# Yearn Finance Comic — Part 5 

**Published by:** [xuanling11](https://paragraph.com/@xuanling11/)
**Published on:** 2022-05-01
**URL:** https://paragraph.com/@xuanling11/yearn-finance-comic-part-5

## Content

Photo by Adrien Converse on UnsplashThis article is sponsored by the MixPay Content Reward Program. MixPay is a decentralized crypto payment service platform built on Mixin Network. MixPay, Payment for Web3.Security is one of the most important topics in Decentralized Finance. Without the security, your fund is for others to grab 💸. https://twitter.com/BlockSecTeam/status/1520350965274386433?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1520350965274386433%7Ctwgr%5E%7Ctwcon%5Es1_c10&ref_url=https%3A%2F%2Fscorum.co%2Fen-gb%2Fcrypto%2F%40xuanling11%2Fyearn-finance-comic-part-5 🔒 Crypto Security https://twitter.com/xuanling11/status/1520597120226529280?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1520597120226529280%7Ctwgr%5E%7Ctwcon%5Es1_c10&ref_url=https%3A%2F%2Fscorum.co%2Fen-gb%2Fcrypto%2F%40xuanling11%2Fyearn-finance-comic-part-5 Crypto itself is a component derivative from cryptography - a technique to secure communication in the presence of malicious third parties. It is prone to attacks from multiple aspects. Cryptocurrency Security Standard (CCSS) was introduced in 2014 to provide an open standard for protecting crypto operations that are separated by three levels of a security audit. Level I is the most stringent security protection and Level III is the least stringent security protection. The audit components include:Image credit: https://www2.deloitte.com/mt/en/pages/technology/articles/mt-article-cryptocurrency-security-standard-CCSS.htmlKey/seed generationWallet creationKey storageKey usageKey compromise policyKeyholder grant/revoke policies & proceduresThird-party security audits/pentestsData sanitization policyProof of reserveAudit logsEven if you passed a level III audit does not guarantee your crypto to be safe. 👮 Defi Security The core component of Defi is smart contracts. Only the problem with the smart contract is that it defeats the original design intent of cryptocurrency. Despite the benefit of the smart contract to bring more functionality to crypto, its capabilities as immutability have been significantly reduced. A smart contract is a program to command how the blockchain behaves. It sets predetermined conditions for the program to be met to execute operations. The problem is that it opens the possibility for programmers to manipulate codes to reach their own goals. Of course, we do not undermine benefits from smart contracts, we also need to be aware that such loopholes will exist for hackers to exploit.Image credit: https://media.consensys.net/thoughts-on-defi-security-640dde37bb3bIn contrast to cryptography, that information will be hidden, some of the information will be exposed in smart contracts for hackers to manipulate. Also, hackers can gain access through predetermined privileges and gain the power to manipulate codes. That will diminish decentralization and increase centralization risks. 🈲 How to Prevent Hacking One way is to conduct a smart contract audit. It is a crucial step for the Defi project to conduct an audit. Although an audit can not completely eliminate the possibility of hacking, it can uncover flaws to improve the chances to prevent hacking. Another way is to create a Cefi like Defi. Implementing a central-like command can prevent hacking from executing through smart contracts and attack funds automatically without possible verification. The third way is to go through a hackathon - a collective event that brings talents to work and helps increase system security. Similarly, submitting a bounty to reward Whitehats is another way to discover the vulnerability of the code. 🎍 Security at Yearn Whitehat has submitted a report to prevent a possible exploit that can lead to a significant loss of user funds. Yearn was able to fix the vulnerability and report it to the public. In Conclusion Security is important in crypto and Defi. Continue improving security is a key to preventing hacking in the future.Donate with MixPayhttps://mixpay.me/40440862/Donation

## Publication Information

- [xuanling11](https://paragraph.com/@xuanling11/): Publication homepage
- [All Posts](https://paragraph.com/@xuanling11/): More posts from this publication
- [RSS Feed](https://api.paragraph.com/blogs/rss/@xuanling11): Subscribe to updates
- [Twitter](https://twitter.com/xuanling11): Follow on Twitter