DeFi must embrace resilience engineering

The Promises of DeFi

Decentralized finance is a rapidly evolving industry with the ambitious goal of creating a financial system that is accessible to everyone, everywhere. However, recent hacks, such as the Euler attack, have highlighted the urgent need for change in the sector. If DeFi fails to address these issues quickly, both large and small lenders will be unwilling to provide liquidity if they are constantly at risk of losing everything.

Recent Hacks

The recent Euler hack serves as a reminder that the DeFi industry still has a long way to go in terms of growth and development. Despite having a highly skilled team, undergoing multiple audits, and implementing top-of-the-line security measures against oracle attacks, a staggering $200 million was lost in just 20 minutes. If the attacker were smarter, it could have been less than 1 second. This is a major setback for the DeFi ecosystem, as it significantly undermines the trust of both retail and institutional players in the industry. Furthermore, the effects of the hack were widespread and devastating. For example, the agEUR was trading below its peg for several weeks due to the loss of reserves. If a reputable protocol like Euler can fall victim to attacks, it becomes increasingly difficult to convince people that DeFi is indeed the future of finance.

History as a Lesson

This event is not unique to this particular industry. Throughout history, many sectors have experienced similar incidents that have raised doubts about the entire system. For instance, on June 4, 1996, the inaugural Ariane 5 rocket exploded due to a flaw in the inertial reference system, costing approximately $370 million. While this event had a profound impact on those involved, it also provided valuable lessons. Similarly, on November 7, 1940, the Tacoma bridge collapsed due to strong gusts of wind. While there are varying opinions on the physical effects that led to the bridge’s destruction, it’s generally agreed that the bridge’s design allowed the weak vibration caused by the wind to grow until it became a strong oscillation, causing the bridge to rupture. The Tacoma bridge collapse was a bombshell for engineers and an example of what to avoid in the future. The Euler hack is DeFi’s Ariane 5 or Tacoma bridge moment, and it should be a wake-up call that DeFi must evolve to become more resilient to unforeseen issues.

Call to Action: We Need to Stop Being Rekt

The concept of resilience engineering has been around for many years, and for very good reason. There is no program without bugs, and there never will be. It’s a critical aspect that requires attention in the DeFi community. Unfortunately, not enough people are discussing it at present. Currently, DeFi protocols are primarily focused on TVL growth, which is understandable since a market requires sufficient liquidity to be effective.

However, an efficient market that offers good returns is useless if it is not strong enough. It is crucial that the resilience of DeFi protocols becomes a predominant topic alongside TVL growth. In Web2, it is possible to have redundancy and multiple code bases to mitigate risk. Unfortunately, it is not possible in Web3 because the constraints are different. This means that when a problem arises in production, fixing it quickly is not possible. As a result, developers must assume that the protocols they build will contain bugs that will eventually be exploited. And they must design them in a way that allows them to fail safely to minimize damage.

If we look at the attack, we can see that it took everyone by surprise. Even advanced monitoring systems were powerless as it was carried out through Ethereum’s private channels. However, it might have been possible to mitigate this attack if by design the protocol prohibited the withdrawal of more than a certain percentage of the AUM. Of course some will complain that this kind of mechanism like rate-limiting or throttling withdrawals will degrade the UX. However the only time it is necessary to remove a large percentage of a protocol’s AUM is during a hack or when a whale is dominating. Both are undesirable for the user and the protocol, and the dominant whale will probably prefer to wait a bit than risk losing everything.

It’s also crucial to mention that the attack unfolded in several stages over a period of 20 minutes. If the protocol could self-diagnose and lock itself in case of issue, only a small portion of the funds would have been lost. This loss could have been covered by Euler’s insurance fund or even distributed among all users. Moreover, an external monitoring system could have helped by locking down the protocol after the first transaction. This is akin to the rescue time-window outlined by researchers in an IEEE Security & Privacy 2023 study on “DeFi Attacks”, supported by SwissBorg [https://eprint.iacr.org/2022/1773.pdf].

A Spark in the Darkness

It’s encouraging to observe that protocols such as Mango or Solend have acknowledged the issue and are proactively taking measures to address it. The Solana ecosystem has been under significant strain lately, with protocols being put under intense stress tests, which unfortunately led to some of them collapsing. Solana builders are now fully aware of the lack of resilience in DeFi and are working tirelessly to address those issues to safeguard their users. Solend has introduced the concept of Protected Collateral, which enables users to withdraw their funds at the expense of a reduction in their supply APY. It has also introduced a mechanism for limiting borrows and withdrawals that can be configured per pool and asset. Additionally, the protocol has implemented other innovative mechanisms [https://v2.solend.fi/] that align with the principles of resilience engineering. We encourage other protocols to follow their lead.

Furthermore, academic institutions are also working on finding solutions to enhance DeFi security. A prime example is Decentralized Intelligence, led by Professor Arthur Gervais, who is currently developing an advanced protection system called CounterStrike. This system constantly monitors for any malicious activity and attempts to front run them to safeguard DeFi protocols. While it should be noted that protocols should be inherently resilient and not solely rely on such tools, having a safety net such as CounterStrike can be beneficial given the persistent risks in the DeFi space.

Private Transaction Channels: the Facilitators

Flashbots, block builders, and relayers have the potential to play a crucial role in improving DeFi security. These intermediaries can currently facilitate attacks and allow attackers to remain undetected until transactions are already on-chain. However, if they were to integrate Intrusion Detection Systems, they could at least notify victim DeFi protocols about incoming attacks. The community must find a consensus on the fine line between censorship and intrusion prevention. While censorship is not desirable, it may be necessary to prevent attacks and ensure the overall resilience of DeFi protocols. By collaborating on this issue, DeFi intermediaries can help to create a more secure and trustworthy financial system that benefits everyone.

Happy Ending — — For Now

Fortunately, the funds have been returned, indicating that the ecosystem is somewhat resilient and that it is challenging to launder stolen funds. Nonetheless, this is only a partial victory because the ecosystem’s resilience is primarily reliant on centralized entities, which is not desirable for a decentralized system. Ideally, the protocols themselves should be robust enough to prevent the chaos and anxiety caused by these types of attacks.

The recent Euler’s hack must serve as a strong reminder of the potential consequences of a protocol collapse. Despite the fact that the funds have been recovered, it is crucial that the DeFi community takes this event seriously and works together to implement measures that can prevent such attacks from happening again in the future. It is essential to strike a balance between providing users with adequate security guarantees while maintaining the decentralized and permissionless nature of DeFi. The survival of the ecosystem hinges on finding and implementing the best possible solutions.