Bitcoin is a better solution for decentralized finance than most think.
With the highest and most distributed proof-of-work base, Bitcoin is a natural fit for decentralized financial applications where security through immutability (or determinism) is imperative.
**Mining hashrate **is a key security metric. The more hashing (computing) power in the network, the greater its security and its overall resistance to attack. Although Bitcoin’s exact hashing power is unknown, it is possible to estimate it from the number of blocks being mined and the current block difficulty.
The hashing power is estimated here is derived from the number of blocks being mined in the last 24h and the current block difficulty. (Given the average time T between mined blocks and a difficulty D, the estimated hash rate per second H is given by the formula H = 2 32 D / T)
Arguably more important than the overall hashrate, is the hashrate distribution. The hashing power behind bitcoin is largely distributed amongst a number of mining pools across the globe.
A mining pool is a group of miners who share their computing power over a network and get rewarded based on the amount of power each contributes as opposed to whether or not the pool finds a block.
Mining pools help make revenue for miners more predictable. Huge drops in weekly numbers could highlight that some mining pools are either being turned off or they have decided to mine other currencies. If a mining pool were to control more than half of the total hashrate, it could (while unlikely) lead to a 51% attack on the network.
Over the past 3 years, the dominance of various mining pools has shifted over time —with the “others” category experiencing the most growth. In my opinion, this shift away from centralized pools indicates a healthy increase in the competitiveness of the SHA256 hashrate market.
The combined dominance of the bitcoin hashrate and marketcap (and the relatively safe distributions amongst miners and hodlers) lead to unique crypto-economic security guarantees around the bitcoin blockchain which cannot be said of all other chains.
EVM vulnerabilities for complex DeFi contracts
Turing complete smart-contracts create a number of security holes for smart-contract developers.
Although gas fees are implemented to ensure halting of operations, there are a number of issues that arise for ethereum contracts, especially complex ones used for decentralized finance.
These vulnerabilities are laid out cogently in this blog post from Jude Nelson, https://blog.blockstack.org/bringing-clarity-to-8-dangerous-smart-contract-vulnerabilities/, which outlines the root cause of major exploits that lead to the Parity hack, DAO hack and others.
While many of these exploits now have work-arounds, the main issue is the structure of the language, its compilation, and open-endedness. This lack of “bounds” makes it difficult to formally verify the security of smart-contracts
As stated in this DASP Post,
“Ethereum is still in its infancy. The main language used to develop smart contracts, Solidity, has yet to reach a stable version and the ecosystem’s tools are still experimental. Some of the most damaging smart contract vulnerabilities surprised everyone, and there is no reason to believe there will not be another one that will be equally unexpected or equally destructive. As long as investors decide to place large amounts of money on complex but lightly-audited code, we will continue to see new discoveries leading to dire consequences. Methods of formally verifying smart contracts are not yet mature, but they seem to hold great promise as ways past today’s shaky status quo.”
‍Alternatively, some projects, like Blockstack’s Clarity language, have focused on formal verification, bounds, and standards. As the decentralized finance space matures and increases in value, this will likely become increasingly important to create building blocks of standard defi contracts.