Despite conducting audits relatively often, most decentralized exchanges are not up to the standards of security, according to a recent report.
Decentralized finance is booming this year and especially during and after the summer. Besides DeFi protocols, the crypto space has seen the emergence of many new decentralized exchanges.
The strong demand led to the rapid development of projects and impressive transaction volume growth. However, security and safety issues do not seem to have received special attention from project development teams.
CER, a division of the well-known cybersecurity company Hacken Group, has conducted a test and rating of DEX exchanges. In its report, CER highlights the risks that exist on decentralized exchanges, which can be limited on centralized exchanges. That is a case of creating fake tokens, high slippage – leading to buying/selling tokens at prices far from the market price, pending transactions, missing data on trading pairs…
Most DEXs do not have insurance or features that protect users against mistakes that lead to loss of money. However, the report also acknowledges that “Compared to centralized exchanges, DEX exchanges have never had any serious hacks.”.
CER tested 25 DEX exchanges, rating it based on several factors, including security testing history, bug bounty program, cold wallet direct support, liquidity score, data availability, etc. rating is 1 to 10, the DEX with the higher score will be ranked more secure.
The worrisome result was that CER came to the conclusion “Cybersecurity scoring results from our research show that only two crypto exchanges out of 25 surveyed achieved high scores, from 8 points or more, Uniswap and Synthetix.”.
Other DEXs in the top 10 are CRV, dYdX, BinanceDEX, Sushi, 1inch, Balancer, Switcheo, and Kyber.
When it comes to security testing specifically, CER states that 6 platforms (24%) failed the test. The report warns that “an exchange that is not audited cannot be considered secure.”
Most of the exchanges that pass the test use a third-party audit service. One thing to keep in mind, however, is that most decentralized exchanges don’t retest after adding code. Only 4 platforms continuously test for security and satisfy this criterion.