Custody
Custody is used to describe who holds (or maintains custody) of your assets. Most services fall into two buckets: custodial or non-custodial.
Custodial solutions can be highlighted by exchanges such as Coinbase or Binance. This means that although there is an “account balance”, the totals seen on the asset overview are merely numbers on a screen, credited by the true owner, the exchange provider.
While custodial solutions often make for fast, visually appealing experiences, in the event of tragedy (like the Mt. Gox hack), assets will be locked in the exchange wallets and most likely, gone forever.
On the opposite side of the spectrum, we have non-custodial solutions – or services in which the provider does not maintain ownership over the assets passing through the platform. Non-custodial solutions like Uniswap or dYdX generally involve the usage of smart contracts, in which assets are locked and transferred using autonomous code rather than by human actors.
While assets may be represented by proxies when using specific non-custodial services, users always retain the ability to redeem or withdraw the original collateral back at their convenience, without human interaction needed.
In practice, non-custodial solutions put the end-user entirely in control of their own destiny. While there is no longer a need to worry about losing funds if an exchange is hacked, if a user loses their private keys, those funds are gone forever.
Most of the popular solutions the average individuals come across on their journey through the blockchain landscape starts with a custodial solution. As users become more advanced, non-custodial solutions unlock niche services that truly inherit the trustless nature that many blockchain solutions were built on.
There’s nothing *wrong* with custodial solutions, but please be sure to take note of who owns the assets in any given solution and as always, be sure to participate at your own risk.
Smart Contract Audits
With the large majority of DeFi applications being heavily reliant on complex smart contracts to function smoothly, audits are crucial. Smart contract audits consist of an unbiased third-party reviewing every line of code to identify bugs, vulnerabilities and bottlenecks.
Famously highlighted by the DAO hack of early 2016, unaudited smart contracts can lead to major setbacks, including the loss of funds, manipulation of the system or the permanent shutdown of a once viable company.
There are many companies built specifically for smart contract auditing. Some of the more well-known providers include OpenZepplin, Quantstamp and Blockgeeks.
While it is important to ensure that the quality of the team auditing a contract is reputable, it’s even more important to check if the smart contracts have been audited at all. Regardless of if a project has the most amazing sales pitch you’ve ever heard, without at least one audit report, it’s difficult to know (as an average user) if the system can be trusted.