Circuit breaker debate highlights DeFi's evolution away from decentralization, says Andre Cronje
Andre Cronje of Flying Tulip argues circuit breakers provide critical response time during unusual withdrawal activity, though Curve's Michael Egorov cautions about introducing additional human-related risks.
In a stark assessment of the current state of decentralized finance, Andre Cronje has declared that much of the DeFi ecosystem "no longer DeFi" when measured against strict definitions, as developers engage in heated discussions about implementing circuit breakers and emergency controls to safeguard users against exploits.
In a conversation with Cointelegraph, the founder of Flying Tulip explained that numerous protocols have abandoned their status as immutable public goods, transforming instead into "teams running for-profit businesses" that feature upgradeable contracts, offchain infrastructure components and operational oversight mechanisms.
According to Cronje, this transformation fundamentally alters the security paradigm. The earliest DeFi protocols operated with mostly immutable smart contracts as their foundation, but contemporary systems frequently rely on proxy upgrade mechanisms, multisignature wallets, infrastructure service providers, administrative procedures and human intervention teams.
"I think what we have today, Flying Tulip included, is no longer DeFi. It's not decentralized finance. It's not immutable code. It's teams running for-profit businesses."
Andre Cronje
These observations emerge following April's wave of DeFi exploits, which have elevated security discussions beyond the traditional scope of smart contract audits and into the realm of operational risk management. Flying Tulip introduced a withdrawal circuit breaker mechanism on Thursday, engineered to delay or queue user withdrawals when abnormal outflow patterns are detected. This implementation comes on the heels of significant security incidents affecting decentralized exchange Drift Protocol and restaking platform Kelp, with preliminary damage assessments indicating losses of approximately $280 million and $293 million, respectively.
DeFi risks move beyond smart contracts
Cronje pointed out that the industry maintains its heavy emphasis on security audits even as many platforms can be modified by development teams or governed through administrative control structures.
"The focus over all of the industry is still very much so on the contract side and not sort of the more TradFi side."
Andre Cronje
In his interview with Cointelegraph, Cronje elaborated that numerous recent security breaches have involved "traditional Web2 stuff" including infrastructure access vulnerabilities, system compromises and social engineering attacks.
According to his assessment, protocols utilizing upgradeable contract architectures require traditional governance frameworks and oversight mechanisms that address who possesses the authority to upgrade code, who grants approval for modifications and whether adequate timelocks and multisignature controls are in place.
Michael Egorov, founder of both Curve Finance and Yield Basis, echoed the assessment that recent security incidents demonstrate how risks are increasingly connected to centralization factors and offchain dependencies rather than exclusively smart contract vulnerabilities.
"The vast majority of the most recent DeFi exploits happened not due to errors in code. They happened because of centralization risks — single points of failure which live off-chain."
Michael Egorov
Egorov emphasized that in the recent rsETH incident, the smart contracts of Aave, Kelp and LayerZero were not compromised, maintaining that the breach originated from offchain infrastructure components. He characterized DeFi protocols as potentially vulnerable to "a whole tree of risks," with the most significant threats often stemming from human elements rather than code deficiencies.
Circuit breakers divide DeFi builders
According to Cronje, Flying Tulip's circuit breaker mechanism is not intended to permanently halt withdrawals, but rather to establish a response timeframe when outflows surpass normal operational parameters. "Our circuit breaker isn't actually designed so that we can stop or prevent anything from happening," he explained. "It's to give us time to react."
The Flying Tulip implementation provides the team with approximately six hours for response, though Cronje acknowledged that smaller teams or those with less geographic distribution may require 12 to 24 hours, or potentially longer periods. He characterized the mechanism as appropriate for contracts that maintain custody of user funds, but emphasized it should be understood as one defensive layer alongside audits, distributed multisignature controls, timelocks and additional security measures.
"Security is always a layered approach. It's never a 'this is the one thing' that makes you invulnerable."
Andre Cronje
Egorov expressed a more reserved perspective on the matter. He acknowledged that circuit breakers can be theoretically sound, but only when implemented in a manner that avoids introducing a new privileged attack vector. "The circuit breakers are controlled by humans, which means they could become a potential vulnerability themselves," Egorov explained to Cointelegraph.
He raised concerns that if emergency control mechanisms permit signers to modify contract code or halt withdrawals, compromised signers could transform the protective measure into a fund draining mechanism or a centralized freezing tool. From his perspective, the optimal long-term solution involves designing systems capable of maintaining safe operation without requiring manual intervention.
"The goal of DeFi design should be to minimize human-centric points of failure, not add to them. DeFi needs to be safe, and safety comes from decentralization."
Michael Egorov
Standard Chartered says Kelp episode shows DeFi resilience
Standard Chartered characterized the Kelp incident as evidence of DeFi's developmental challenges rather than representing a catastrophic systemic failure.
In a research note dated Wednesday and reviewed by Cointelegraph, the banking institution stated that the April 18 theft revealed systemic vulnerabilities after the impact cascaded to Aave, but noted that the more than $300 million secured by the DeFi United coalition alongside structural improvements such as Aave V4 and the Ethereum Economic Zone indicate the sector is building more robust defensive capabilities.
According to the bank's analysis, these protocol upgrades have the potential to diminish dependence on bridge technologies, which it identified as a significant attack vector in recent cryptocurrency security breaches.