Table Of ContentFinancial Innovation and Technology
Gurdip Kaur
Arash Habibi Lashkari
Iman Sharafaldin
Ziba Habibi Lashkari
Understanding
Cybersecurity
Management in
Decentralized
Finance
Challenges, Strategies, and Trends
Financial Innovation and Technology
Thebookseries‘FinancialInnovationandTechnology’featuresscholarlyresearch
onthelatestdevelopmentsintheworldoffinancesuchasAI,FinTechstartups,Big
Data, Cryptocurrencies, Robo-Advisors, Machine Learning, and Blockchain appli-
cations among others. The book series explores the main trends and technologies
that will transform the finance industry in the years to come. The series presents
essentialinsightsintothefinancialtechnologyrevolution,andthedisruption,inno-
vation, and opportunity it entails. The books in this series will be of value to both
academicsandthoseworkinginthefinanceindustry.
(cid:129) (cid:129)
Gurdip Kaur Arash Habibi Lashkari
(cid:129)
Iman Sharafaldin Ziba Habibi Lashkari
Understanding Cybersecurity
Management in Decentralized
Finance
Challenges, Strategies, and Trends
GurdipKaur ArashHabibiLashkari
SaintJohn,NB,Canada SchoolofInformationTechnology
YorkUniversity
Toronto,ON,Canada
ImanSharafaldin ZibaHabibiLashkari
ApplicationSecurity SchoolofComputerEngineering
ForwardSecurityInc UniversidadPolitécnicadeMadrid
Vancouver,BC,Canada Madrid,Spain
ISSN2730-9681 ISSN2730-969X (electronic)
FinancialInnovationandTechnology
ISBN978-3-031-23339-5 ISBN978-3-031-23340-1 (eBook)
https://doi.org/10.1007/978-3-031-23340-1
©TheEditor(s)(ifapplicable)andTheAuthor(s),underexclusivelicensetoSpringerNatureSwitzerland
AG2023
Thisworkissubjecttocopyright.AllrightsaresolelyandexclusivelylicensedbythePublisher,whether
thewholeorpartofthematerialisconcerned,specificallytherightsoftranslation,reprinting,reuseof
illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and
transmission or information storage and retrieval, electronic adaptation, computer software, or by
similarordissimilarmethodologynowknownorhereafterdeveloped.
Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication
doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant
protectivelawsandregulationsandthereforefreeforgeneraluse.
The publisher, the authors, and the editorsare safeto assume that the adviceand informationin this
bookarebelievedtobetrueandaccurateatthedateofpublication.Neitherthepublishernortheauthorsor
theeditorsgiveawarranty,expressedorimplied,withrespecttothematerialcontainedhereinorforany
errorsoromissionsthatmayhavebeenmade.Thepublisherremainsneutralwithregardtojurisdictional
claimsinpublishedmapsandinstitutionalaffiliations.
ThisSpringerimprintispublishedbytheregisteredcompanySpringerNatureSwitzerlandAG
Theregisteredcompanyaddressis:Gewerbestrasse11,6330Cham,Switzerland
Preface
This book is one piece of the Understanding Cybersecurity Series (UCS) research
program, which will produce a varied collection of cybersecurity resources for
researchersandreadersofallbackgrounds.Theteamreleasedthefirstonlinearticle
seriesinthispiece,entitled“UnderstandingCanadianCybersecurityLaws,”in2020.
Flowingfromthesuccessofthisfirstarticleseries,theteamwasrecognizedwitha
Gold Medal for Best Blog Column in the Business Division at the 2020 Canadian
OnlinePublishingAwards.Theresearchcontinued withthepublicationofthefirst
book, “Understanding Cybersecurity Law and Digital Privacy: A Common Law
Perspective,”publishedbySpringerNatureSwitzerlandAGin2021.Inparallel,the
team released the second article series entitled “Understanding cybersecurity man-
agement for FinTech (UCMF)” in 2021 and published the second related book
entitled“UnderstandingCybersecurityManagementinFinTech:Challenges,Strat-
egies, and Trends.” This book emphasizes the importance of cybersecurity for
financial institutions by illustrating recent cyber breaches, attacks, and financial
losses.
