Meet the Top 101 in Crypto
Home / Education / Crypto / Interview / Certora’s Tomer Ganor on DeFi Security, Formal Verification and Governance Risk
Interview
Complexity Icon Easy
5 min read

Certora’s Tomer Ganor on DeFi Security, Formal Verification and Governance Risk

Published 04 June 2026
Giuseppe Ciccomascolo
Authors
By Giuseppe Ciccomascolo
Edited by Dr. Guneet Kaur
Interview with Tomer Ganor
Certora’s Tomer Ganor discusses DeFi security, governance risks, formal verification and AI generated vulnerabilities across blockchain ecosystems. | Credit: CCN.com

Key Takeaways

  • Formal verification catches vulnerabilities traditional audits often miss.
  • Many DeFi security flaws exist before smart contract code is written.
  • AI could initially increase vulnerable code across crypto markets.
  • Continuous security practices are becoming essential for DeFi protocol.

As decentralized finance grows more interconnected and institutional participation expands, security is becoming one of the industry’s defining challenges. Exploits linked to governance failures, flawed economic design and cross chain integrations continue to expose vulnerabilities across blockchain ecosystems, forcing developers to rethink how protocols are designed and maintained.

To explore this further, CCN’s Giuseppe Ciccomascolo interviewed Tomer Ganor, Research Lead at Certora, about formal verification, smart contract security, governance risk and the future impact of artificial intelligence on blockchain development. Ganor argued that many vulnerabilities emerge long before code is written and warned that the industry still underestimates the importance of continuous security practices.

Formal Verification Helps Detect Vulnerabilities Audits Often Miss

Ganor said formal verification provides a significant advantage in identifying mathematical vulnerabilities and edge case failures that traditional audits can overlook.

“Formal verification has a very big advantage of catching mathematical bugs or bugs that have a lot of edge cases that it’s very hard for humans to reason about,” he said.

According to Ganor, developers reviewing their own code often unconsciously convince themselves that systems are functioning correctly, while automated verification tools evaluate all possible inputs without assumptions.

“The tools don’t really care about that,” he said. “You check all of the different inputs so you don’t even need to think about them.”

Protocol Design Determines Security Before Code Exists

Drawing from his experience working with major decentralized finance protocols including Aave and Lido, Ganor said many vulnerabilities originate during protocol design rather than during implementation.

“I was able to find a lot of bugs in the protocol without even seeing the code,” he said.

Ganor explained that design reviews often expose flaws in how systems behave under stress scenarios or unexpected failures long before developers begin writing smart contracts.

“There are a lot of bugs that exist before the code is being written,” he said.

Ethereum Maintains Strongest Blockchain Security Ecosystem

Asked which blockchain ecosystem currently demonstrates the strongest security culture, Ganor pointed to Ethereum and the broader EVM ecosystem because of its maturity and depth of experience.

“We have seen so many attacks, so many different primitives, so many unique attack paths,” he said.

He noted that non EVM chains such as Solana and Sui are not inherently less secure, but they currently operate with smaller security research communities and less historical experience.

“It’s not because they are less good,” Ganor said. “It’s just because they have less experience and everyone has less experience there.”

Composability Expands Security Risks Across DeFi

Ganor described composability as one of decentralized finance’s most valuable features, while also acknowledging that interconnected systems amplify security risks when trust assumptions are poorly designed.

“Composability is very important, but we need to do it correctly,” he said.

According to Ganor, many protocols still rely on excessive permissions, unrestricted admin controls or weak governance structures that expose users to unnecessary risks.

“Maybe you don’t have to give them all of the permissions,” he said. “Maybe we can add a time lock.”

Artificial Intelligence Could Initially Increase Security Failures

Ganor warned that artificial intelligence tools may initially worsen blockchain security by enabling developers to release vulnerable code faster.

“At the start, I think it will help developers ship vulnerable code faster,” he said.

He argued that developers who rely too heavily on generated code lose the intuitive understanding of systems that often helps identify flaws during development.

“When a person does it, they know something is off,” Ganor said. “If you do it with AI, we just don’t have this feeling.”

Continuous Verification Becoming Essential for DeFi Protocols

Ganor said decentralized finance protocols can no longer treat audits as isolated events because attackers continuously evolve their methods over time.

“Continuous security is a must,” he said. “Whoever will not adopt this, they will get hacked.”

He noted that even battle-tested protocols remain vulnerable because attackers operate without time limitations and constantly develop new exploit strategies.

“The attackers are in the future,” Ganor said. “They have better tools and better ways to attack the protocols.”

Governance Risk Still Underestimated Across Crypto Industry

Ganor argued that governance structures can become major attack surfaces when protocols fail to implement safeguards such as time locks, withdrawal protections or decentralized veto mechanisms.

He pointed to Lido’s dual governance model as an example of how users can retain protection against harmful governance proposals.

“It lets users veto bad proposals and delay them until they exit the protocol,” he said.

According to Ganor, governance risk should not become a security issue if systems are designed correctly from the beginning.

“If the design is correct, governance should not have any effect on the security,” he said.

Regulation Could Shape Future of Crypto Security

Looking ahead, Ganor said regulation may ultimately become the most important factor shaping blockchain security over the next three years.

“I think the thing that will affect security the most is regulation,” he said.

He warned that overly loose regulation could encourage reckless development practices. While excessively strict rules could eliminate many of the benefits associated with decentralized finance.

“We need to find somewhere in between,” Ganor said. “We want Web3 to be better than the current system.”

You May Also Like

Disclaimer: The information provided in this article is for informational purposes only. It is not intended to be, nor should it be construed as, financial advice. We do not make any warranties regarding the completeness, reliability, or accuracy of this information. All investments involve risk, and past performance does not guarantee future results. We recommend consulting a financial advisor before making any investment decisions.
Giuseppe Ciccomascolo

Giuseppe Ciccomascolo began his career as an investigative journalist in Italy, where he contributed to both local and national newspapers, focusing on various financial sectors.

Upon relocating to London, he worked as an analyst for Fitch's CapitalStructure and later as a Senior Reporter for Alliance News. In 2017, Giuseppe transitioned to covering cryptocurrency-related news, producing documentaries and articles on Bitcoin and other emerging digital currencies. He also played a pivotal role in establishing the academy for a cryptocurrency exchange website. Crypto remained his primary area of interest throughout his tenure as a writer for ThirdFloor.

Email [email protected] LinkedIn LinkedIn
Close
By using CCN.com you consent to our privacy & cookie policy Continue
Survey Icon
Help us improve
1 of 4
Is this your first time here?
What brought you here today?
What are you most interested in?
Would you be interested in:
Thank you icon
Thank you for your feedback!
By using CCN.com you consent to our privacy & cookie policy
Continue
DMCA.com Protection Status