a16z Crypto calls for DeFi to shift from "code is law" to "regulation is law" to address the vulnerability crisis

a16z Crypto senior security researcher Daejun Park published an article calling for DeFi protocols to shift from "code is law" to "norms are law," adopting a more principled approach to security. The specific approach involves hardcoding security guarantees through standardized norms and invariant checks, automatically reverting transactions that violate predefined rules. Park pointed out that almost all known vulnerabilities would trigger such checks, potentially preventing hacker attacks during execution.

According to a Slowmist report, hackers stole over $649 million last year through code vulnerabilities. Even established protocols like Balancer, which has been running since 2021, lost $128 million last November due to a code vulnerability. Developers are concerned that hackers are increasingly using AI to find vulnerabilities.

Immunefi's security chief noted that invariant checks would increase gas costs, potentially driving away users, and are not a panacea. The co-founder of Asymmetric Research stated that many vulnerabilities are difficult to write invariant rules that can detect attacks without false positives.