Imagine a global, open alternative to every financial service you use today — savings, loans, trading, insurance and more — accessible to anyone in the world with a smartphone and internet connection.
Decentralized Finance (DeFi) is creating a new paradigm that proposes quite an attractive alternative to fiat-world lending, assets and derivatives markets, with the advantages offered by decentralized p2p protocols. Decentralized finance, or DeFi for short, is composed of financial applications that operate through a decentralized blockchain. They effectively cut out the middle man that many of the finance-focused apps and platforms we use today employ. Anyone with an internet connection can now take out a loan or trade on open markets on the Ethereum platform. Dapps are designed to be global from day one — Whether you’re in Texas or Tanzania, you have access to the same DeFi services and networks. Of course, local regulations may apply but, technically speaking, most DeFi apps are available to anyone with an internet connection.
As an Audit professional, smart contract audit is an independent review that assesses the security and correctness of the code. Smart contract security is paramount for any decentralized application that holds or controls the flow of users’ hard-earned funds. This provides the following advantages. First, users obtain an independent opinion on how the smart contract behaves, which can alert them about potential threats. Project managers receive valuable feedback about their projects and can take the necessary steps to mitigate security risks. Finally, developers receive important security advice and concrete security bug reports. However, not all audits are the same. The value provided by an audit depends on the technology used to conduct it and the expertise of the audit team.
Many DeFi projects require users to lock up an asset (ETH, DAI…) in order to participate in the protocol, add liquidity to a market, or mint a new asset. These assets locked as collateral have created a measurement for the track record of these applications, called total value locked (TVL).
In the simplest sense, a smart contract audit is a third-party review of the source code of a smart contract. Although a completed audit means that the code was reviewed, the rigorousness of the audit may vary substantially - and this rigor is really what matters for security, not merely the presence of an audit. For instance, a dApp may flaunt that no errors were found during the audit process, but it’s difficult to determine whether this means that the code quality was extremely high or whether the auditor was really bad.