Head of Product at Composable Finance Explains How to Address Potential Vulnerabilities with Blockchain based Smart Contracts

We recently caught up with Brainjar, Head of Product at Composable Finance, which is described as a “hyper liquidity” infrastructure layer for decentralized finance (DeFi) assets that are being powered by Layer-2 Ethereum and Polkadot.

Brainjar talked about issues with existing smart contracts and how to ensure the highest level of security when building and deploying decentralized applications (dApps). He also discussed what Composable Finance aims to offer to the DeFi space while sharing their plans for next year.

Our conversation is shared below.

Crowdfund Insider: What measures need to be taken to ensure that smart contract code has been written properly?

How can we prevent more damaging exploits such as those of ThorChain and Poly Network?

Brainjar: The most important component of a fledgling bridging solution is the level of decentralization the bridging solution has. Thorchain and Poly Network both had solutions that, while scalable, heavily relied on off-chain workers, and infrastructure.

As a result, they were far more centralized solutions than those in DeFi strive to be. Our solution, however, is incredibly decentralized, particularly when compared to these other networks that experienced exploits. This comes from the fact that it is rooted to the finality layer of the parachain, ensuring no central authority maintains control and makes the protocol vulnerable at this point of attack.

Further, we strive for a change in culture: Discussion, whiteboarding, and no outsourcing. We will implement loads of testing and fuzzing (it is quite uncommon in crypto to fuzz). Composable also regularly works together with auditors, not just immediately before launch while in a time crunch. Finally, we can implement failsafes through councils, in the event that something does go wrong.

Crowdfund Insider: What are the main products and services that Composable Finance aims to offer?

And how will these solutions be integrated into the existing decentralized finance (DeFi) ecosystem?

Brainjar: Our cross-chain virtual machine (VM) is the core product offered by Composable Finance. This tool allows different ecosystems to collaborate and interact directly with each other, further allowing decentralized applications to directly interact as well. This solution can be used in any number of contexts, which we make accessible to developers through our software development kit (SDK) in addition to allowing users to interact directly via our own cross-ecosystem asset transferral system, Mosaic.

Presently, we have successfully integrated with the Ethereum mainnet, a number of scaling and layer 2 solutions (Arbitrium, Avalanche C-Chain, Polygon, and Fantom), as well as Moonriver, a Kusama project which allows us a connection to the Polkadot ecosystem. Our ultimate goal is to unite all existing DeFi ecosystems, which are presently quite siloed across different layers and blockchains.

Our parachain solution also leverages this technology, in addition to the advantages of parachains. Picasso is our parachain solution, built on Kusama, Polkadot’s canary network. Parachains offer enhanced interoperability and security over traditional blockchain structures, and thus are incredibly highly sought after.

However, this makes them very difficult to access and build on, in addition to the lack of developer tools on this platform. Picasso will offer built-in Substrate “pallets” (building blocks) of all important DeFi components, allowing developers to compose highly effective, innovative financial tools that provide users with an optimized experience within the Polkadot network.

These pallets currently include Apollo (our MEV-resistant oracle pallet) and Cubic (our vaults pallet that introduces vault infrastructure to Polkadot), and will also include a number of user-generated, user-governed pallets as well.

We will provide incubation and grants for other projects leveraging our technologies (i.e. building on Mosaic or Picasso) through Composable Labs, our experimental testing arm.

Crowdfund Insider: Auditing of smart contracts and ensuring that they run as intended, without any technical or security problems, has not been an easy task to accomplish.

How can we address these issues as an industry?

Brainjar: The overall mission of DeFi is to be participatory and to put financial control back into the hands of the users. We believe that users can also take a role in the security of protocols, and gain from their contributions financially, via bug bounties. We will implement these for all of our coding, and will promote these as an industry standard. If users are incentivized to find issues in our code BEFORE these issues can be exploited, we can prevent significant issues from occurring.

We also believe that there should be a change of developer tools, with more strict languages, that have better abstractions and libraries. For example, Rust and ink! offer vast improvements over Solidity. Further, we think there should be a greater industry focus on releasing projects when ready; we developers are under high pressure in the most competitive industry, but cannot be led by that.

Crowdfund Insider: The future of finance appears to be headed into a world where we may not require intermediaries to settle monetary transactions.

However, the highly technical nature of many so-called DeFi platforms make it difficult for the average person to start using such services.

What can we do to make crypto and blockchain-related services more secure and user-friendly?

Brainjar: We believe that many of these services are actually very simple to use, with great UX. However over time, we users have been convinced by banks and big tech into no longer thinking about consequences. Crypto gives us back the power, but with great power comes responsibility. Users still believe that they are playing in this sandbox, the same sandbox that tech and tradfi has put them in.

However, we still strive to make this experience even more streamlined and accessible for users. To do so, we have a design team that specializes in creating user-friendly interfaces for DeFi protocols, something that most platforms do not have; instead, they often rely upon generalized designers and UI/UX teams that do not have experience specifically working in DeFi. Our team has worked on a multitude of other DeFi projects’ UI/UX, and everything is intentionally built to be simple and accessible.

Our entire focus as a company is to improve the user experience – namely, through interoperability. Essentially, we allow users to navigate through other platforms more easily, enabling transfers between these systems all via our singular interface. This itself makes DeFi more accessible and streamlined for the user.

Crowdfund Insider: What are your plans as a project as we begin to head into 2022?

Brainjar: We are continuing to bid for a parachain for our solution on Polkadot, and aim to begin bidding in Polkadot parachain auctions once they launch. We are also developing a multitude of other pallets to join Apollo and Cubic, in addition to opening up grants programs for others to develop pallet projects using our technology, to be implemented into our parachain. We are continuing to expand our Mosaic cross-ecosystem asset transferal system, adding new chains and scaling solutions to work towards our goal of uniting the entirety of the DeFi space.

We are also releasing our software development kit (SDK) to allow other projects to benefit from the infrastructure we have devised. We are also creating grants programs and incubating our own sub-projects that utilize our cross-layer, cross-chain infrastructure to provide novel benefits to DeFi users. Finally, we are preparing for the launch of our governance and utility token, LAYR.