Decentralized Finance (DeFi) Since the last round of DeFi Summer, it has created a prosperous and open new financial ecosystem through smart contracts. However, with the development of DeFi, many DeFi protocols have become more and more complex, and the knowledge threshold required to understand related protocols is getting higher and higher, which makes it difficult for many ordinary users to clearly understand the protocol risks and safely interact with DeFi protocols.

Since the end of 2024, AI Agent has become a hot spot in the on-chain ecosystem. The combination of DeFi and AI (DeFai) is trying to innovate the DeFi track: ordinary users can simplify the interactive process of DeFi and optimize their transaction decisions through AI, transforming DeFi into a more user-friendly, intelligent and efficient financial ecosystem. In this article, Beosin will take you to understand how DeFai operates and the security challenges it faces, and provide users with a clearer risk awareness.

DeFai technology architecture

In blockchain, AI Agent can serve as an intermediate interface between users and DeFi protocols, instead of users interacting with smart contracts, and dealing with complex contract calls without the user's continuous manual operations. By studying DeFai projects in the market, we divide the architecture of such projects into the following key components:

1.1 Smart Account (ERC-4337)

Traditional EOA accounts do not separate asset custody from transaction signatures—the same account with funds must sign each transaction. Smart accounts that follow ERC-4337 separate asset custody and transaction authorization through programmable verification logic, so that AI Agent transactions can be safely entrusted, while keeping the account non-custody.

When a user interacts with such a DeFai system, the system creates a smart account associated with the user's own EOA account. This smart account is entirely owned and controlled by the user and performs complex transactions on behalf of the user.

1.2 Multi-sign threshold (MPC-TSS)

For non-completely autonomous DeFai applications, MPC-TSS can split the keys between the AI ​​Agent, the user and the trusted third party, while the user can still maintain a certain degree of control over the AI ​​Agent.

1.3 Trusted Execution Environment (TEE)

For fully autonomous AI systems, TEE provides a security solution to store the private keys in a secure encryption environment, allowing the AI ​​Agent to execute transactions on behalf of the user in a trusted, protected environment without interference from third parties.

The above three solutions have their own advantages and disadvantages. Smart accounts and MPC solutions are safe and controllable, but operations are limited by predefined rules and permissions. The TEE solution has higher freedom, but the project party needs to solve hardware-level problems.

This module acts as an interface between the AI ​​Agent and the DeFi ecosystem. It realizes interaction with external protocols through a standardized abstraction layer, and converts market data and user instructions into operable blockchain transactions.

This process involves multiple stages:

The first stage is data aggregation, where AI The Agent needs to process information continuously from on-chain data, DeFi protocols and markets. These data need to be processed and passed into the module in a standardized format.

Read contract data

The second phase is to evaluate decisions. The system can combine traditional financial algorithms and AI based on the data in the first phase to identify opportunities that meet user goals, such as the APR prediction system, event-driven Meme token trading system. This helps the AI ​​Agent optimize the position timing and the choice of trading targets.

The third phase, AI Agent converts previous decisions and user instructions into specific on-chain operations, which have specified exact transaction parameters (contract address, token number, etc.), as shown in the figure below:

Create Uniswap V3 flowSex Pool

For the DeFai protocol, developers need to implement multi-layer protection to ensure the security of user funds and reduce the risks in the process of obtaining DeFi returns. This risk module should continue to operate on 7/24, and factors such as smart contract security, governance risks, liquidity risks, price impact, volatility and historical reliability of different DeFi protocols are included in the scope of consideration.

For users, DeFai allows users to efficiently interact with the multi-chain DeFi ecosystem without studying the specific details of each chain, protocol and ecosystem.

DeFai is built on the existing DeFi protocol. Therefore, in addition to the system risks of the DeFai protocol itself (account management, risk control management), users should also pay attention to the following possible security risks when using DeFai to manage crypto assets:

Trading slippage/MEV attack

When the AI ​​Agent performs token exchange or AMM market making in the liquidity pool, when token exchange or creates LP, a relatively large trading slippage may occur due to liquidity problems of the original pool, or be attacked by MEV robots, causing transaction losses. The following are cases where a user suffered a loss of approximately US$210,000 when he was attacked by a MEV when using USDC to exchange USDT:

Liquidity risk

During periods of large market volatility, the liquidity of the DeFi protocol (especially lending agreements) may be restricted, which may affect the user's deposit or withdrawal operations.

Smart contract risk

Each DeFi protocol that AI Agent interacts operates based on smart contracts, and the contract may have undiscovered vulnerabilities. The DeFi protocol should undergo detailed security audits to improve the security of the protocol as much as possible.

The operating mechanism and economic model of the DeFi protocol may cause bad debts or other unexpected results under extreme market conditions.Causing damage to users' assets.

The recent liquidation incident of HyperLiquid has caused the providers of the agreement vault and the vault to lose about US$4 million. The drawback is that the project party has not carefully considered the maintenance margin and maximum leverage of large holdings. The arbitrager/attacker uses high leverage to penetrate the position, while the agreement's vault bears the loss of the position.

Original Risk/Price Manipulation

DeFi protocol may rely on oracle feeding prices that are manipulated or encountered technical problems, resulting in errors in price information. For example, the previous Polter Finance incident that lost more than $7 million, the DeFi project relies on token reserves of UniswapV2 Pair that are easily manipulated for price calculations. Hackers push up the price of the project token through Lightning loans and lend assets that far exceed the value of its collateral.

With the continuous development of DeFai, decentralized finance will enter a new stage of more user-friendly, intelligent and efficient. The deep integration of AI in the DeFi field will greatly simplify user interaction processes, optimize risk management, and achieve a seamless on-chain interactive experience. At this stage, whether senior DeFi players or DeFi novices can easily obtain on-chain information, manage assets, and safely perform various on-chain operations with DeFai tools.

At the same time, the security risks of the DeFai system cannot be ignored: account private key management, risk control of execution of transactions, and third-party risks of various DeFi protocols are all affecting the security of users' assets. Users should choose DeFai projects that have been strictly audited and market-tested to minimize funding risks.