Decentralized Finance (DeFi) has created a prosperous and open new financial ecosystem through smart contracts since the last round of DeFi Summer. However, with the development of DeFi, many DeFi protocols have become more and more complex, and the knowledge threshold required to understand the relevant protocols has become higher and higher, which makes it difficult for many ordinary users to clearly understand the risks of the protocol and interact with DeFi protocols safely.
Since the end of 2024, AI Agent has become a hot spot in the on-chain ecology. The combination of DeFi and AI (DeFai) is trying to innovate the DeFi track: Ordinary users can use AI to simplify the interaction process of DeFi and optimize their transaction decisions, turning DeFi into a more user-friendly, intelligent and efficient financial ecosystem. In this article, Beosin will take you to understand how DeFai works and the security challenges it faces, and provide users with a clearer understanding of risks.
DeFai Technical Architecture
In the blockchain, AI Agent can serve as an intermediate interface between users and DeFi protocols, interacting with smart contracts on behalf of users and handling complex contract calls without the need for users to continuously operate manually. By studying the DeFai projects in the market, we divide the architecture of such projects into the following key components:
1.1 Smart Account (ERC-4337)
Traditional EOA accounts do not separate asset custody from transaction signatures - the same account that owns the funds must sign each transaction. Smart accounts that follow ERC-4337 separate asset custody from transaction authorization through programmable verification logic, so that AI Agent transaction execution can be safely delegated while keeping the account non-custodial.
When a user interacts with such a DeFai system, the system creates a smart account associated with the user's own EOA account. This smart account is fully owned and controlled by the user and performs complex transactions on behalf of the user.
1.2 Multi-Signature Threshold (MPC-TSS)
For non-fully autonomous DeFai applications, MPC-TSS can split keys between AI Agent, users, and trusted third parties, while users can still maintain a certain degree of control over the AI Agent.
1.3 Trusted Execution Environment (TEE)
For fully autonomous AI systems, TEE provides a security solution that stores private keys in a secure encrypted environment, allowing AI Agents to execute transactions on behalf of users in a trusted, protected environment without interference from third parties.
The above three solutions have their own advantages and disadvantages. Smart accounts and MPC solutions are safe and controllable, but operations are restricted by predefined rules and permissions. TEE solutions have higher degrees of freedom, but the project party needs to solve hardware-level problems.
This module acts as an interface between AI Agent and the DeFi ecosystem, interacts with external protocols through a standardized abstraction layer, and converts market data and user instructions into actionable blockchain transactions.
This process involves multiple stages:
The first stage is data aggregation, in which the AI Agent needs to process information from on-chain data, DeFi protocols, and the market. This data needs to be processed and passed to the module in a standardized format.
Reading contract data
The second stage is evaluation and decision-making. Based on the data from the first stage, the system can combine traditional financial algorithms with AI to identify opportunities that meet user goals, such as the APR prediction system and the event-driven Meme token trading system. This helps the AI Agent optimize the timing of holding positions and the selection of trading targets.
In the third stage, the AI Agent converts previous decisions and user instructions into specific on-chain operations, which have specified the exact transaction parameters (contract address, number of tokens, etc.), as shown in the figure below:
Create Uniswap V3 liquidity pool
For the DeFai protocol, developers need to implement multiple layers of protection to ensure the security of user funds and reduce the risks in the process of obtaining DeFi returns. The risk module should run 24/7, taking into account factors such as the security of smart contracts, governance risks, liquidity risks, price impact, volatility, and historical reliability of different DeFi protocols.
For users, DeFai allows them to efficiently interact with the multi-chain DeFi ecosystem without having to study the specific details of each chain, protocol, and ecosystem.
DeFai is built on the existing DeFi protocol. Therefore, in addition to the systemic risks of the DeFai protocol itself (account management, risk control management), users should also pay attention to the following possible security risks when using DeFai to manage crypto assets:
Transaction Slippage/MEV Attack
When the AI Agent performs token exchange or AMM market making in the liquidity pool, the token exchange or creation of LP may cause large transaction slippage due to the liquidity problems of the original pool, or be attacked by MEV robots, resulting in transaction losses. The following is a case in which a user lost about $210,000 in a MEV attack when exchanging USDC for USDT:
Liquidity risk
During periods of high market volatility, the liquidity of DeFi protocols (especially lending protocols) may be limited, which may affect users' deposit or withdrawal operations.
