Source: AdobeStock / HALMembers of the Ethereum community have proposed a new standard meant to improve the security of decentralized finance (DeFi) protocols and mitigate hacks
The attacks on DeFi protocols have become all too common, draining billions in user funds. According to DeFiLlama, around $6.6 billion was stolen in exploits so far, with $5.31 billion of that going to DeFi protocol hackers.
Builder Diyahir argued in a blog post that, "no amount of audits, insurance, and white-hat hacker rewards will stop hackers from finding clever ways to extract value from a growing public honey pot."
"One line of code is the difference between working as intended and completely wrecked."
The new standard - ERC (Ethereum Request for Comments) 7265, proposed by Diyahir, tcb_00, and real_philogy - would enable protocols to integrate a "circuit breaker," adding a back-stop to smart contracts, which would stop tokens from leaving those contracts, thus preventing the scenario in which all funds get stolen
Per the proposal,
"This standard outlines a smart contract interface for a Circuit Breaker that triggers a temporary halt on protocol-wide token outflows when a threshold is exceeded for a predefined metric.
Developers would have the ability to specify if the circuit breaker contract should delay settlement and "temporarily custody outflows" during the cooldown period, or if it should revert on attempted outflows
This is meant to give flexibility to developers and assure correct internal accounting for protocols.
More Time to Protect Funds
When a protocol is attacked, it commonly loses everything and its total value locked (TVL) drops to 0 in seconds
Meir Bank of Fluid Protocol said that most protocols lack sufficient response time to react to a hack. By the time anyone even notices the issue, it's already too late.
The new standard may be a solution
Per Diyahir, the attacks will still happen no matter what. However,
"The goal here is not to entirely end hacks but to extend the actionable period that the protocol has to address the situation."
ERC 7265 would prevent the attacker from draining an entire contract, while the majority of funds lost would be recovered, claimed Bank
A circuit breaker is only appropriate for projects which are already upgradeable, and it does not add any additional centralization, Diyahir said
6/ The Circuit Breaker is intended for protocols which are upgradeable by governance, which make up the majority of DeFi today.
These protocols and their assets are already fully controlled by governance, so there is no added centralization risk.
— Meir Bank (@MeirBank) July 3, 2023
This is still a proposed standard, meaning that the Ethereum community would need to pass it, while the core team would need to accept it as the final standard and implement it as such
____
Learn more:
Report: Over $204 Million Lost to DeFi Hacks and Scams in Q2
Attacker Siphons $10 Million in Crypto From Poly Network – Here's What Happened
What is DeFi? Decentralized Finance Explained
Top 10 Decentralized Exchanges (DEX) in 2023
El contenido es solo de referencia, no una solicitud u oferta. No se proporciona asesoramiento fiscal, legal ni de inversión. Consulte el Descargo de responsabilidad para obtener más información sobre los riesgos.
Ethereum Users Propose ERC 7265 to Thwart DeFi Hacks – How Does it Work?
The attacks on DeFi protocols have become all too common, draining billions in user funds. According to DeFiLlama, around $6.6 billion was stolen in exploits so far, with $5.31 billion of that going to DeFi protocol hackers.
Builder Diyahir argued in a blog post that, "no amount of audits, insurance, and white-hat hacker rewards will stop hackers from finding clever ways to extract value from a growing public honey pot."
The new standard - ERC (Ethereum Request for Comments) 7265, proposed by Diyahir, tcb_00, and real_philogy - would enable protocols to integrate a "circuit breaker," adding a back-stop to smart contracts, which would stop tokens from leaving those contracts, thus preventing the scenario in which all funds get stolen
Per the proposal,
Developers would have the ability to specify if the circuit breaker contract should delay settlement and "temporarily custody outflows" during the cooldown period, or if it should revert on attempted outflows
This is meant to give flexibility to developers and assure correct internal accounting for protocols.
More Time to Protect Funds
When a protocol is attacked, it commonly loses everything and its total value locked (TVL) drops to 0 in seconds
Meir Bank of Fluid Protocol said that most protocols lack sufficient response time to react to a hack. By the time anyone even notices the issue, it's already too late.
The new standard may be a solution
Per Diyahir, the attacks will still happen no matter what. However,
ERC 7265 would prevent the attacker from draining an entire contract, while the majority of funds lost would be recovered, claimed Bank
A circuit breaker is only appropriate for projects which are already upgradeable, and it does not add any additional centralization, Diyahir said
This is still a proposed standard, meaning that the Ethereum community would need to pass it, while the core team would need to accept it as the final standard and implement it as such
____
Learn more:
Report: Over $204 Million Lost to DeFi Hacks and Scams in Q2
Attacker Siphons $10 Million in Crypto From Poly Network – Here's What Happened
What is DeFi? Decentralized Finance Explained
Top 10 Decentralized Exchanges (DEX) in 2023