Nowadays, the lending market on the blockchain has become the most popular decentralized financial (DeFi) application scenario, and the total borrowing generated through MakerDAO, Compound, and dYdX has exceeded $ 600 million. On-chain lending even has the potential to replace traditional lending methods. But the facts seem more complicated: it also poses a threat to the proof-of-stake consensus mechanism (PoS).
Proof-of-Stake (PoS) is an alternative consensus algorithm for Proof-of-Work (PoW). Proof-of-Work is to guarantee the normal operation of the blockchain through hashing power. Proof-of-Stake is the number of digital assets mortgaged on the chain To protect the consensus of the blockchain. Most of the blockchain projects launched in the past year are PoS consensus algorithms (Tezos, Algorand, Cosmos, etc.), and there will be more blockchain projects using the PoS mechanism in the next year.
The security of the PoS system is guaranteed by the amount of digital currency mortgaged in the network. In most PoS algorithms, as long as 2/3 of the collateral amount is owned by honest participants, the blockchain system can be considered safe.
- Vitalik Buterin: PoS has higher efficiency and security than PoW
- Last year's early adopters of Staking are now earning or losing?
- A picture understands the future 5-10 years of Ethereum, PoW is tragically abandoned by V God
- Vitalik Buterin: Ethereum 2.0 Phase 0 is expected to start this summer, and PoS will eventually become a reality
- Free and easy week review | 6 years of sword grinding, past and present of Ethereum PoS magic
- Popular Science | PoS mining and bank deposits to earn interest, are the same?
Now imagine what would you do if you were a disruptor of a PoS system?
You can think of two kinds of attack methods: one is that you control at least 1/3 of the total amount of collateral in the network, but this method is difficult to operate and expensive; the other is that you can try to convince the current mortgagors Stop collateral and place it on other networks that are more accessible.
The second approach sounds attractive in theory, but how can you convince current mortgagors to stop the current mortgage? One easy way is to provide them with more attractive benefits.
The basis of PoS's normal operation is that mortgagors can obtain incentives through mortgages, that is, they are willing to participate in mortgages only when the incentive incentives for mortgages are generous. However, if they can get better returns elsewhere, then you should be able to guess that an economically rational mortgagor would abandon the current mortgage and place the mortgaged token somewhere where higher returns can be obtained. If the tokens in the system are continuously extracted from the mortgage system, the security of the entire network will be greatly reduced.
Literally, the on- chain lending application is a direct competitor to on-chain collateral, which means that it is fighting against the security of the entire system protocol!
Agent-based simulation is the best way to model Ethereum DeFi projects. Using agent-based simulation methods, you can simulate a large number of agents with different strategies and risk profiles for independent game simulation. By observing how the system evolves (and repeating the experiment thousands of times with different parameters), you can get the statistical confidence values that the network exhibits in different scenarios.
Tarun Chitra from Gauntlet discusses this in detail in his latest paper.
He assumed that the mortgagors in the network were all rational people in economics. After analyzing the interaction between on-chain lending and PoS mortgages, he obtained the competitive equilibrium between collateral and on-chain lending . (Economic rationality means: each agent has a portfolio of assets, either lending assets, or holding assets, or trading assets, and each agent's investment risk profile is different. They will Rebalance the assets in your portfolio to maximize the return on investment after adjusting for risk.)
Comparison of the amount of ETH in the mortgage and the amount of ETH in the loan
The picture above is a simulation under a scenario, which simulates the amount of ETH on the Compound (orange curve) and the amount of ETH mortgaged on the Ethereum network (blue curve) ), Which is based on the assumption of a block reward deflation model similar to Bitcoin.
This chart mainly illustrates: At the beginning, most ETH holders will vote for ETH instead of financial lending. However, as time goes by, the block reward that the mortgage can get is getting lower and lower, and the income generated from participating in the mortgage loan is becoming less and less attractive, so almost all users will rebalance their investment strategies and invest ETH in Compound's mortgage loan. (You can ignore the fluctuation of the borrowing curve and the voting curve at the beginning, which is caused by the random initialization process.)
Tarun made several theoretically closed forms of predictions that have been verified by simulations. But most importantly: PoS chains using a deflation model are not secure. If the number of block rewards on the PoS chain will decrease over time, then in the long run, almost all assets will be used for mortgage lending instead of on-chain voting .
