DeFi真的是去中心化的吗？_虚拟币交易所平台,数字货币,NFT

10月最后一天，大家翘首以盼。翘首以盼的是，PlanB的神预言是否再次应验。大饼现在62k，距离预言63k相差不到1千。我曾说过，这个预测其实有个戏法儿障眼。这障眼的戏法儿就是，究竟是算收盘价、最高点还是最低点？有读者留言说是收盘价，可是我并没有看到他承认这一点。一个例证就是，10月20号大饼冲过63k的时候，他转推了自己的预言。转推的时候写上63k还打上了一个对勾，表示他认为预言已经兑现。

又看到DeFi丢币，又看到DeFi跑路。DeFi全称去中心化金融，号称链上自主运行。去中心化金融是去中心化，这听起来是一句废话。但是这样的分析命题，往往也是一个障眼法儿。

母鸡是母的吗？蓝天是蓝的吗？青山是青的吗？老汉是老的吗？美女是美的吗？去中心化金融是去中心化的吗？

蓝天是蓝色的。这就是一个分析命题（analytical proposition）。和综合命题（sythetical propostition）不同，分析命题不需要借助于对其他概念的理解，只需要对主词的含义进行分析，就可以得出宾词。分析命题的宾词对主词的含义没有增加，不提供新的。

如果我们说，不是所有的蓝天都是蓝色的，我们会觉得有点儿别扭。但是如果我们说，不是所有的DeFi（去中心化金融）都是去中心化的，却不仅不违和，而且是正确的。

事实上，很多的DeFi都是通过区块链上的智能合约来实现的。以最大的智能合约运行平台以太坊为例。智能合约被开发出来，部署到区块链上之后，其代码不能被改写，但是其状态却可以被外部账户控制。

比如，我们可以给合约设置一个或者一组管理员地址，这些管理员可以拥有各种预设的操纵合约的能力。比如我们熟知的USDT稳定币，在以太坊区块链上是一个ERC-20合约。那么这个合约，就设有管理账号，可以冻结任何一笔USDT款项。

对于大多数合约开发者来说，保留对合约的终极控制，预留一些诸如紧急暂停、紧急转移资产等后门函数，是业界非常普遍的做法。

当然，理由通常都是冠冕堂皇，而且可以理解的：合约代码不成熟，为了防止出现bug的时候把资产锁死，所以需要预留紧急转移功能。又或者是出于安全考虑，为了防止出现异常问题时用户资产丢失，所以我们保留了紧急刹车的功能。

这些“功能”，其实就是给控制者——往往是开发者或者项目方——留下的“后门”。

后门是把双刃剑。开发者可以用它来紧急处理一些未知问题。黑客可以利用它来窃取资产。项目方可以假装成被黑，监守自盗，转移资产之后跑路。

还有更高级的技术。我们可以使用代理调用机制，实现所谓可升级的合约。当我们对一个DApp授权之后，我们把钱包资产的控制权授予了代理合约。而代理合约实际执行的逻辑是它背后的另外一个合约。而这个逻辑合约却是可以替换的。

这样，最开始版本的软件一切正常。我们在钱包里对合约进行了放心的授权。这种授权通常是无上限的授权。

然后项目方升级了逻辑合约，悄悄转走了你钱包里所有的资产。或者，黑客窃取了项目方的权限，升级了合约，偷走了你钱包里所有的资产。又或者，项目方乔装打扮成黑客，装作是被黑客窃取了权限，偷走了你钱包里所有的资产。

几乎所有的DeFi应用，比如swap，比如二层的bridge，都要求你进行授权操作。

每一次授权都是打开了风险的大门。

经过所谓安全审计公司审计过的DeFi项目就安全吗？并不是。

审计公司只确保合约不存在一些低级的技术漏洞。但是对于合约是不是有预留的超级权限，以供中心化控制和管理，审计公司是不会提出异议的。

用一个技术梗的说法就是，中心化控制是一个feature（特性），而不是一个bug（问题）。

如果用严格的去中心化目光去审视目前市面上的DeFi项目，十之八九都不是真正彻底去中心化的，大多数都保留了一定的中心化控制的特性。

真正彻底的去中心化，则意味着如果代码出现了未预料到的漏洞，项目方可能也无计可施，因为他无法暂停合约的运行，或者紧急转移和保护资产，或者升级合约以修复问题。

不彻底的去中心化，则意味着黑客的窃取，里应外合，监守自盗，项目方跑路，等等中心化风险的全面蔓延。

保留中心化特性的DeFi，不啻为一种语意上的欺骗。

不能做到真正彻底去中心化的去中心化金融，就需要监管机构对于中心化风险的监管。这就是美国SEC提出要对DeFi加强监管的底层逻辑。

(公众号：刘教链。知识星球：公众号回复“星球”)
(免责声明：本文内容均不构成任何投资建议。加密货币为极高风险品种，有随时归零的风险，请谨慎参与，自我负责。)

