Be careful, DeFi has the potential to erode the security of the PoS blockchain

Written by: Haseeb Qureshi, Partner, Dragonfly Capital, Blockchain Investment Agency

Compile: Zhan Juan

Peeling off cocoons is a step-by-step explanation of why competitive lending markets have a significant impact on PoS security.

On-chain lending has become the most popular decentralized financial (DeFi) application today. Lending markets such as MakerDAO, Compound, dYdX and Nuo Network have all grown sharply last year. But on- chain lending may not only subvert traditional lending, it may also subvert the Proof of Stake (PoS) consensus .

Proof-of-stake is another option beyond proof-of-work (PoW). In PoS, the blockchain is protected by stake-encrypted assets, not by computing power. Many mainstream networks launched last year are PoS networks, such as Tezos, Algorand, and Cosmos , and many more are expected to come online next year.

When a large number of tokens are pledged in the network, the PoS system is secure. In most PoS algorithms, as long as 2/3 of all mortgage assets are owned by honest participants, the blockchain is secure.

Now suppose you are a hacker trying to disrupt a PoS system. What would you do?

At a higher level, there are two ways to attack: One way is that you can accumulate one-third of all outstanding stakes , but doing so is not only difficult but also costly. The second method is that you can convince the current group of pledgers to stop staking and then take over this much cheaper network .

The second method sounds attractive in principle, but how can we stop the current group of pledgers? There is an easy way: give them more attractive benefits elsewhere .

PoS will only work if the holders are motivated to pledge, and only if the holders are sufficiently rewarded will they be motivated to pledge. But if they can get better returns elsewhere, then it is conceivable that a rational investor will unpledge their assets and transfer them to any place where higher returns can be obtained. If this siphoning effect sucks out the mortgaged assets, then the security of the network will be reduced.

Literally, the on- chain loan market competes directly with pledges -which means that they compete directly with the security of the agreement!

This intuitive inference is simple. So, can we simulate the likelihood of this happening?

Simulation pledge game

The best way to mimic a complex economic system like Ethereum DeFi is through a technique called "agent-based simulation ." In agent-based simulation, you need to model a large number of agents with different strategies and risk preferences, and then let them make decisions independently of each other. By observing how this nascent system evolves (and repeating experiments thousands of times with different parameters), you can gain data confidence and know how the network will work in different scenarios.

Tarun Chitra, the founder of the blockchain network simulation platform Gauntlet, does exactly that in his latest paper, Competitive equilibria between staking and on-chain lending. He analyzed how on-chain lending interacts with PoS pledges, assuming that the bettor is economically rational. (The meaning of economic rationality is: each agent has a portfolio of assets, these assets may be lent, pledged, held or traded, and each agent's risk appetite is slightly different. Each agent will Rebalance assets in the portfolio to maximize their risk-adjusted returns.)

01

Comparison of pledged ETH supply and borrowed ETH supply

The above figure is a single simulation, assuming how the ETH (orange line) and the pledged ETH (blue line) in Compound change over time in the case of Bitcoin block reward deflation.

The meaning expressed in the figure is probably this: Initially, most ETH holders pledged their ETH. But over time, the block rewards have declined. Compared to lending to Compound, the return on pledged ETH is not so attractive, so almost everyone transfers their ETH into Compound . (You can ignore the initial rollover between borrowing and pledge, which is caused by random initialization.)

Tarun made several theoretical closed predictions, which were verified through simulation experiments. The most important point is: PoS chains cannot safely use deflationary monetary policy . If the return on the PoS block decreases over time, then its long-term equilibrium will be: almost all assets are lent, not pledged.

Let's go further. Knowing this, what can an attacker do?

If an attacker subsidizes an on-chain lending market and pays a better long-term interest rate, this will move the pledger from pledge to lending. Then, once the on-chain pledges have dried up, they can enter and control this already barren pledge market.