Smart contract risk
Each DeFi protocol that AI Agent interacts with operates based on smart contracts, and the contracts may have undiscovered vulnerabilities. DeFi protocols should undergo detailed security audits to maximize the security of the protocol.
DeFi protocol's operating mechanism and economic model may lead to bad debts or other unexpected results under extreme market conditions, resulting in loss of users' assets.
The recent liquidation of HyperLiquid caused the protocol treasury and the provider of the treasury to lose approximately $4 million. The flaw is that the project party did not consider the maintenance margin and maximum leverage of large positions. Arbitrageurs/attackers use high leverage to penetrate positions, and the treasury of the protocol bears the losses.
Oracle Risk/Price Manipulation
DeFi protocols may rely on oracle price feeds that are manipulated or encounter technical problems, resulting in errors in price information, such as the Polter Finance incident that previously lost more than $7 million. The DeFi project relied on the token reserves of UniswapV2 Pair, which is easily manipulated, to calculate prices. Hackers used flash loans to push up the price of project tokens and borrow assets far exceeding the value of their collateral.
With the continuous development of DeFai, decentralized finance will enter a new stage that is more user-friendly, intelligent and efficient. The deep integration of AI in the DeFi field will greatly simplify the user interaction process, optimize risk management, and achieve a seamless on-chain interactive experience. At this stage, both experienced DeFi players and DeFi novices can easily obtain on-chain information, manage assets, and safely perform various on-chain operations with the help of DeFai tools.
At the same time, the security risks of the DeFai system cannot be ignored: the management of private keys of accounts, the risk control of executing transactions, and the third-party risks of various DeFi protocols are all affecting the security of users' assets. Users should choose DeFai projects that have been strictly audited and market-tested to minimize financial risks.
Taiwan's first electronic detection dog, Wafer, excels in uncovering crimes, notably sniffing out concealed cryptocurrency cold wallets. Wafer's success represents a major leap in combating sophisticated digital crimes.
JoyDiscover the strategic implications of Binance's recent decision to discontinue Russian Ruble (RUB) services. Understand the impact on users, the reasons behind this significant move, and the subsequent shifts in the global crypto market landscape.
WeiliangDiscover the essential dates and guidelines for the transition from Base Goerli to Sepolia. Ensure a seamless migration by staying informed about deposit suspensions, documentation updates, and the final discontinuation of Base Goerli infrastructure.
MiyukiJoin the DragonEgg airdrop on Solana and be part of the monumental distribution of 60% of DGE tokens. Apply from January 31 to February 8 at degfinance.org and seize your chance to engage with a thriving crypto community. Don't miss this opportunity to be part of DragonEgg's journey on the Solana blockchain!
BrianExplore the transformative power of Farcaster Frame, an innovative extension that revolutionizes online interactions by converting static embeddings into interactive experiences.
WeiliangDiscover the extended deadline for Binance Labs' 7th MVB Accelerator Program. Unveil the focus on AI-driven DApps, user-friendly SocialFi, cross-chain gaming, digital identity protocols, and BNB Greenfield platforms. Seize the opportunity to revolutionize the blockchain space with your innovative project before January 31st
BrianDiscover how UniSat Wallet is leading the way in the Bitcoin inscription space by embracing the Ordinals Jubilee upgrade. Explore the wallet's strategic integration, user benefits, and a glimpse into future innovations with the highly anticipated 2024 whitepaper release
WeiliangDiscover Frame's pioneering steps in the NFT space with the imminent launch of its Ethereum L2-based mainnet and exclusive FRAME token airdrop. Learn about Frame's successful fundraising, strategic partnerships, and how it's setting the stage for a new era in NFT innovation and community engagement.
MiyukiExplore the groundbreaking launch of Jupiter's JUP token in the Solana ecosystem. Discover how this pivotal event, announced by co-founder Meow, is set to revolutionize decentralized finance by enhancing trading efficiency and offering new investment opportunities.
AlexAnthony Scaramucci predicts Bitcoin could surge to $170,000 post-halving, citing historical cycles and a 'conservative' estimate. Embracing Bitcoin's potential, industry leaders like Scaramucci and BlackRock's Larry Fink anticipate a transformative future, with the April 2024 halving event playing a crucial role.
Joy