Starting in 2022, the UCS team began the third online series, “Understanding
Current Cybersecurity Challengesin Law,” which contains six parts andaddresses
many of the emerging trends and larger legal issues pertaining to cybersecurity
around the world, including the determination of digital jurisdictional authority,
user-generated digital content ownership, and other topics. This series continues
withthepublicationofthethirdbookentitled“UnderstandingCybersecurityLawin
DataSovereigntyandDigitalGovernance:AnOverviewfromaLegalPerspective”
which focuses on the nuanced and comprehensive understanding of current cyber-
security challenges and the law to the greater community and increases public
awarenessoftheseimportantissuesinourrapidlychangingdigitalworld.Inparallel,
the team worked on this book which delves into understanding cyber threats and
adversaries who can exploit those threats and advances with cybersecurity threats,
vulnerability, and risk management in DeFi. The main objective of this book is to
help readers understand the cyber threat landscape comprising different threat
categories that can exploit different types of vulnerabilities identified in DeFi. It
v
vi Preface
putsforwardprominentthreatmodeling strategiesbyfocusingonattackers, assets,
andsoftware.
SaintJohn,NB,Canada GurdipKaur
Toronto,ON,Canada ArashHabibiLashkari
Vancouver,BC,Canada ImanSharafaldin
Madrid,Spain ZibaHabibiLashkari
Introduction
Decentralized Finance (DeFi) is an emerging financial technology based on secure
distributed ledgers like those used by cryptocurrencies, including stablecoins, soft-
ware, and hardware that enables the development of applications. It is the most
significant and fastest-growing application of blockchain and smart contracts tech-
nology, with the ability to revolutionize the financial sector by offering
decentralized, blockchain-based alternatives to traditional financial services. How-
ever, the large amount of value invested in DeFi smart contracts also makes them
common targets of attack, and given the relative immaturity of the DeFi sector,
vulnerabilitiesarecommonplace.
This book presents an overview of the history of finance and the evolution of
decentralizedfinancealongwithsmartcontracts’historyandfundamentalbuilding
blocks.
Since decentralized finance infrastructures are the worst affected by cyber-
attacks,itisimperativetounderstandvarioussecurityissuesindifferentcomponents
of DeFi infrastructures and propose measures to secure all components of DeFi
infrastructures.Also,itbringsdetailedcybersecuritypoliciesandstrategiesthatcan
be used to secure financial institutions and recommendations to secure DeFi infra-
structuresfromcyber-attackssuchasDoubleSpendingAttack,FinneyAttack,Race
Attack,BalanceAttack,Long-RangeAttack,DDoSattack,andothers.
vii
Acknowledgement
AcknowledgementforallofthosefightingforWomen,Life,andFreedom.
ix
Contents
1 TheOriginofModernDecentralizedFinance. . . . . . . . . . . . . . . . . . 1
1.1 ABriefHistoryofFinance. . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 IntroductiontoFinTech. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.3 KeyProblemsofCentralizedFinancialSystem. . . . . . . . . . . . . . 6
1.4 IntroductiontoCrypto-BasedFinance. . . . . . . . . . . . . . . . . . . . 8
1.4.1 RootsofDeFi. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.4.2 ExamplesofDeFi. . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.4.3 AdvantagesofDeFiEcosystem. . . . . . . . . . . . . . . . . . . 11
1.5 Bitcoin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
1.5.1 CharacteristicsofBitcoinEcosystem. . . . . . . . . . . . . . . 14
1.5.2 HistoryofBitcoin. . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
1.6 SmartContract-BasedBlockchains.. . . . . . .. . . . . . .. . . . . . .. 15
1.7 Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
2 IntroductiontoSmartContractsandDeFi. . . . . . . . . . . . . . . . . . . . 29
2.1 HistoryofSmartContracts. . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
2.2 FundamentalsofSmartContracts. . . . . . . . . . . . . . . . . . . . . . . . 31
2.2.1 CreatingFirstSmartContract. . . . . . . . . . . . . . . . . . . . 33
2.3 TheOperationProcessofSmartContracts. . . . . . . . . . . . . . . . . 37
2.3.1 TechnicalOperationalProcess. . . . . . . . . . . . . . . . . . . 42
2.4 HowCanWeUseSmartContracts. . . . . . . . . . . . . . . . . . . . . . 44
2.5 BenefitsandProblemsofSmartContracts. . . . . . . . . . . . . . . . . 46
2.6 IntroductiontoDeFi. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
2.6.1 DeFiCharacteristics. . . . . . . . . . . . . . . . . . . . . . . . . . . 49
2.6.2 DeFivsCeFi. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
2.7 DeFiApplications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
2.7.1 DeFiExchanges. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
2.7.2 LendingPools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
2.7.3 Derivatives. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
xi
