Digital Payments Ecosystems. American University Business Law Review, Forthcoming, 53. https://dx.doi.org/10.2139/ssrn.4565601
Atzei, N., Bartoletti, M., & Cimoli, T. (2017). A Survey of Attacks on Ethereum Smart Contracts (SoK). International Conference on Principles of Security and Trust, 10204, 164–186.
Baiod, W., Light, J., & Mahanti, A. (2021). Blockchain Technology and its Applications Across Multiple Domains: A Survey. Journal of International Technology and Information Management, 29(4), 78-119.
Cai, C. W. (2018). Disruption of financial intermediation by FinTech: a review on crowdfunding and blockchain. Accounting & Finance, 58(4), 965-992.
Certik. (2020, August 13). 2020/08/13 Yam Finance Smart Contract Bug Analysis & Future Prevention. Medium. Retrieved October 13, 2023, from https://medium.com/certik/2020-08-13-yam-finance-smart-contract-bug-analysis-future-prevention-b4220976ebea
Chen, H., Pendleton, M., Njilla, L., & Xu, S. (2020). A Survey on Ethereum Systems Security: Vulnerabilities, Attacks, and Defenses. ACM computing surveys, 53(3), 1–43. https://doi.org/10.1145/3391195
Chhabra, S. (2023). The Future of Decentralized Finance in India. SSRM electronic paper, 17. https://dx.doi.org/10.2139/ssrn.4455049
Cryptopedia. (2023). The DAO: What Was the DAO Hack? Gemini. Retrieved October 14, 2023, from https://www.gemini.com/cryptopedia/the-dao-hack-makerdao
Dimitrieva, H. E., & Schmidt-Kessen, M. J. (2019). Creating markets in no-trust environments: The law and economics of smart contracts. Computer Law & Security Review, 35(1), 69-88. https://doi.org/10.1016/j.clsr.2018.09.003
Erinle, Y., Kethepalli, Y., Feng, Y., & Xu, J. (2023). SoK: Design, Vulnerabilities, and Security Measures of Cryptocurrency Wallets. arXiv preprint arXiv, 2307.12874. https://doi.org/10.48550/arXiv.2307.12874
Far, S. B., Rad, A. I., & Asaar, M. R. (2023). Blockchain and its derived technologies shape the future generation of digital businesses: a focus on decentralized finance and the Metaverse. Data Science and Management, 6(3), 183-197. https://doi.org/10.1016/j.dsm.2023.06.002
Gramlich, V., Principato, M., Schellinger, B., Sedlmeir, J., Sedlmeir, J., Amend, J., Stramm, J., Zwede, T., Strüker, J., & Urbach, N. (2022). Decentralized Finance (DeFi) Foundations, Applications, Potentials, and Challenges. SSRN Electronic Journal. http://dx.doi.org/10.2139/ssrn.4535868
Hacibedel, B., & Saiz, H. P. (2023). Assessing Macrofinancial Risks from Crypto Assets. Assessing Macrofinancial Risks from Crypto Assets.
Harris, C. G. (2023). Cross-Chain Technologies: Challenges and Opportunties for Blockchain Interoperability. 2023 IEEE International Conference on Omni-layer Intelligent Systems (COINS), 1-6.
Harvest Finance. (2020, October 27). ‘Engineering Error’ Led to $34 Million DeFi Hack, Harvest Finance Says. Decrypt. Retrieved October 14, 2023, from https://decrypt.co/46445/engineering-error-34-million-defi-hack-harvest-finance
Harvey, C. R., & Rabetti, D. (2023). International Business and Decentralized Finance. https://dx.doi.org/10.2139/ssrn.4538838
Henry, C. S., Engert, W., Lalani, A. S., Hernandez, S., McVanel, D., & Huynh, K. P. (2023). Unmet Payment Needs and a Central Bank Digital Currency. Bank of Canada Staff Discussion Paper, 15. https://doi.org/10.34989/sdp-2023-15
Hess, E. (2023). Bridging Policy and Practice: A Pragmatic Approach to Decentralized Finance, Risk, and Regulation. SSRN Electronic Paper, 74.
Jiang, E., Qin, B., Wang, Q., Wang, Z., Wu, Q., Weng, J., Li, X., Wang, C., Ding, Y., & Zhang, Y. (2023). Decentralized Finance (DeFi): A Survey. arXivLabs: experimental projects with community collaborators, 2308.05282. https://doi.org/10.48550/arXiv.2308.05282
Kirimhan, D. (2023). Importance of anti-money laundering regulations among prosumers for a cybersecure decentralized finance. Journal of Business Research, 157, 113558. https://doi.org/10.1016/j.jbusres.2022.113558
Lashkari, B., & Musilek, P. (2023). Evaluation of Smart Contract Vulnerability Analysis Tools: A Domain-Specific Perspective. Electrical and Computer Engineering, University of Alberta, Edmonton, AB T6G 1H9, Canada, 14(10), 533. https://doi.org/10.3390/info14100533
Li, W., Bu, J., Li, X., & Chen, X. (2022). Security Analysis of DeFi: Vulnerabilities, Attacks and Advances. School of Cyberspace Security, Hainan University, Haikou, China.