We can go one step further: if the attackers knew this, what would they do?
If an attacker designs an on-chain lending market and offers richer interest rates, this will drive users of mortgage voting to participate in mortgage lending. Later, once the mortgage voting pool on the chain is drained, attackers can easily enter the mortgage market and occupy a dominant position.
Of course, in Compound, the way to lower the borrowing rate is simply to continuously borrow from the asset pool. The risk model then automatically adjusts interest rates upwards. As long as attackers continuously borrow funds, lending rates will continue to rise, more and more voting mortgagors will turn to the financial lending market, and the security of PoS networks will become worse and worse. This may lead to a snowball effect: When market observers watch the total amount of collateral in the network decrease, they will begin to short ETH, which further increases the demand for loans in the Compound market. You can think of the entire mortgage network as a sweater, and the attacker only needs to pull a single yarn: the interest rate. As the attacker pulls this sweater, the sweater starts to take off. The longer and longer this thread is, the longer the attacker will take off the entire sweater.
Of course, the attacker needs to borrow assets through Compound to complete this attack, which means that he must invest in collateral to borrow. However, if they use USDC or anchored bitcoin as collateral, then when an attacker attacks the network, ETH has no price risk to him. Adopting this attack method on the PoW chain requires large short positions in off-chain assets. But in a PoS network, an attacker can perform this type of attack while hedging all its price risks. All risks do not require anyone's permission. All attacks occur on the chain.
This is a shocking conclusion! At first glance, DeFi and consensus mechanisms are two sets of completely orthogonal mechanisms, but in fact, the financial lending market on the chain will have a great impact on the security of PoS consensus.
First, let's take a moment to think about it: there is a crap, Turing's complete blockchain system is very complicated! Adding smart contracts to a blockchain system should look like a decision at the application layer. But smart contract systems have spawned complex markets like Compound, which affect the security of the entire chain in a subtle way (see examples of PoW long-range attacks or fork attacks). We often talk about "the first layer (Layer 1)" or "the second layer (Layer 2)" when talking about the blockchain, but this concept is different from the traditional computing OSI layered model. For now, blockchain design is full of flawless abstract models.
At the same time, it reminds us: we can't always pretend that the blockchain is a closed system, and its incentive system is not just for the system. Blockchain systems are too complex to analyze in an "ideal environment." In this regard, we know very little about the true security of PoS systems.
As long as the PoS network is in an open ecosystem, any on-chain lending market can affect its security by providing higher yields. In fact, even if this system does not directly support smart contracts (like ATOM of Cosmos), if the mortgage assets on this chain can be tokenized and can be transferred across chains, the tokenized lending market on another chain can still generate The same effect!
Is this worrying?
We have just talked about how to carry out an active attack, and the capital cost of the attack may be too high for you. But even if no one wants to do evil, this attack can still happen! It may be just a VC investment project. If you want to lower your interest rate and improve competitiveness, it has virtually affected the security of the entire chain. Regardless, the effect on the system is the same: it creates insecurity at the consensus layer.
Generally speaking, PoS systems have two options to deal with this attack: either to force the on-chain lending market to limit its interest rate; or to increase the yield of on-chain mortgages to provide higher returns for mortgagors to borrow on-chain The market competes.
The first option looks too centralized. This is an impossible solution for non-alliance chain systems. Even if this is done, borrowers and lenders can still set interest rates in the form of off-chain or side-chain.
The only realistic strategy is to use defensive monetary policy defensively to provide competitive mortgage returns when necessary. Any fixed inflation mechanism is vulnerable to this attack, because attackers always know exactly how much interest rate they need to subsidize in the lending market to attract mortgagors in the network.
This defensive approach is similar to a central bank adjusting interest rates to achieve its economic goals. The PoS network must use the adjustment of its issuance rate as a tool to regulate real-time market pressure.
In this sense, Ethereum is indeed in a good age because it does not commit to any fixed monetary policy. But from now on, all PoS networks should pay attention to this trade-off. For community governance, on-chain governance and off-chain governance are all feasible, but if the network of the PoS protocol wants to ensure long-term security, it must adopt a flexible monetary policy .
Disclosure: Gauntlet is a portfolio company of Dragonfly Capital.
Thanks to Tarun Chitra, Ivan Bogatyy, and John Morrow for their criticism of this article.