Ethereum Users Propose ERC 7265 to Thwart DeFi Hacks – How Does it Work?

Source: AdobeStock / HALMembers of the Ethereum community have proposed a new standard meant to improve the security of decentralized finance (DeFi) protocols and mitigate hacks

The attacks on DeFi protocols have become all too common, draining billions in user funds. According to DeFiLlama, around $6.6 billion was stolen in exploits so far, with $5.31 billion of that going to DeFi protocol hackers.

Builder Diyahir argued in a blog post that, “no amount of audits, insurance, and white-hat hacker rewards will stop hackers from finding clever ways to extract value from a growing public honey pot.”

“One line of code is the difference between working as intended and completely wrecked.”

The new standard - ERC (Ethereum Request for Comments) 7265, proposed by Diyahir, tcb_00, and real_philogy - would enable protocols to integrate a “circuit breaker,” adding a back-stop to smart contracts, which would stop tokens from leaving those contracts, thus preventing the scenario in which all funds get stolen

Per the proposal,

"This standard outlines a smart contract interface for a Circuit Breaker that triggers a temporary halt on protocol-wide token outflows when a threshold is exceeded for a predefined metric.

Developers would have the ability to specify if the circuit breaker contract should delay settlement and “temporarily custody outflows” during the cooldown period, or if it should revert on attempted outflows

This is meant to give flexibility to developers and assure correct internal accounting for protocols.

More Time to Protect Funds

When a protocol is attacked, it commonly loses everything and its total value locked (TVL) drops to 0 in seconds

Meir Bank of Fluid Protocol said that most protocols lack sufficient response time to react to a hack. By the time anyone even notices the issue, it’s already too late.

The new standard may be a solution

Per Diyahir, the attacks will still happen no matter what. However,

“The goal here is not to entirely end hacks but to extend the actionable period that the protocol has to address the situation.”

ERC 7265 would prevent the attacker from draining an entire contract, while the majority of funds lost would be recovered, claimed Bank

A circuit breaker is only appropriate for projects which are already upgradeable, and it does not add any additional centralization, Diyahir said

6/ The Circuit Breaker is intended for protocols which are upgradeable by governance, which make up the majority of DeFi today.

These protocols and their assets are already fully controlled by governance, so there is no added centralization risk.

— Meir Bank (@MeirBank) July 3, 2023

This is still a proposed standard, meaning that the Ethereum community would need to pass it, while the core team would need to accept it as the final standard and implement it as such

____

Learn more:

• Report: Over $204 Million Lost to DeFi Hacks and Scams in Q2

• Attacker Siphons $10 Million in Crypto From Poly Network – Here’s What Happened

• What is DeFi? Decentralized Finance Explained

• Top 10 Decentralized Exchanges (DEX) in 2023