The move to ETH 2.0 could open up new attack vectors for DeFi applications, according to MolochDao researchers, but scaling will help smooth them out.
Tanner Hoban and Thomas Borgers, with funding from MolochDao, analyzed the incentive and security framework for ETH 2.0 based on PoS. To ensure security, more than 13.8% ETH should be staked on the network.
In their article “Ethereum 2.0 Economic Review: An Analysis of Ethereum's Staking Incentive Model,” the co-authors argue that “increasing the volume of options and the use of unique financial instruments, such as 'express loans' to access derivatives, could become the preferred attack tools for hackers. ".
However, researchers offer a solution to this problem. In the article, Hoban and Borgers note that "attacks on ETH 2.0 are easier to scale than attacks on ETH 1.0." Network participation should be made easier as users don't need as much equipment or electricity as they do now. To carry out attacks, you need no more devices, but more ETH. And there are many markets that open up access to them:
“The rise of DeFi and the move to ETH 2.0 could significantly accelerate and accelerate this trend,” the study authors note.
Many community members have already assessed the inherent risks of Ethereum-based platforms. An example of attacks on the DeFi bZx project, which lost over 12,000 ETH in February due to hacker actions, is enough. While the DeFi industry is already exposed to many risks in the current version, Borgers said that attacks on applications "will continue on ETH 2.0, and it looks like the next version of the network will be just as, and possibly more vulnerable, for them."
In their analysis, Hoban and Borgers found that DeFi applications will be most at risk during the transition to Ethereum 2.0. This is because at the beginning of the transition, validators must block their ETH until the PoW chain is completely merged with the PoS chain. This reduces liquidity, and the study authors believe it could lead to centralization.
Given the choice between waiting or using ETH to profit, users are more likely to turn to centralized exchanges and derivatives trading platforms.
“The high concentration of validators using these platforms creates the risk of centralization and unpredictability,” the researchers write. In other words, the more derivatives, the more problems - at least during the transition period.
Borgers said that some types of attacks could become more sophisticated and that there will be new types of attacks, in addition to those targeting derivatives. Therefore, it supports "the slow deployment of ETH 2.0, which gives us enough time to test."
After a full transition to Ethereum 2.0, network security should be based on "three key variables: the number of ETH staking participants, the price of ETH, and volatility." Borgers clarified that the current iteration of Ethereum relies on hash rates for security. The authors set out their arguments at the conclusion of the article:
“Our main concern for the economic stability and security of Ethereum 2.0 is network resilience with low ETH prices. Profitability is decreasing, which can force validators to leave the network, and this will further reduce its security. "
With fewer validators, the cost of attacking the network also decreases. Hoban and Borgers calculated that for the network to be "adequately secure", at least 13.8% ETH should be staked. To encourage users to stake, they recommend doubling the planned base reward ratio. This metric, along with the amount of ETH staked, helps determine how much ETH stakers can earn.
“Security is highly dependent on the price of ETH and the number of ETH staking participants. We need to make sure there is enough ETH involved in staking as this is the only variable we can actually influence directly, ”Borgers said.
Adding financial incentives is possible given that security for the PoS network should actually be cheaper than for Ethereum on PoW. “We think the network is underpaid for security,” wrote Hoban and Borgers.
Borgers believes that the transition to ETH 2.0 is justified from a security point of view, but its details still need to be further worked out.
Recently, Ethereum 2.0 lead developer Justin Drake said that the launch of the update stage 0 can not wait until early next year. As a reminder, Ethereum developers launched the first Ethereum 2.0 multi-client testnet, Schlesi, in May, and the new iteration of the testnet, Altona, on June 29th.
