Browsing Tag: agent risk

    DeFi risk

    Code loopholes, hackers, market volatility, arbitrageurs: the paradigm of DeFi risk management

    July 20, 2020

    DeFi refers to the decentralized financial agreement realized by smart contract, including asset trading, lending, insurance, various derivatives, etc.; except for credit service, financial service in reality can be realized through DeFi protocol. These agreements are decentralized and automatic, and there is no third-party organization in the management and maintenance. Therefore, the risk control of contracts has become a difficult problem in the industry.

    DeFi has dual attributes of Finance and technology, mainly including the following risks:

    1. Code risk. Including Ethereum underlying code risk, smart contract code risk, wallet code risk, etc. For example, the famous DAO incident in those years, the recent Uniswap vulnerability attack, and all kinds of wallet theft incidents are caused by code risk.
    2. Business risk. The main reason is that there are loopholes in the process of business design, which are reasonably attacked or manipulated. For example, FOMO3D was blocked in those years, and bZx mistakenly used the Uniswap Oracle, which was not resistant to attacks, and was reasonably suppressed to steal assets. These people are called arbitragers. Arbitrage has both disadvantages and advantages for a DeFi project.
    3. Market fluctuation risk. The lack of some response variables in the design of DeFi leads to the occurrence of market extreme situation. For example, MakerDao’s performance in 312 is mainly caused by the extreme volatility risk of the market.
    4. Oracle risk. The Oracle provides global variables and is the basis of most of the DeFi. If the Oracle encounters an attack or stops, the downstream DeFi will collapse. We believe that the Oracle will become the most important infrastructure of the future DeFi, and the Oracle with any centralized risk will eventually die out.
    5. “Technology Agency” risk. It mainly refers to that ordinary users who are not familiar with smart contracts and blockchain use the “convenient” interactive tool developed by the centralized team, which may have risks.
    risk management framework for DeFi

    The above risks should be taken into account in the design of any DeFi project. The complete process is not only to make prompt in the document, but also need some risk management means. Most of these measures are carried out in a decentralized way, and a small amount are completed in the form of community governance (mainly refers to chain governance). Here we propose a risk management framework for DeFi, which is divided into pre event, in-process and post event

    In advance: it is mainly to formally verify the contract code, including clarifying the boundary of methods, resources and even instructions used in the contract, as well as the correlation and influence of these methods, instructions and resources in the combination process, and resolutely use the method without demonstration or combination without finding boundary. This is not the thinking of traditional software development testing, it is a concept close to mathematical demonstration. Good contract development should be based on a proven combination of methods.

    In the event: the main design is downtime design and exception trigger design, that is, the contract can identify and intervene the attack behavior, including automatic shutdown design and governance outage design. The abnormal triggering is a kind of control and management of the unexpected phenomenon in the process of contract operation; the abnormal trigger is generally automatic, and some risk management variables are corrected through the abnormal trigger. Please refer to the beta coefficient and anti blocking attack settings in nest Oracle system, which is the first practice in the industry to consider shutdown and abnormal triggering.

    After the event: risk management after the event includes several parts. First, code vulnerabilities need to be corrected. Generally, it is managed through chain governance, that is, DAO governance. Secondly, the governance asset itself is attacked, and contract bifurcation is needed at this time! This is a blind spot ignored by the industry. Secondly, through the insurance mechanism, the possible risks of the contract are insured to reduce the loss. Finally, the community can track losses through tracking data on the chain and cooperate with various institutions. For on Chain Governance and contract bifurcation, please refer to nest’s design, which is an innovation.

    system framework for the security of DeFi

    The above is a system framework for the security of DeFi for your reference only. At present, the understanding of safety in the industry is too early and too traditional. If we can’t change our thinking and introduce new ideas such as boundary, completeness, consistency, formal verification, shutdown, abnormal triggering, governance and bifurcation, we can’t adapt to the future development.


    Agent risk of miners

    July 2, 2020

    After the birth of Bitcoin, a special industry came into being: “mining”, the node that completes nonce calculation and packs blocks is called miner.

    Every transaction we make on Bitcoin is recorded by these miners on the blockchain. As miners have the right to keep accounts, naturally they are very important to the special currency system, which makes us worry: can they affect our assets, such as turning away, disappearing, or not allowing us to trade? This kind of influence is the agent risk of miners.

    To analyze the agent risk of miners, it is necessary to go deep into the mining process to determine which miners can make their own decisions and which are arranged by agreement or algorithm.

    Taking BTC and ETH as an example, in the process of packaging, which transactions to choose, which data to package (such as time stamp), which nodes to broadcast to and which nodes to accept are all decided by the miners themselves; while the packing rules, the HASH after packaging, and the calculation of nonce value based on HASH are all agreed in the protocol and can be verified by the system, and can not be tampered with by miners at will.

    According to this process, without the private key, it is impossible for a miner to forge a transfer out transaction, so it is impossible to transfer your money away. But miners can not let your deal package, or even add your address to the blacklist, as long as it is packaged, ignore your transaction. In addition, if there is a need to prioritize transactions, miners can rank your trades at the bottom or other designated transactions at the top.

    selectively receive radio

    Because miners can selectively receive radio, this will become an excuse: blacklisting an address can be said to have not received the transaction, and the blacklisted people can not find evidence of their being blacklisted from any data, so they can not trace the responsibility of miners.

    Of course, for a pure miner, anything he wants to do is OK, as long as it meets the agreement. However, for the miners entrusted to the mine pool, if an address is included in the blacklist randomly, it should be regulated or explained. Because the relationship between the mine pool and the miner is the principal-agent relationship, it can not be guaranteed that the behavior is based on the interests of the miners rather than the interests of the mine pool. For this issue, we will write a separate article to discuss the agency risk of the mine pool.

    From the above description, the impact of miners on individuals mainly includes preemptive transaction and exclusion transaction (blacklist, etc.), both of which will not cause asset loss on BTC (of course, time loss is also a kind of loss); at the same time, considering that the impact of a single miner is small (except for the mine pool), and the packed miners are generated randomly, these two kinds of agency risks will follow With the increase of nodes and the expansion of the system, it decreases. But if the development of the mine pool is more and more concentrated, it may be the opposite.

    However, in ETH, due to the more complex logic contained in smart contracts, especially in the field of DeFi, the importance and relevance of a transaction has greatly increased, which means that the risk of miners’ agency has increased.

    smart contracts

    Taking 312 as an example, when there is a large-scale run on DeFi, the income risk structure of preemptive trading and excluding transaction becomes very important. At this time, there is “external incentive”: that is, miners are not motivated by ETH generated by package trading, but by the arbitrage value of various contracts on the chain, so that under the most open assumption (miners are completely based on their own total incentive) There may be all kinds of confusion in ETH, and miners have become the biggest beneficiaries of difi’s arbitrage interests.

    Such confusion will affect the decentralized consensus of the public chain, especially if the mining pool does so, the negative impact will be doubled.

    Of course, in the real world, miners and mining pools will be affected by various factors such as reputation, external supervision, community resistance and so on. Therefore, there are only a few miners who really dare to carry out such blatant external incentives. But this kind of potential risk still exists, especially the mine pool; because it conforms to the principal-agent structure of the current law, once the interests of the principal are damaged, it is likely to be accused by the traditional legal relationship, which is a high cost thing.