Company
17 April 2023
Company
17 April 2023
This post was first published on our newsletter tioga.substack.com. Subscribe to get notified.
Decentralised Finance (DeFi) is quite possibly the strongest and most obvious use case for Web3. It’s reinventing the traditional financial system, making sophisticated financial products accessible to anyone with an internet connection.
One of the key features of DeFi is composability, where every DeFi app becomes a one-size-fits-all public API that everyone else can build and innovate upon. In this composable stack, each DeFi app specialises in one specific function and can connect to all other apps leveraging their unique value-add, becoming “money legos”. This is in stark contrast to the traditional banking system which are siloed tech stacks.
However, composability is a double-edged sword. While DeFi’s money legos facilitate more sophisticated transactions, this also increases the number of interactions with external and possibly untrusted code. In fact, any transaction on Ethereum other than simply sending ETH will interact with one or more smart contracts, with the average number of smart contract calls per transaction growing from 1.19 to 2.40 between 2019 and mid-2021. Increasingly complex DeFi interactions represent a challenge to protocol security, as by the end of 2022, DeFi has already lost over $3B due to ecosystem or protocol logic attacks.
The open nature of smart contracts means that loopholes and vulnerabilities are visible to everyone. With billions of dollars in value locked in DeFi protocols, they are an increasingly lucrative target for hackers.
The most common solution used by protocols today is a security audit, but these are only performed at a point in time. Teams may add new code or make code changes without getting another audit done, opening the door to previously out-of-scope attack vectors. Additionally, these audits solely focus on a protocol’s code but don’t address the execution environment or the context in which the code will be consumed.
With DeFi, bad code will unquestionably cause financial impact. Hence, it is even more important for teams to continuously battle test their code to identify bugs and economic vulnerabilities. DeFi protocols are inextricably linked to each other one way or another.
For example, Lido’s stETH-ETH “depeg” will impact Aave as stETH represents almost 40% of collateral locked, and the price of stETH is heavily dependent on the liquidity of the stETH-ETH Curve pool. Hence, a malicious actor could initiate a liquidation spiral by executing a large stETH-to-ETH swap on Curve to push down the price of stETH and liquidate underwater Aave positions. Because of this, teams will need to perform simulations that involve multiple protocols and long interaction scenarios.
Another recent example is Mango Market exploiter, Avraham Eisenberg’s “hypothetical” complex attack on Aave which involves REN and USDC on Aave (and CRV). Without a robust agent-based simulation tool, it would be incredibly difficult to measure the impact of such a complicated multi-protocol attack.
With the billions at stake today, more is needed than a one-off consulting type security audit. Teams need to manage risk internally and simulate various edge cases on a continuous basis. This is where Chaos Labs comes in.
Chaos Labs is the first highly automated economic security system for crypto protocols. It allows improved risk management and optimisation, helping protocols navigate the challenge between capital efficiency and economic security.
A great example is how Chaos Labs’ simulation platform has been used to optimise risk parameters on Aave. Chaos Labs has also worked with and secured top DeFi protocols, including Aave, Uniswap, Chainlink, DYDX, BenQi, and Osmosis.
More specifically, Chaos Labs’ risk suite can be used to:
With DeFi protocols now securing hundreds of billions in value, the stakes have never been higher. In a future where DeFi continues to grow exponentially, complexity and interdependencies between protocols will only continually increase.
As such, Chaos Labs will play a crucial role in providing protocols with custom and automated economic security tooling that verifies a protocol’s durability and stability in any market condition.
If you are a protocol looking for a risk management suite, we welcome you to reach out to us (deal@tioga.capital) and we’ll make a warm intro to our friends at Chaos Labs.
Disclaimer: This post is for general information purposes only. It does not constitute investment advice or a recommendation or solicitation to buy or sell any investment and should not be used in the evaluation of the merits of making any investment decision. It should not be relied upon for accounting, legal or tax advice or investment recommendations. This post reflects the current opinions of the author(s) and does not necessarily reflect the opinions of Tioga Capital. The opinions reflected herein are subject to change without being updated.
Atlendis labs raises $4.4 million seed round to bring uncollateralized crypto loans to defi backed by Lemniscap Parafi capital Tioga capital and others
08 December 2021
Atlendis, a capital-efficient DeFi lending protocol that will soon enable uncollateralized crypto loans, has closed a seed funding round of $4.4 million from leading crypto venture capital firms. The round was led […]