A false good idea ? – Ethereum (ETH) is the cradle of vibrant innovation via the rise of decentralized finance (DeFi). However, the reliability of smart contracts is not absolute and has generated many hacks. This is why a team of researchers tackled a surprising concept: that of reversible transactions on Ethereum.
Reversible transactions on Ethereum
The ecosystem of decentralized finance (DeFi) has not stopped innovating since its birth at the end of 2019. Indeed, it proposes to decentralize the usual financial services so that they are accessible to all.
However, DeFi faces a major problem: hacks. Indeed, in the year 2021 alone, hackers have stolen more than $14 billion within the ecosystem crypto. For its part, the Challenge counts, on its own, 3 billions dollars of losses due to smart contract flaws or bugs.
This painful assessment prompted a team of researchers from Stanford to propose a solution that is surprising to say the least, by imagining reversible transactions on Ethereum:
“We have designed token standards which are siblings of ERC-20 and ERC-721 and which allow transactions to be reversed (when there is enough evidence to do so). We wrote an article about them and implemented some prototypes. These token standards are titled ERC-20R and ERC-721R respectively. »
>> Reversible or not, your cryptos can earn you big with AscendEX Earn (commercial link) <<
Operation of the ERC-20R and ERC-721R
You would have understood it. These new token standards improve two of the most used standards on Ethereum:
- ERC-20, the token standard;
- ERC-721, the NFT standard.
Thus, these tokens provide recourse in the event of a hack. Indeed, if a hacker succeeds in stealing this type of token on a protocol, it will be possible to set up a recovery process in 5 steps:
- The victim requests a freezing of the stolen funds. The latter will publish a freeze request on the governance contract. The applicant must provide evidence justifying the freezing;
- Judges accept or refuse the freeze. A decentralized consortium of judges will vote for or against the proposal during a two-day deliberation period. If the judges accept the request, they will proceed with the freezing via the contract of the ERC-20R or the ERC-721R;
- Running Freeze. The transfer of frozen funds will no longer be possible;
- The trial. The victim as well as the hacker will be able to present evidence to support their version of the facts to a decentralized panel of judges. The latter will rule on the case and decide whether or not to call the function that will reverse the transaction;
- Reverse transaction. If the judges have ruled in favor of the victim, the transaction is reversed and the funds returned.
In practice, this type of token could have allowed many protocols to recover funds following an attack. However, this raises a series of philosophical and ideological questions.
Impacts on the decentralization of Ethereum
Although this proposal is based on a good feeling, it presents many weaknesses. Indeed, immutability is central to the blockchain ecosystem. Consequently, the implementation of the ERC-20R and ERC-721R tokens generates a questioning depth of this immutability.
In addition, the decision relating to the reversal of a transaction is placed in the hands of a centralized actor. Therefore, although the consortium is decentralized, the decision rests with a handful of actors who could serve their own interests.
Moreover, this idea is based on yet another decentralized governance. However, over time, many weaknesses have been identified in this type of governance. Indeed, these turn out to be highly centralized in most cases.
According to the latest report from chain analysis on the subject, less than 1% of addresses hold 90% of the voting power.
Frontrunning: the Peckshield solution
Obviously, these Stanford researchers are not the first to have imagined solutions to the problems of hacks. In fact, the company peck shieldspecializing in blockchain security, offered a completely different solution. Unlike reversible transactions, Peckshield’s solution aims to intervene upstream of the attack.
In concrete terms, the solution called “KillSwitch” intended to detect hack transactions when they occur and take action before the transaction is committed. This service will use a method called frontrunning to catch hackers off guard.
“KillSwitch aims to detect hack transactions before they are included in the block and take emergency action to block the attack or prevent asset theft. It is actually a DeFi protection based on the frontrunning. »
Peckshield Statement
To do this, KillSwitch will set up programs responsible for monitoring the mempool. If a transaction meeting the conditions defined upstream is detected, the program will “front runner” the transaction to prevent the attack.
“The trigger condition captures the fact of a significant loss due to a hack and requires knowing the protocol address, the asset, and a percentage loss. For multiple assets, we specify the loss for each. »
Peckshield Statement
In fact, this solution aims to solve the problem upstream without a decentralized consortium of judges.
Note however that each protocol will have to configure KillSwitch. Moreover, although the emergency transaction is sent by KillSwitch, it must be upstream signed by the protocol team so that it can at the same time pause the protocol in the event of an attack.
The last major attack impacted the market maker wintermute. In total, 160 million dollars were stolen because of a fault in the tool Profanity.
Does DeFi seem too risky to you to leave your funds there? Find serenity! Instead, look for XX% returns for your cryptos by registering on AscendEX (commercial link).