Editor's Note: This article comes fromCrypto Valley Live (ID: cryptovalley)Editor's Note: This article comes from
, Author: ConsenSys Codefi, translation: Ziming, reprinted by Odaily with authorization.
bZx Flash Loan Event
The recent attack on the bZx protocol provides an opportunity to better assess DeFi risks. The ConsenSys Codefi team will work to promote transparency and risk management in this field and accelerate the development of the DeFi ecosystem.
bZx Flash Loan Event
You may have heard about the two “flash loan” attacks on the bZx platform, which resulted in losses of approximately $1 million. DeFi is a nascent industry that is still maturing and developing, and exploits like this are a necessary developmental pain point for the ecosystem to grow, but will ultimately make it stronger. An industry without problems is like a school without curriculum, which shows that these problems are especially valuable for industries in their infancy. Establishing rigorous and adaptable processes is more important than getting it perfect the first time, and last week's events prompted the ConsenSys Codefi team to examine and improve the DeFi scoring methodology.
As global financial services transition to open-source programmable blockchains, ConsenSys Codefi is building a suite of modules to make this transition more securely for both its clients and institutions with direct relationships. To this end, we launched DeFi Score, an open source solution for evaluating DeFi lending codes and financial risks, hoping to use this solution to improve transparency and improve the outside world's understanding of the technical and financial risks related to the DeFi loan market.
secondary title
How did the DeFi Score perform in the bZx event?
This incident shows that the improvement of the DeFi Score risk assessment model still needs some work to more accurately assess and communicate DeFi risks. In this article, we investigate how to improve correlation models.
But first, let's take a look at how the current model adjusts the bZx score after an attack, we are proud of how well it responds, and of course realize that there are ways we can continue to improve it.
For the first time in the six months since the risk assessment model was published, the scores have been adjusted so significantly. And it's the first time a single event has had such a major impact.
The model itself was unable to identify hacks or manipulation, but it reacted to the massive flight of funds as users withdrew funds from the bZx platform. This “bank run” phenomenon can cause ratings to drop, liquidity in the pool to drop and utilization to spike.
Does the DeFi Score risk assessment model have the ability to predict in advance?
If not, what are we not taking into account in evaluating models?
How should we alert the user if similar incidents happen again?
secondary title
In the DeFi space, a "time lock" is the minimum delay after a protocol change, which is the mandatory "waiting phase" between announcing a protocol upgrade and its actual implementation. A time lock is a good thing, it reduces risk by allowing protocol users to liquidate positions before making protocol changes. Since we take decentralization and operational security very seriously, bonus points are issued when the protocol activates a timelock in a contract.
On Feb. 18, bZx used its admin key to remove the timelock from its smart contracts, but this action prompted the system to automatically change its protocol governance score from 2 to 1, causing the scores of all its validating pools to drop.
In other words, for the behavior of canceling the time lock, our scoring system can only work on small events and cannot predict the occurrence of crises. So there is a lot of work to be done to make scoring more robust, transparent and sensitive to smart contract risks.
secondary title
Improving DeFi Scoring: Tighter Rules and More Requirements
For us, it is very important that DeFi Score maintains community leadership. While internal teams can propose changes, it is ultimately up to the community to identify, evaluate, and ultimately approve any major updates to the scoring framework.
The participation and approval of the entire community is a fundamental principle of our team's work, but we also recognize that these improvements are time-sensitive, and adding community approval will only facilitate the final release. So we promise to do everything we can to keep pace with the community.
We've identified a few updates that we believe will improve the DeFi scoring system.
secondary title
Stricter rules for smart contract audits
DeFi Score gives a score based on whether the code of the protocol has been audited by a reputable security team. But so far, it has been binary on that metric, yes or no. It does not take into account when audits are performed and does not require re-audits for upgraded major protocols. Plus, not all scrutiny is created equal, and multiple audits of smart contracts can help determine the security of the underlying protocol. These are subtleties that we haven't considered yet.
So far, we have proposed a more robust and nuanced framework to reflect various aspects of smart contract auditing, resulting in better and more transparent evaluation of contracts. We think these new guidelines will better illustrate how DeFi protocols should handle security.
Our proposals for the relevant scoring requirements to be reviewed are as follows:
At least 4 engineering weeks dedicated to review (10%)
Since the audit, no critical vulnerabilities have been reported (20%)
Has had an audit in the last 12 months, or made minimal changes to the code since the last audit (15%)
Audit results must be published publicly (15%)
Has a bounty program and information security disclosure (15%)
For example, if the scoring system noticed that the last review of a smart contract was done in 2018, it would significantly downgrade that item.
Economic Security Review Requirements
The first bZx incident occurred due to a bug in the smart contract, which exploited a code inspection failure. However, technical vulnerabilities represent only one aspect of protocol security, as we saw in the second bZx incident where attackers can manipulate markets without exploiting any vulnerabilities. The attack caused Nexus Mutual to pay its first redemption request.
We hope economic audits will become a standard part of any DeFi protocol security plan. We should conduct a market risk audit of the protocol and should conduct large-scale stress tests to assess the economic security of its users. Gauntlet's detailed risk assessment of the Compound protocol is an example of such an audit.
secondary title
Another underrepresented attack vector is the manipulation of oracles. Currently, DeFi Score addresses the risk of oracles, but only when it comes to decentralization. Current centralized scoring focuses not on whether a source of price data can be manipulated, but on whether a single entity can easily manipulate the price itself. Essentially scoring the centralization of oracles, which does not account for otherwise unrelated measures of their manipulability.
Research on manipulating oracles is still a fairly new field, although some colleagues have proposed workarounds that are achievable. So far, UMA's decentralized "provably honest" oracle design appears to have set the standard for future manipulation-resistant oracles. It’s also worth mentioning that Uniswap’s v2 implementation may include improvements to oracle resiliency, and there are rumors that price moving averages will be introduced, increasing the cost of oracle price manipulation.
We acknowledge that more research must be done to better understand manipulation against oracles and how to assess risk, something that the ConsenSys Codefi team has been working on.
secondary title
Next steps: Additional upgrades, greater transparency and API rollout
In addition to the above-mentioned improvements to the DeFi Score and the redistribution of the weight of certain specific factors, the platform will also undergo other changes in the next few months:
Post ratings more frequently
We currently calculate the DeFi Score every six hours, which is useful for our daily score trackers such as the DeFi Score Twitter Bot.
In the Alpha version, this release frequency is not a problem. But in the past five months since launch, we've seen our methods and data become valuable to a growing number of people and projects, and demand for them has grown. To better serve this user community, our March goal is to calculate ratings every 10 minutes. Our long-term goal is to get these scores as close to real-time as possible.
Improve our API products
Next month, we will begin rolling out the initial public release of the DeFi Score API so developers can programmatically retrieve individual scores and other data points for integration into other systems or presentation to users. The new API also includes uptime guarantees, reporting, and a range of additional protocols and data pools.
Currently, the DeFi Score API is in private beta.