On the last day of the month, people are eagerly awaiting whether God's prophecy will come true again. Now the difference between the prophecy and the prophecy is not more than a thousand. I have said that there is actually a trick in this prediction, which is to calculate whether the closing price is the highest or lowest. Some readers left a message saying that it is the closing price, but I didn't see him admit it. An example is that when the pie on the month passed by, he pushed his prophecy and put a check mark on it to indicate that he thought it was the prophecy. I've cashed in, but I've seen the money lost and I've seen the road running. Decentralized finance claims to run autonomously in the chain. Decentralized finance is decentralized. This sounds like nonsense, but such an analysis proposition is often a distraction. Is the hen a female? Is the blue sky blue? Is the castle peak green? Is the old man old? Is the beauty beautiful? Is decentralized finance decentralized? Is the blue sky blue? This is an analysis proposition and a comprehensive proposition. Different analysis propositions do not need to rely on the rationale of other concepts. The solution only needs to analyze the meaning of the subject, and it can be concluded that the object of the object analysis proposition does not increase the meaning of the subject and does not provide new ones. If we say that not all the blue sky is blue, we will feel a little awkward, but if we say that not all decentralized finance is decentralized, it is not only inconsistent but also correct. In fact, many of them are realized through smart contracts on the blockchain, taking the largest smart contract operating platform, Ethereum, as an example. After being developed and deployed on the blockchain, its code cannot be rewritten, but its status can be controlled by external accounts. For example, we can set an administrator address or a group of administrators for the contract. These administrators can have all kinds of preset abilities to manipulate the contract. For example, the well-known stable currency is a contract on the Ethereum blockchain, then this contract has an management account, which can freeze any sum of money. For most contract developers, the ultimate control over the contract is reserved. Some backdoor functions such as emergency suspension and emergency transfer of assets are very common in the industry. Of course, the reason is usually that the high-sounding and understandable contract code is immature. In order to prevent the assets from being locked when they appear, it is necessary to reserve the emergency transfer function, or for security reasons, in order to prevent the user's assets from being lost when there is an abnormal problem, we have reserved the emergency braking function. These functions are actually the back door for the controller, which is often the developer or the project party. It is a double-edged sword that developers can use to deal with some unknown problems urgently. Hackers can use it to steal assets. The project party can pretend to be guarded by hackers and steal assets, and then run away. There are more advanced technologies. We can use the proxy call mechanism to realize the so-called scalable contract. When we authorize an asset, we grant the control of the wallet to the proxy contract, and the logic of the actual execution of the proxy contract is another contract behind it, but this logical contract can be replaced. In this way, the initial version of the software is all right. We authorized the contract in our wallet with confidence. This authorization is usually unlimited. Then the project party upgraded the logical contract and quietly transferred all the assets in your wallet. Or the hacker stole the project party's permission, upgraded the contract and stole all the assets in your wallet. Or the project party disguised as a hacker and pretended that the hacker had stolen the permission and stole almost all the assets in your wallet, such as the second floor. You are required to carry out authorization operation. Every authorization opens the door to risks. Is the project audited by the so-called security audit company safe? It is not that the audit company only ensures that there are no low-level technical loopholes in the contract, but the audit company will not raise any objection to whether the contract has reserved super authority for centralized control and management. It is said that centralized control is a feature rather than a problem with a strict decentralized eye. At present, nine times out of ten projects on the market are not really completely decentralized, and most of them retain certain characteristics of centralized control. Really thorough decentralization means that if there are unexpected loopholes in the code, the project party may have nothing to do, because he can't suspend the operation of the contract or urgently transfer and protect assets or upgrade the contract to fix the problem. Incomplete decentralization means that hackers steal from inside, and the project party runs away, and so on. It is a kind of semantic deception to spread all-round and retain the centralized characteristics. Decentralized finance can't be truly and completely decentralized, which requires the supervision of centralized risks by regulatory agencies. This is the bottom logic that the United States proposed to strengthen supervision. WeChat official account Liu Jiaolian knowledge planet WeChat official account replied to the planet disclaimer. Nothing in this article constitutes any investment suggestion. Cryptographic currency is a very high-risk variety with the risk of returning to zero at any time. Please be careful to participate in self-responsibility. 比特币今日价格行情网_okx交易所app_永续合约_比特币怎么买卖交易_虚拟币交易所平台

注册有任何问题请添加 微信：MVIP619 拉你进入群

文章转载注明 网址：https://netpsp.com/?id=47884