Published in


Staking Security vs DeFi Attraction

Is PoS still not secure enough?

DeFi projects, mostly taking shape of token loaning, is flourishing in 2018–2019. A larger group of blockchain players tend to put their cryptocurrencies into wallets that integrates lending business to enjoy interests. At the same time, more are seeing cryptos as a pledge that can be put into a lending contract. Therefore, doubts have been raised on who would engage in staking (maintaining network safety) since the above two usage of tokens are so lucrative?

In his paper Competitive Equilibria between Staking and On-chain Lending, Tarun Chitra came to a conclusion that reasonable, well-intentioned participants of the network tend to transfer their assets from Stake contracts to lending contracts in order to optimize their gains, and this is worsening the safety of a PoS network. Through Monte Carlo simulation, Tarun demonstrates how this works.

In particular, we find that ‘bank runs’ can occur when many agents collectively move their tokens from staking contracts to lending contracts even when agents have indpendently drawn risk preferences. These attacks, which are coordinated only by rational optimization, show that the strictly Byzantine threat model is insufficient to describe security in PoS networks.

Tarun has mentioned a more worrying situation that malicious members of the network would be well-positioned to attack the system by borrowing a great amount of tokens with an alluring interest rate, thus sabotaging the consensus process. In a PoS system, except for threatening models like Nothing At Stake or Long Range Attack, there’s an another means of attack — financial attack — that needs precaution.

However, if there exist physically settled futures contracts on PoS tokens, then it is possible for an attacker to buy futures that allow for staking participants to sell their staked token in the future. This attacker can aggregate this stake and upon reaching an attack threshold, begin to perform a double spend or other malicious attack . As these derivatives can be settled off-chain (e.g. using a centralized exchange like BitMEX or Deribit), monitoring of this type of attack can be difficult.

In @hosseeb articles saying “DeFi is eroding the system safety of PoS”, similar cases are also mentioned. However, the saying “DeFi is eroding the system safety of PoS” can hardly be regarded accurate. The possibility of suffering financial attacks is an innate risk of any PoS system. The loan of tokens have already existed before DeFi came out. In a PoS network, tokens is a medium for both maintenance of network security and liquidity as a currency. Therefore, more financial features of a token would be developed.

How are financial attacks conducted?

What makes financial attacks so worrying is its appalling return on investment.

It is hardly possible for attackers to initiate attacks by purchasing tokens, for the cost is so heavy and the conduct itself would lift the price of tokens. The more practical way is to conduct attacks through borrowed tokens. That is to say, attackers will more likely to transact futures, in order to transfer the loss of token depreciation after the attack and full their pocket.

Let’s deduce what steps may attackers take:

Step1: Offering a borrowing with an interest rate that you cannot refuse to collect enough tokens. When the tokens are enough, stake them.(Say attackers have pledged plentiful assets to borrow the amount of tokens s/he wants)

How to define “enough”? That may one third of all Staking tokens for PoS networks that adopt BFT; and for those without BFT, the ratio is ½. (PoS networks with BFT are what we are talking about in this article)

Step2: The attacker make a futures contract with other market entities to make an appointment that in a certain period of time ahead, the tokens he hold will be sold at the current price. In order to be anonymous, the attacker may hide his identity behind several IDs or sign contracts with multiple market entities with no relations among them.

Step3: Conduct the attack towards BFT. Jeopardizing the forming of a consensus, paralyzing the system, or, initiate a double-spending attack. No matter what kind of attack he would do, tokens will be massively sold and the price would plunge once the attack succeeds.

Step4: Buy in tokens at a very low price from the market and finish the futures transaction.

Step5: The chain that is being attacked may notice, then slash the tokens owned by the attacker. But that does not matter, for the attacker can buy in another bunch of tokens to pay back the interests of tokens borrowed and redeem what he pledged.

Let’s calculate how much the attacker would earn from the attack:

The tokens borrowed by the attacker, assuming it as V1

After the attack, token’s price dropped to V2

Because the attacker borrows at V1, then completes the futures transaction that costs V2, and finally, the attacker pays back the borrowed token at V2.

So the attacker ’s gross profit:


If we want the calculation to be more accurate, we have to take the interest of borrowed token, and the cost of assets pledged before borrowing tokens into consideration.

Suppose the interest rate is r and the attack period is t, and the interest of the attacker is paid at the end of the period, so the interest is r*t*V2.

Assume that the required multiple of the mortgage is n, then the value of the collateral is nv1; if the interest rate of the collateral is set to u, then the financial cost of the collateral is u*t*n*V1.

