a16z Crypto senior security researcher Daejun Park wrote an article calling for DeFi protocols to shift from "code is law" to "specification is law," adopting a more principled security approach. The specific method is to hardcode security guarantees through standardized specifications and invariant checks, automatically reverting transactions that violate predefined rules. Park pointed out that almost all known vulnerabilities would trigger such checks, which are expected to prevent hacker attacks during execution.

According to a Slowmist report, hackers stole over $649 million through code vulnerabilities last year. Even the long-established protocol Balancer, which has been running since 2021, lost $128 million last November due to a code vulnerability. Developers are concerned that hackers are increasingly using AI to find vulnerabilities.

The head of security at Immunefi noted that invariant checks increase gas costs, which may drive away users and are not a cure-all. The co-founder of Asymmetric Research stated that many vulnerabilities are difficult to write invariant rules that can detect attacks without false positives.