Securing DeFi
Back when blockchains where only used to store and transfer funds, security analysis was simple. There where a handful of concerns to worry about like 'theft of funds', 'double spends', 'freezing funds', etc. In Ethereum and especially DeFi the amount of potential attacks grows exponentially and it's hard to enumerate them. Some examples are (MakerDAO auction failure, AMM price oracle manipulation, etc.)
We need to rethink security not as a matter of a set of attacks that we prevent.
Rather we need to think of security in terms of guarantees the system provides (like 'your funds won't move without your signature'). These guarantees are a formal contract that the system provides to its users.
For each guarantee we need to know two things:
- What is the maximum economic gain an attacker could create if it where to break the guarantee.
- What is the minimum economic cost to break the guarantee.
In a secure system we want the former to be much less than the latter, i.e.:
\forall_{\text{attack}}\ \text{value of attack} \ll \text{cost of attack}
Since we often don't know all the attacks, it's prudent to instead work with:
\max_{\text{attack}} (\text{value of attack}) \ll \min_{\text{attack}} (\text{cost of attack})
Where the maximum is taken over the entire attack surface.
And this naturally leads to a metric for the security:
\text{Security margin} = \frac{ \min (\text{cost of attack}) }{ \max (\text{value of attack}) }
- Stealing funds. The value of the funds. But add externalities like reputation damage to the system.
- Value of locking funds. This is very similar to the ultimatum game.
- Concerns like ordering and censorship have serious economic value in DeFi.
Ordering
https://arxiv.org/abs/2005.11791