# Is DeFi really decentralized? **Published by:** [Lucky boom](https://paragraph.com/@lucky-boom/) **Published on:** 2021-10-31 **URL:** https://paragraph.com/@lucky-boom/is-defi-really-decentralized ## Content In fact, a lot of DeFi is implemented through smart contracts on the blockchain. Take Ethereum, the largest smart contract operation platform, as an example. After the smart contract is developed and deployed on the blockchain, its code cannot be rewritten, but its state can be controlled by an external account. For example, we can set one or a group of administrator addresses for the contract, and these administrators can have various preset capabilities to manipulate the contract. For example, the well-known USDT stable currency is an ERC-20 contract on the Ethereum blockchain. Then this contract has a management account that can freeze any amount of USDT funds. For most contract developers, it is a very common practice in the industry to retain ultimate control over the contract and reserve some backdoor functions such as emergency suspension and emergency transfer of assets. Of course, the reason is usually high-sounding and understandable: the contract code is immature. In order to prevent the asset from being locked when a bug occurs, it is necessary to reserve the emergency transfer function. Or for safety reasons, in order to prevent the loss of user assets when abnormal problems occur, we retain the emergency brake function. These "functions" are actually the "backdoors" left to the controller-often developers or project parties. The back door is a double-edged sword. Developers can use it to deal with some unknown problems urgently. Hackers can use it to steal assets. The project party can pretend to be hacked, guard and steal, and run away after transferring assets. There are more advanced technologies. We can use the proxy call mechanism to implement the so-called upgradeable contract. After we authorize a DApp, we grant control of the wallet assets to the agency contract. The actual execution logic of the proxy contract is another contract behind it. But this logical contract can be replaced. In this way, everything is normal for the initial version of the software. We authorized the contract with confidence in the wallet. This authorization is usually an unlimited authorization. Then the project party upgraded the logical contract and quietly transferred all the assets in your wallet. Or, the hacker stole the authority of the project party, upgraded the contract, and stole all the assets in your wallet. Or, the project team disguised as a hacker, pretending to be stolen by the hacker, and stole all the assets in your wallet. Almost all DeFi applications, such as swap, such as the second-tier bridge, require you to perform authorization operations. Every authorization opens the door to risk. Are DeFi projects audited by a so-called security audit company safe? Not really. The audit company only ensures that there are no low-level technical loopholes in the contract. However, the audit company will not raise objections to whether the contract has reserved super authority for centralized control and management. In a technical way, centralized control is a feature (feature), not a bug (problem). If you look at the current DeFi projects on the market with a strict decentralization perspective, nine out of ten DeFi projects are not truly completely decentralized, and most of them retain a certain degree of centralized control. Real and complete decentralization means that if there are unexpected loopholes in the code, the project party may have nothing to do because he cannot suspend the operation of the contract, or urgently transfer and protect assets, or upgrade the contract to fix the problem. Incomplete decentralization means the theft of hackers, the combination of inside and outside, theft of guards, the running of the project, and the full spread of centralization risks. DeFi that retains its centralized characteristics is nothing more than a semantic deception. Failure to achieve truly and completely decentralized decentralized finance requires supervision of centralization risks by regulatory agencies. This is the underlying logic of the US SEC's proposal to strengthen the supervision of DeFi. ## Publication Information - [Lucky boom](https://paragraph.com/@lucky-boom/): Publication homepage - [All Posts](https://paragraph.com/@lucky-boom/): More posts from this publication - [RSS Feed](https://api.paragraph.com/blogs/rss/@lucky-boom): Subscribe to updates - [Twitter](https://twitter.com/Luckingcq): Follow on Twitter