Why we invested in Chaos Labs

This post was first published on our newsletter tioga.substack.com. Subscribe to get notified.

Composability is the best and worst part about DeFi

Decentralised Finance (DeFi) is quite possibly the strongest and most obvious use case for Web3. It’s reinventing the traditional financial system, making sophisticated financial products accessible to anyone with an internet connection.

One of the key features of DeFi is composability, where every DeFi app becomes a one-size-fits-all public API that everyone else can build and innovate upon. In this composable stack, each DeFi app specialises in one specific function and can connect to all other apps leveraging their unique value-add, becoming “money legos”. This is in stark contrast to the traditional banking system which are siloed tech stacks.

*DeFi as money legos (illustration: Tioga Capital)*

However, composability is a double-edged sword. While DeFi’s money legos facilitate more sophisticated transactions, this also increases the number of interactions with external and possibly untrusted code. In fact, any transaction on Ethereum other than simply sending ETH will interact with one or more smart contracts, with the average number of smart contract calls per transaction growing from 1.19 to 2.40 between 2019 and mid-2021. Increasingly complex DeFi interactions represent a challenge to protocol security, as by the end of 2022, DeFi has already lost over $3B due to ecosystem or protocol logic attacks.

The open nature of smart contracts means that loopholes and vulnerabilities are visible to everyone. With billions of dollars in value locked in DeFi protocols, they are an increasingly lucrative target for hackers.

The solution is to simulate attacks and continuously manage risk

The most common solution used by protocols today is a security audit, but these are only performed at a point in time. Teams may add new code or make code changes without getting another audit done, opening the door to previously out-of-scope attack vectors. Additionally, these audits solely focus on a protocol’s code but don’t address the execution environment or the context in which the code will be consumed.

With DeFi, bad code will unquestionably cause financial impact. Hence, it is even more important for teams to continuously battle test their code to identify bugs and economic vulnerabilities. DeFi protocols are inextricably linked to each other one way or another.

For example, Lido’s stETH-ETH “depeg” will impact Aave as stETH represents almost 40% of collateral locked, and the price of stETH is heavily dependent on the liquidity of the stETH-ETH Curve pool. Hence, a malicious actor could initiate a liquidation spiral by executing a large stETH-to-ETH swap on Curve to push down the price of stETH and liquidate underwater Aave positions. Because of this, teams will need to perform simulations that involve multiple protocols and long interaction scenarios.

Another recent example is Mango Market exploiter, Avraham Eisenberg’s “hypothetical” complex attack on Aave which involves REN and USDC on Aave (and CRV). Without a robust agent-based simulation tool, it would be incredibly difficult to measure the impact of such a complicated multi-protocol attack.

With the billions at stake today, more is needed than a one-off consulting type security audit. Teams need to manage risk internally and simulate various edge cases on a continuous basis. This is where Chaos Labs comes in.

*Founder of Chaos Labs, Omer Goldberg (photo: Sophie Sahara)*

Where Chaos Labs Comes In

Chaos Labs is the first highly automated economic security system for crypto protocols. It allows improved risk management and optimisation, helping protocols navigate the challenge between capital efficiency and economic security.

A great example is how Chaos Labs’ simulation platform has been used to optimise risk parameters on Aave. Chaos Labs has also worked with and secured top DeFi protocols, including Aave, Uniswap, Chainlink, DYDX, BenQi, and Osmosis.

More specifically, Chaos Labs’ risk suite can be used to:

Optimise Risk and Capital Efficiency: Chaos Labs arms teams and communities with protocol-specific simulation models to understand the impact of varying parameter settings on protocol capital efficiency and risk. The underlying methodology and inputs are shared for transparency so that the testing process and output results are clearly understood and communicated. Chaos Labs’ state-of-the-art scenario simulation engine can recreate specific attack strategies to test and discover their applicability and profitability — as well as suggest risk mitigation tactics that should be implemented in response. Example of Chaos Labs platform highlighting recommended values for Liquidation Threshold, Liquidation Penalty and Loan-to-Value
Streamline Risk Assessments: Similar to a smart contract audit, but focused on economic vulnerabilities. Developers experimenting with new economic systems and money flows can work with Chaos Labs to analyse how market shifts (e.g., liquidity, oracles, volatility, etc.) may influence or break their protocols’ economic design. Example of a Chaos Labs simulation set-up for Maker
Spend Optimisation: DEXs compete rigorously to scale liquidity available to users to attract trading volume. Chaos Labs’ simulation engine helps protocol teams strategically set incentive spending to maximise ROI on lower budgets, extending runway through turbulent markets. Example of incentives optimisation with Osmosis

Conclusion

With DeFi protocols now securing hundreds of billions in value, the stakes have never been higher. In a future where DeFi continues to grow exponentially, complexity and interdependencies between protocols will only continually increase.

As such, Chaos Labs will play a crucial role in providing protocols with custom and automated economic security tooling that verifies a protocol’s durability and stability in any market condition.

If you are a protocol looking for a risk management suite, we welcome you to reach out to us (deal@tioga.capital) and we’ll make a warm intro to our friends at Chaos Labs.

Disclaimer: This post is for general information purposes only. It does not constitute investment advice or a recommendation or solicitation to buy or sell any investment and should not be used in the evaluation of the merits of making any investment decision. It should not be relied upon for accounting, legal or tax advice or investment recommendations. This post reflects the current opinions of the author(s) and does not necessarily reflect the opinions of Tioga Capital. The opinions reflected herein are subject to change without being updated.

Related news

Exclusible raises €2.2M to launch global luxury NFT platform

31 August 2021

Exclusible, a platform of digital goods tailored towards luxury brands, allowing customers to buy, trade, and showcase exclusive branded NFTs, has announced the closing of its 2.2M Euros Seed round. […]

Atlendis labs raises $4.4 million seed round to bring uncollateralized crypto loans to defi backed by Lemniscap Parafi capital Tioga capital and others

08 December 2021

Atlendis, a capital-efficient DeFi lending protocol that will soon enable uncollateralized crypto loans, has closed a seed funding round of $4.4 million from leading crypto venture capital firms. The round was led […]

Venly Raises 21 Million Euros in Series A to Bring More Users Into Web3

18 April 2022

Venly, a major blockchain technology provider from Belgium, today announces it has secured over €21 million (USD$23 million) in Series A funding, led by Courtside Ventures with participation from Transcend […]

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional

Performance

Analytics