Authored by: Beosin
Decentralized finance (DeFi) has created a thriving, open new financial ecosystem through smart contracts since the last DeFi Summer. However, as DeFi develops, many DeFi protocols have become increasingly complex, and the knowledge threshold required to understand the relevant protocols has also become higher. This makes it difficult for many ordinary users to clearly understand the protocol risks and interact with DeFi protocols safely.
From the end of 2024, AI Agent has become a hot topic in the on-chain ecosystem. The combination of DeFi and AI (DeFai) is trying to innovate the DeFi track: ordinary users can simplify the interaction process of DeFi through AI and optimize their trading decisions, transforming DeFi into a more user-friendly, intelligent, and efficient financial ecosystem. In this article, Beosin will introduce the operation mode of DeFai and the security challenges it faces, providing users with a clearer understanding of the risks.
DeFai technical architecture
In the blockchain, AI Agent can act as an intermediary interface between users and DeFi protocols, replacing users to interact with smart contracts, handling complex contract calls, without the need for users to continue manual operation. By studying DeFai projects in the market, we divide the architecture of such projects into the following key components:
- Account Management
1.1 Smart Account (ERC-4337)
Traditional EOA accounts do not separate asset custody from transaction signing - the same account holding funds must sign each transaction. Smart accounts following ERC-4337 separate asset custody from transaction authorization through programmable verification logic, allowing safe delegation of AI Agent for transaction execution while keeping the account non-custodial.
When users interact with such DeFai systems, the system will create a smart account associated with the user’s own EOA account. This smart account is fully owned and controlled by the user and performs complex transactions on behalf of the user.
1.2 Multi-Signature Threshold (MPC-TSS)
For non-fully autonomous DeFai applications, MPC-TSS can split the keys between AI Agent, user, and trusted third party, while the user can still maintain a certain level of control over the AI Agent.
1.3 Trusted Execution Environment (TEE)
For fully autonomous AI systems, TEE provides a secure solution by storing private keys in a secure encrypted environment, allowing the AI Agent to execute transactions on behalf of users in a trusted and protected environment without interference from third parties.
Each of the above three solutions has its own advantages and disadvantages. Smart account and MPC solutions are secure and controllable, but their operations are limited by predefined rules and permissions. TEE solution offers higher flexibility, but requires the project party to solve hardware-level issues.
- Decision Execution Module
This module acts as an interface between AI Agent and the DeFi ecosystem, interacting with external protocols through a standardized abstraction layer, converting market data and user instructions into actionable blockchain transactions.
This process involves multiple stages:
The first phase is data aggregation, in which the AI Agent needs to process information continuously coming from on-chain data, DeFi protocols, and the market. This data needs to be processed and input into the module in a standardized format.
Read contract data
The second stage is evaluation and decision-making. The system can identify opportunities that meet user goals based on the data from the first stage, combined with traditional financial algorithms and AI, such as the APR prediction system and event-driven Meme token trading system. This helps the AI Agent optimize the timing of positions and the selection of trading targets.
In the third stage, the AI Agent will convert previous decisions and user instructions into specific on-chain operations. These operations have specified exact transaction parameters (contract address, token amount, etc.), as shown in the following figure:
Create Uniswap V3 liquidity pool
- Risk Management Module
For the DeFai protocol, developers need to implement multiple layers of protection to ensure the security of user funds and reduce risks in the process of earning DeFi rewards. This risk module should run 24/7, taking into account factors such as the security of smart contracts of different DeFi protocols, governance risks, liquidity risks, price impacts, volatility, and historical reliability.
For users, DeFai allows users to efficiently interact with multi-chain DeFi ecosystems without needing to research the specific details of each chain, protocol, and ecosystem.
Security Risk
The construction of DeFai is based on existing DeFi protocols, so in addition to the system risks of the DeFai protocol itself (account management, risk control management), users also need to pay attention to the following potential security risks when using DeFai to manage encrypted assets:
- Market Risk
Trading slippage/MEV attack
When the AI Agent exchanges tokens in the liquidity pool or provides liquidity for AMM, there may be a significant slippage in token exchange or LP creation due to liquidity issues in the original pool, or be attacked by MEV robots, causing trading losses. Here is a case where a user lost about $210,000 when exchanging USDC for USDT due to MEV attacks:
Liquidity risk
During periods of significant market volatility, DeFi protocols (especially lending protocols) may experience limited liquidity, potentially impacting user deposits or withdrawals.
- Protocol Risk
Smart Contract Risks
Every DeFi protocol interacting with the AI Agent operates based on smart contracts, which may contain undiscovered vulnerabilities. DeFi protocols should undergo thorough security audits to enhance their security as much as possible.
Beosin has completed security audits for multiple AI Agent and DeFai projects, such as Cult World and Tars AI. The audits cover various aspects including the security of smart contract code, the correctness of business logic implementation, contract code gas optimization, discovery and repair of potential vulnerabilities, etc., to help secure the development of the AI+Web 3 ecosystem.
Protocol Design Risk
The operational mechanism and economic model of the DeFi protocol may result in defaults or other unexpected outcomes under extreme market conditions, leading to user asset losses.
The recent liquidation of HyperLiquid has resulted in a loss of about 4 million US dollars for the protocol treasury and its providers. The flaw lies in the fact that the project party did not fully consider the maintenance margin and maximum leverage of large positions. Arbitrageurs/attackers exploited high leverage to force liquidation, with the protocol’s treasury bearing the loss from the forced liquidation.
Oracle Risk/Price Manipulation
DeFi protocols may rely on manipulated or technically flawed oracle feed prices, leading to incorrect price information, as in the case of Polter Finance, which lost over 7 million USD. This DeFi project relies on the token reserves of the easily manipulated UniswapV2 Pair for price calculations. Hackers inflated the project token price through flash loans, lending out assets far exceeding their collateral value.
Summary
With the continuous development of DeFai, decentralized finance will enter a more user-friendly, intelligent, and efficient new stage. The deep integration of AI in the DeFi field will greatly simplify user interaction processes, optimize risk management, and achieve a seamless on-chain interaction experience. In this stage, both experienced DeFi players and DeFi novices can easily obtain on-chain information, manage assets, and securely execute various on-chain operations with the help of DeFai tools.
At the same time, the security risks of the DeFai system cannot be ignored: the management of account private keys, risk control in executing transactions, and third-party risks of various DeFi protocols all affect the security of user assets. Users should choose DeFai projects that have undergone rigorous audits and market testing to minimize financial risks.
