A recent report from Cer Live, a crypto exchange ranking platform, indicated that 14 of the top 25 decentralized exchanges, or DEXs, scored poorly in terms of cybersecurity.
The report looked at a variety of unique problems that most DEXs face, including fake token listings, the prevalence of slippage, delays in transaction confirmation, and a lack of data about listed trading pairs. They also looked at whether each exchange had undergone security audits, offered bounties to incentivize the public discovery of bugs, ensured adequate end-to-end security, and more.
The assessment then allocated a score ranging between 1 - 10 based on each venue's overall security. CER deemed that any score above an 8 should be classified as "high." Scores ranging between 6 - 8 were considered "good", and anything below a 6 was viewed as "low" and, thus, "unsafe." Out of the 25 exchanges analyzed, only two of the reported DEXs received a “high” security score: Uniswap and Syntetyx.
CER called out low scoring exchanges for their auditing practices, saying that many failed to re-audit their offerings following recent additions to their code. Scores were reduced for any exchange whose audits were considered to be out of date. Other exchanges failed to release public audits at all:
“6 exchanges (24%) failed to pass a security audit or did not publicly announce that they have undergone an audit. It should be noted that an unaudited exchange cannot be considered safe.”
Some of the 25 exchanges hired individual researchers rather than specialized companies to complete their audits — a practice that the report's authors strongly discouraged. Remarking on the incredible growth of DeFi in the last few months, the researchers concluded that DEX users are generally more exposed to fraud than hacks:
“Despite the fact that there haven’t been any significant hacks on decentralized exchanges in comparison to centralized platforms, DEX users are actually more susceptible to fraudulent attacks."
CER's report ultimately determined that 92% of the top 25 DEXs need to place a stronger focus on security. They encouraged these exchanges to follow the industry's existing best practices in future in an effort to ensure a safe trading environment for their users.