In DeFi, composability is overused and much hyped at the expense of security.
The reality is that you can accumulate or ‘compose’ all lower level protocol security vulnerability into your DeFi product.
So any security breach in lower level protocol can affect any DeFi Product based on that protocol, potentially introducing systemic risk.
So, what DeFi Developer or Architect should do since most DeFi Products do have to use composition of other low level protocols to make the DeFi product profitable and useful. After all, the main reason for the 2020 DeFi Renaissance is due to composability or “, the “money Legos”, the key property of smart contact.
Here are my suggestion
1: Use the protocol which has been audited by a reputable 3rd party smart contract or protocol auditor. If not audited by 3rd party, better stay away.
2: Favor old protocols or DeFi projects. Old protocols in DeFi are mostly developed since 2017 and have a long history and have been somewhat battle ground tested. So,if you have two similar protocols to choose for your DeFi Lego, choose the one which is old.
3: Use as few “Legos” as possible. The more Legos you have used, the more gas cost your user has to pay, more importantly, the more security risk you introduce into your finished DeFi product. So, keep it simple and safe.
4: Test your finished DeFi product for composition risk. There were already a few examples that a few secure protocols can be combined into a non secure DeFi product. This kind of risk is hard to identify during a security audit,more testing and simulation is needed.
5: Follow smart contract security best practices, for those who read Chinese, I recommend you read chapter 3 of the <<Blockchain Security Guide>>https://www.amazon.cn/dp/B07D9K9934 which was published by prestigious China Machine Press.
6: Ongoing internal audit of smart contract code and use of a safe smart contract library.
Finally, If I have to make a new year prediction, I will predict we will see some large DeFi security incidents with millions or even billions loss due to composition risk in 2021.