The attacker’s net gain is

ΔV = V1–2V2 — r*t*V2 — u*t*n*V1

The above formula is a relatively rough calculation, without considering the following three factors. First, if the attacker is more risky and greedy, he can take more aggressive measures in Step 2, for example, short selling more tokens than he actually owns to earn more. Once he gets his way, the attacker will get more benefits. Second, the calculation does not reflect the possibility of price up when the attacker buys a large amount of the token. Third, it may be possible that the attacker may have enough credit on his own to borrow a big amount of tokens, instead of borrowing by collateral.

Even so, it is still crystal clear that there’s a fat profit for attackers.

Would PoW Suffer from Financial Attacks?

To answer that question, we have to distinguish the financial difference between PoS and PoW. PoW is a design that preloads punishments — no matter you are good or bad for the system, you have to be “punished”(energy, or should we say, computing power, consumption) at the first place. Only when the punishment is done, you can earn the right to win rewards. If you are considered malicious, you will lose the chance of be rewarded. That mean, “punishments” you suffered are in vain. To some extent, that sounds like court trials in ancient China. No matter you are the defendant or the plaintiff, the official would give both sides bludgeon sentence just because they detained the peace of the court! After that, justice would possibly be claimed.

Whereas PoS puts punishments at the bottom. The tokens staked cannot be Slashed until an evil do is done. Therefore, there’s room for attackers to borrow tokens and attack the system. This kind of attack apparently does not apply a PoW system for the energy must be first consumed so the attackers cannot transit the cost of energy through borrowing-in or shorting.

So does that say PoS is so fragile that we have to go back to a single PoW world?

How dos PoS counter financial attacks?

Since its first day, PoS has never stopped perfecting itself by overcoming a string of problems, for example, the tendency of forking through Slash mechanism, the offline or inability of block-producing of nodes through Jail mechanism, or optimizing the consensus efficiency through delegation mechanism. Therefore we have faith in the PoS’s capability of solving financial attack problems.

To counter financial attacks, we can come about several means from different angles.

Method 1. A dynamic response to the adjustment of the earnings of Stake

The PoS projects often takes a strong position in operation, so that the yield of Stake can be guaranteed a comparative advantage over other uses of tokens. When faced with an attacker absorbing token reserves, increasing the Stake yield can directly compete with the attacker’s buying-in, allowing tokens to flow to the in-chain Stake contracts. However, increasing the stake yield will bring inflation, so that people’s expectations of the value of tokens need to be adjusted continuously. This situation will worsen the liquidity that tokens need to carry in the on-chain business. This is not an approach that can be adopted without limit.

Method 2. Set a “fuse mechanism” to reduce the speed of staked tokens leaking out

Let’s tackle the problem from cycle t, which is composed of two parts, one is the time for the attacker to absorb token reserves, and the other is the time for the attack. We can intervene in the firsts period. The project team can set a threshold for the outward transfer of staked tokens. For example, within a period, there is a cap for the number of tokens that can be transferred from the Stake contract. (It’s a bit like the stock market fusing mechanism.) In this way, the time for the attacker to absorb reserves will be increased so is the cost of the attack.

Method 3: The project party provides infant care of the chain

When the project is most dangerous and fragile, the project is usually in its early days. The larger the project’s market value, the more assets that are needed to be pledged when borrowing, the more difficult it is to borrow in tokens. The project party can take control of most of the tokens by itself or its related parties during the fragile stage of the project. However, doing so can be criticized as centralization, or the manipulation the market, which is clearly not the best choice.

Method 4. Upholding market confidence in every way

The reason why the attacker can make money is because the token price would drop rapidly after the undersell of tokens. But if there is an active response by the team and various reasons to support the market’s confidence, then the possibility of a successful attack will be smaller, and the more secure the system is. We have seen that there is an important difference between PoS chains and PoW once, that is, after the PoW chain is developed, it may become a self-running state, while PoS takes a strong position in operation.

Method 5. Maintaining a high Stake ratio

Maintaining a high Stake ratio is the most fundamental measure to ensure PoS network security. The higher the Stake ratio, the more difficult it is for the attacker to reach the attack threshold by absorbing reserves, and the longer the period (t), so attackers will be more likely to be exposed.

Let’s assume that the attacker’s will initiate an attack once he holds 1/3 of the total staked tokens(including the tokens that the attacker is about to stake).