Taking Compound as an example, in order to reduce the borrowing rate, the attacker only needs to borrow money from the pool. Its risk model automatically adjusts interest rates upwards. As attackers keep borrowing money, more and more pledgers turn to borrowing, and PoS security is slowly being exhausted. This could lead to a snowball effect: bystanders seeing that the security of the protocol is running out, they will want to short the token, which will further increase Compound's borrowing demand.

You can think of this pledged network as a sweater, with the attacker pulling a thread: interest rates . When the attacker begins to pull the head of the thread, the sweater will respond to the pressure. The longer the thread is drawn, the longer the attacker will break the whole sweater apart.

02

Of course, to accomplish this, the attackers need to borrow assets from Compound, which means they must provide collateral to borrow. However, if they use USDC or tokenized bitcoin as collateral, then the attacker will not bear the price exposure to ETH when attacking the network. If such an attack occurs on the PoW chain, it will need to occupy a lot of short positions off the chain. But in PoS, an attacker can hedge all price risks while performing such an attack, and all operations do not require anyone's permission and are completely implemented on the chain.

This is a surprising result! It seems that DeFi and consensus are completely vertical areas, but in fact, the competitive lending market has a significant impact on the security of PoS.

Well, what does this mean for PoS?

First of all, let's take a moment to reflect on: God, Turing's complete blockchain is too complicated! Adding smart contracts to the blockchain seems like it should be a pure application layer decision. And smart contracts have given birth to complex markets like Compound, which interact with the underlying security of the blockchain in a less obvious way (PoW's time bandit or fork attack provides similar examples). We often talk about "Layer 1" or "Layer 2", but unlike the traditional computing OSI model, the blockchain is actually full of cracked abstractions .

It also reminds us: we cannot continue to pretend that the blockchain is a closed system, and its only incentive lies within the agreement. Blockchain is too complex and interconnected to analyze in a vacuum. In this regard, little is known about the actual security of PoS .

As long as the PoS network is in an open ecosystem, any on-chain lending market can erode its security by providing higher returns . In fact, even if a system does not directly support smart contracts (such as Cosmos ATOM), as long as the pledged assets can be tokenized and transferred across chains, the tokenized lending market on the other chain will also be affected!

Worried about this isn't it silly?

We discussed what an active attack might look like. Of course, the capital cost of such an attack may be too high, so it is not realistic. But this can happen even if no one does evil. For example, some venture capital-assisted projects begin to subsidize their respective interest rates and try to compete with each other, which may inadvertently reduce network security. The end result will be the same: a dangerous and insecure consensus layer.

How can PoS systems prevent this?

At a higher level, a pledge network has two options: either force the on-chain loan market to set an interest rate cap, or compete with the loan market by offering competitive returns to pledgers.

The first strategy is similar to capital controls. This is obviously impossible on a permissionless blockchain-even if capital controls exist, borrowers and lenders can build the same market off-chain or through adjacent interoperable chains.

The only realistic precaution is to use flexible monetary policy when necessary to provide competitive interest rates . Any fixed inflation system is vulnerable to this attack, because the attacker always knows exactly how much subsidy the loan market can provide to cannibalize the bettor.

This defense is similar to a central bank adjusting interest rates to achieve its economic goals. A PoS network must use its issuance rate as a tool to respond to market pressures in real time .

In this sense, the current foundation of Ethereum is not bad, because it does not promise any fixed monetary policy. But further, all PoS networks must take this trade-off into account. Both on-chain governance and off-chain governance methods can work, but if the PoS protocol wants to remain secure forever, it must have an adaptive monetary policy.

For more details, check out this article (https://docsend.com/view/697feid). I also pay tribute to the outstanding work of the Tarun and Gauntlet teams.

Gauntlet is a portfolio company of Dragonfly Capital. Thanks to Tarun Chitra, Ivan Bogatyy, and John Morrow for their feedback on this article.

Lianwen obtained the author's authorization to publish the Chinese version of this article. Original link: https://medium.com/dragonfly-research/how-defi-cannibalizes-pos-security-84b146f00697