Likarenko, Y. (2023, March 1). The Future of DeFi In Fintech. Uptech. Retrieved October 12, 2023, from https://www.uptech.team/blog/the-future-of-defi-in-fintech
Liu, B., Szalachowski, P., & Zhou, J. (2021). A First Look into DeFi Oracles. IEEE International Conference on Decentralized Applications and Infrastructures (DAPPS), 39-48.
Melo, W. S., Bessani, A., Neves, N., Santin, A. O., & Carmo, L. F. R. C. (2019). Using Blockchains to Implement Distributed Measuring Systems. IEEE Transactions on Instrumentation and Measurement, 68(5), 1503-1514.
Noor, M., & Murad, S. H. (2023). Identifying Threat Factors of Vulnerabilities in Ethereum Smart Contracts. Thesis in Digital Forensics 15 HP, 66.
Olatubosun, J. T. (2023). Design And Implementation Of A Virtual Wallet Application For Facilitating Cross-Border Financial Transactions Using Virtual Tokens. Mountain Top University, 76. http://ir.mtu.edu.ng/jspui/bitstream/123456789/1215/1/OLATUBOSUN%20John%20-%20CSC.pdf
Parfeniev, J. (2019). How has the international drug market changed with the rise of Dark web illicit markets-A critical analysis. International Crime and Global Security.
POPESCU, A. D. (2020). Transitions and concepts within decentralized finance (Defi) Space. Research Terminals in the social sciences.
Rabetti, D. (2023). Auditing Decentralized Finance (DeFi) Protocols. National University of Singapore (NUS), 59. https://dx.doi.org/10.2139/ssrn.4458298
Schuler, K., Nadler, M., & Schär, F. (2023). Contagion and Loss Redistribution in Crypto Asset Markets: Modelling the Intersection of DeFi and CeFi. Center for Innovative Finance, University of Basel, 5. https://dx.doi.org/10.2139/ssrn.4499113
Shah, K., Lathiya, D., Lukhi, N., Parmar, K., & Sanghvi, H. (2023). A systematic review of decentralized finance protocols. International Journal of Intelligent Networks, 4, 171-181. https://doi.org/10.1016/j.ijin.2023.07.002
Sharma, T., Zhou, Z., Miller, A., & Wang, Y. (2023). A Mixed-Methods Study of Security Practices of Smart Contract Developers. 32nd USENIX Security Symposium (USENIX Security 23), 2545-2562.
Singh, A., Mali, P. V., Thakare, S., & Bhattacharjee, S. (2023). Crypto Lending and Hedge Fund Platform (Liquifi). Journal of Computer Technology & Applications, 14(1). http://computerjournals.stmjournals.in/index.php/JoCTA/index
Uniswap Labs. (2023, May 15). Going from CeFi to DeFi. Uniswap Blog. Retrieved October 17, 2023, from https://blog.uniswap.org/cefi-defi-uniswap-survey
Valid Network. (2020, April 26). How Did Lendf.Me Lose $25 Million to A Reentrancy Attack? [An Analysis]. HackerNoon. Retrieved October 13, 2023, from https://hackernoon.com/how-did-lendfme-lose-dollar25-million-to-a-reentrancy-attack-an-analysis-091iy32s7
Werapun, W., Suaboot, J., Arp*rnthip, T., Sangiamkul, E., & Boonrat, P. (2022). The Flash Loan Attack Analysis (FAA) Framework—A Case Study of the Warp Finance Exploitation. MDPI Informatics, 10(1), 3. https://doi.org/10.3390/informatics10010003
William, M. (2023, August 19). How Many Blockchains are there? (2023 Guide). Watcher Guru. Retrieved October 11, 2023, from https://watcher.guru/news/how-many-blockchains-are-there
Zhou, L., Xiong, X., Ernstberger, J., Chaliasos, S., Wang, Z., Wang, Y., Qin, K., Wattenhofer, R., Song, D., & Gervais, A. (2023). SoK: Decentralized Finance (DeFi) Attacks. IEEE Symposium on Security and Privacy (SP), 2444-2461. https://doi.org/10.1109/SP46215.2023.10179435