When the stake ratio is 30%, the attacker needs to borrow 15% of the 70% unstaked tokens from the market to launch an attack.

When the take ratio is 50%, the attacker cannot launch an attack until he borrows 25% of the 50% remainings from the market.

When the take ratio is 66.6%, the attacker needs to borrow all the remaining tokens from the market to launch the attack.

That is to say, when the Stake ratio exceeds 2/3, the system can be almost said “absolutely safe.”

Relationship between attack difficulty and Stake ratio

The attack difficulty coefficient is represented by the ratio of the tokens that the attacker needs to borrow from unstaked tokens and its maximum value is 1. When the value is greater or equal to 1, it means that the attack is impossible.

From the above chart we know that raising the stake ratio is of outstanding effect to improving the safety of a PoS system.

The aforementioned method1, 2, and 3 can all be used to increase the Stake ratio. In addition, there is a financial approach that can maintain a high Staking ratio thoroughly. It is also mentioned by several articles and friends in the industry — to construct a layer of agreement that issues bonds based on Staking assets.

When the token holder participates in the Stake, a bond will be issued to the holder. The bond represents the right to redeem the token. The token holder can return the bond at any time and take back tokens. When the Stake lock period ends, the token returns to the holder’s account. Of course, currency holders can also sell bonds. The liquidity brought by bond trading solves the problem that tokens cannot be circulated during stake locking.

This is the menthol taken by Stafi. Long before attentions being paid to the problem that token lending behavior would erode PoS network security, Stafi has already on the way of solving it. Meanwhile, this method also increases the liquidity of staked assets. Let’s call it the Stafi Way.

Stafi Way

Taking the Stafi way, Stake ratio will be increased to another level. Meanwhile, Stake and the off-chain use of tokens will not compete with each other, but coexist harmoniously. For the borrowing behavior, you can use bond instead of the native token to generate interest, and the native token participates in stake acquisition. Benefits, double benefits, and enjoy at the same time. For lending as collateral, bonds can also be used instead of native tokens as collateral. Participating in stake gains, and borrowing as collateral, both uses are achieved simultaneously.

Let’s deduce a malicious attack. The attacker may take 2 approaches:

1.Refusing bond, and insisting on providing higher interest rates for original tokens

In this way, the attacker has to face two difficulties. First, the cost of absorbing token reserves becomes very high, for the attacker must offer an interest rate that is more attractive than Stake yield and bond market interests combined in order to collect tokens. Second, an extremely high Stake ratio guaranteed by Stafi way, combined with the fuse mechanism mentioned before, prolongs the token accumulation period greatly. Thus the cost and uncertainty will grow because there is enough time for project teams to counter the attack.

2.Attack bond directly

The attacker provide higher interest rates for bond so that many bond holders would deposit theirs in attacker’s hand and enjoy interests. After collecting a great amount of bond, the attacker will redeem the bond to original tokens without authorization then initiate the attack. I, also, regard this kind of attack hopeless, because during the redemption, the fuse mechanism will be activated so that the project team will be alerted and take measures. The most aggressive way is to press the frozen button and suspend block-producing. At that time, the attacker will lose all resorts, and his cost will swell as time goes. This way, though harmful to the system itself, would act as a deterrence to keep attackers away.

Would Stafi Way be the finale of the eco-security development of PoS?

The financial world is too complicated. More attack approaches may pop up in future days. But no matter what, Stafi Way will certainly be widely applied.

That is because using bond as a liquidity medium for tokens is not so much an invention by Stafi as a certain result of people’s desire for stake yields without relinquishing other features of tokens. It is an inevitable outcome of Staking ecosystem. That is why we keep emphasizing the “Staking Finance” concept of Stafi.

What must be considered thoroughly is that when Stafi Way is widely applied, what are the new attacks that will threaten the system security of PoS. If so, new wisdom will be needed to settle the threats.

— — —

Due to the limits of my ability, if there is any inconsistency in the text, please feel free to help me correct it. If there are better methods for token valuation, your inputs are also welcomed.

By Liam & Msize, blockchain researcher of Stafi

About Stafi Protocol

STAFI Protocol solves the contradiction between the token liquidity and Mainnet security by issuing ABT tokens, which provides the liquidity of your Staking Assets. ABT token increases the staking rate to a higher level (100%, theoretically) ,and it could be tradable, its security is guided by Stafi Protocol which ensure ABT token is the only collateral that can apply to redeem staking assets from original staking blockchain ( Tezos, Cosmos, Polkadot, etc,.)






Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store