By
Svetlana Soroka
April 25th, 2024
The primary objective of decentralized finance is to create a world where no trust is needed.
When people think of decentralized finance, they automatically assume there are no risks. After all, intermediaries don’t exist, and everything is trustless. However, smart contracts can still contain admin rights, which puts all users at risk. Ensuring these “admin keys” no longer exist is the next major frontier to conquer.
DeFi Smart Contracts and Admin Rights
On the surface, a smart contract is a code facilitating automation and decentralization. Users interact with the code directly – rather than humans – to transact, deposit, withdraw, invest, etc. It is a very solid and powerful concept, but humans still write the code. Unfortunately, that also means nefarious individuals may retain administrator privileges over these contracts, enabling them to adjust small bits or change the whole content to something less positive.
The concept of “admin keys” is nothing new in decentralized finance. They enable a creator or team to exert control over a project to change the rules or make adjustments. While they can exist for holistic reasons, these admin rights will always pose a huge risk. In an industry where scams and theft are somewhat common, admin rights are an immediate red flag. It wouldn’t be the first time developers pull the rug out from under investors when they least expect it.
Don’t be mistaken in thinking projects with a DAO structure are automatically better. Although a DAO does not have admin rights like smart contracts – or it shouldn’t, at least – it can still pose a big risk. Projects can run a DAO for parts of their business yet still ensure the developers hold the majority of tokens and voting power. Several projects have moved beyond the traditional centralized governance and admin rights approach.
One thing to consider is how admin rights over smart contracts ensure immutability can never exist. That doesn’t mean the admin keys will ever be used, but there’s always doubt over how immutable the code is or will be. Such a key can be viable when fixing major bugs, but it isn’t necessarily worth the trade-off either. Redeploying code and directing users to the new versions is always an option, even if it’s a bit cumbersome.
Establishing a Trustless World
The primary objective of decentralized finance is to create a world where no trust is needed. Users interface with code, and there are no third parties to worry about. Unfortunately, admin rights over smart contracts make that vision impossible, even if the approach is taken for legitimate reasons. Instead, developers should focus on building a trustless world where everyone has equal power and say, without cutting corners.
Transitioning to a trustless state will take time, though. However, projects like Aura Finance take a calculated approach to getting there. Its governance process goes through several phases, starting with snapshots and multisigs. Eventually, it will migrate to full-on-chain voting through GovernorBravo, Gnosis SafeSnap, and other solutions. In addition, they intend to develop trustless smart contracts for Balancer Gauge voting without admin rights.
In addition, there is a strong focus on auditing smart contracts. Going through multiple audits sends a strong signal to the community. It also ensures no nefarious functions or admin rights developers can take advantage of. In addition, conducting bug bounties and thorough internal testing is essential to help establish a trustless DeFi world.
Such processes must be maintained around the clock, and users must also conduct due diligence by analyzing on-chain contract code.
