When things go wrong for a DeFi protocol, they tend to do so spectacularly.
Thank you for reading this post, don’t forget to subscribe!
Through the first half of 2023 alone, around $292 million has been lost across 85 DeFi security incidents, according to statistics from Beosin, a blockchain security firm.
“DeFi projects experienced the highest frequency of attacks and the highest amount of losses compared to other project types,” the firm wrote in a research report released Tuesday.
Meir Bank and Philippe Dumonet are out to change that with their proposed ERC-7265 “Circuit Breaker” specification.
The ERC — or “Ethereum request for comment” — published Monday, is devised as a “temporary halt on protocol-wide token outflows when a threshold is exceeded for a predefined metric.”
The authors studied the typical usage of DeFi dapps and found that it is rarely the case that a protocol experiences a sudden drawdown of upwards of 25% — except when there’s a hack or exploit in progress.
The proposal aims to reduce the attack surface of a protocol, by delaying or reverting value outflows beyond a configurable threshold.
Although some individual dapps have their own bespoke implementations of such limits, this is the first such serious attempt at a standardized circuit breaker, Dumonet, co-founder of DeReg told Blockworks.
“Security has been a massive plague both for the reputation and adoption of the space,” Dumonet said. “Nobody wants to risk their capital in something that has a high perceived chance of being lost.”
Dumonet notes that the approach does not introduce any new centralization risk to all but the most decentralized dapps, “which is unfortunately quite rare in DeFi.”
Meir Bank, co-founder of Hydrogen Labs and developer of Fluid Protocol is “a big fan” of fully decentralized protocols such as Liquity, he told Blockworks. But he predicts a future in which they predominate is five to 10 years away.
“That’s just not what’s causing billions of dollars to be lost by real people, and all these companies to fire all their employees and go down, and good technology to be lost when these hacks happen and the companies can’t recover,” Bank said.
The project started during a hackathon at ETHGlobal Tokyo in April, inspired by the efforts of Cosmos DeFi dapp Umee, which implemented rate limiting. Bank set out to tackle the problem for Ethereum, to reduce risk of exploits that have affected many promising applications such as Euler — the victim of the largest this year, per Beosin.
“We’re still hoping to get some more feedback from the Ethereum community,” Bank said.
One drawback could be the occasional “false positive” which could, in theory, be considered a denial of service attack on a protocol, he said. But the Circuit Breaker contains a host of customizable parameters to minimize this risk.
The pair hopes that their standard will be adopted by developers of existing dapps as well as new ones coming in the future.
“It’s easier for new protocols that are just launching to integrate that, but it’s also quite feasible for protocols that are already in the wild to let developers know and migrate into the system,” Bank said.
take from: https://blockworks.co/