The move to ETH 2.0 could open up new attack vectors for DeFi applications, according to MolochDao researchers, but scaling will help smooth them out.
Tanner Hoban and Thomas Borgers, funded by MolochDao, analyzed the incentive and security framework for ETH 2.0 based on PoS. To ensure security, more than 13.8% ETH should participate in network staking.
In their article “Ethereum 2.0 Economic Review: An Analysis of Ethereum’s Staking Incentive Model,” the co-authors argue that “increasing the volume of options and the use of unique financial instruments, such as ‘express loans’ to access derivatives, could become the preferred attack tools for hackers. “.
However, researchers offer a solution to this problem. In the article, Hoban and Borgers note that “attacks on ETH 2.0 are easier to scale than attacks on ETH 1.0.” Participation in the network should be made easier as users do not need as much equipment or electricity as they do now. To carry out attacks, you need no more devices, but more ETH. And there are many markets that open up access to them:
“The rise of DeFi and the move to ETH 2.0 could significantly accelerate and accelerate this trend,” the study authors note.
Many community members have already assessed the inherent risks of Ethereum-based platforms. There is enough example of attacks on the DeFi bZx project, which lost more than 12,000 ETH in February due to the actions of hackers. While the DeFi industry is already exposed to many risks in the current version, Borgers said that attacks on applications “will continue on ETH 2.0, and it looks like the next version of the network will be just as, and possibly more vulnerable, for them.”
In their analysis, Hoban and Borgers found that DeFi applications will be most at risk during the transition to Ethereum 2.0. This is because at the beginning of the transition, validators must block their ETH until the PoW chain is completely merged with the PoS chain. This reduces liquidity, and the study authors believe it could lead to centralization.
Given the choice between waiting or using ETH to profit, users are more likely to turn to centralized exchanges and derivatives trading platforms.
“The high concentration of validators using these platforms poses a risk of centralization and unpredictability,” the researchers write. In other words, the more derivatives, the more problems – at least during the transition period.
Borgers said that some types of attacks may become more complex and new types of attacks will appear, in addition to those targeting derivatives. Therefore, it supports the “slow deployment of ETH 2.0, which gives us enough time to test.”
After the full transition to Ethereum 2.0, network security should be based on “three key variables: the number of ETH participating in the staking, the price of ETH and the volatility”. Borgers explained that Ethereum’s current iteration relies on a hashrate for security. The authors set out their arguments at the conclusion of the article:
“Our main concern regarding the economic stability and security of Ethereum 2.0 is network stability at low ETH prices. Profitability is decreasing, which can force validators to leave the network, and this will further reduce its security. “
With fewer validators, the cost of attacking the network also decreases. Hoban and Borgers have calculated that for “adequate security” networks, at least 13.8% of ETH should participate in staking. To encourage users to stake, they recommend doubling the planned base reward ratio. This indicator, along with the amount of ETH in staking, helps determine how much steakers can earn in ETH.
“Security is highly dependent on the price of ETH and the number of ETH staking participants. We need to make sure there is enough ETH involved in staking as this is the only variable we can actually influence directly, ”Borgers said.
Adding financial incentives is possible, given that security for a PoS network should actually be cheaper than for Ethereum on PoW. “We think the network is underpaying for security,” wrote Hoban and Borgers.
Borgers believes that the transition to ETH 2.0 is justified from a security point of view, but its details still need to be further worked out.
Recently, Ethereum 2.0 lead developer Justin Drake said that the launch of the update stage 0 can not wait until early next year. Recall that in May, Ethereum developers launched the first multi-client Ethereum 2.0 test network, Schlesi, and the new iteration of the test network, Altona , on June 29.