Ethereum Users Propose ERC 7265 to Thwart DeFi Hacks – How Does it Work?
The attacks on DeFi protocols have become all too common, draining billions in user funds. According to DeFiLlama, around $6.6 billion was stolen in exploits so far, with $5.31 billion of that going to DeFi protocol hackers.
Builder Diyahir argued in a blog post that, "no amount of audits, insurance, and white-hat hacker rewards will stop hackers from finding clever ways to extract value from a growing public honey pot."
"One line of code is the difference between working as intended and completely wrecked."
The new standard - ERC (Ethereum Request for Comments) 7265, proposed by Diyahir, tcb_00, and real_philogy - would enable protocols to integrate a "circuit breaker," adding a back-stop to smart contracts, which would stop tokens from leaving those contracts, thus preventing the scenario in which all funds get stolen.
Per the proposal,
"This standard outlines a smart contract interface for a Circuit Breaker that triggers a temporary halt on protocol-wide token outflows when a threshold is exceeded for a predefined metric.
Developers would have the ability to specify if the circuit breaker contract should delay settlement and "temporarily custody outflows" during the cooldown period, or if it should revert on attempted outflows.
This is meant to give flexibility to developers and assure correct internal accounting for protocols.
More Time to Protect Funds
When a protocol is attacked, it commonly loses everything and its total value locked (TVL) drops to 0 in seconds.
Meir Bank of Fluid Protocol said that most protocols lack sufficient response time to react to a hack. By the time anyone even notices the issue, it's already too late.
The new standard may be a solution.
Per Diyahir, the attacks will still happen no matter what. However,
"The goal here is not to entirely end hacks but to extend the actionable period that the protocol has to address the situation."
ERC 7265 would prevent the attacker from draining an entire contract, while the majority of funds lost would be recovered, claimed Bank.
A circuit breaker is only appropriate for projects which are already upgradeable, and it does not add any additional centralization, Diyahir said.
This is still a proposed standard, meaning that the Ethereum community would need to pass it, while the core team would need to accept it as the final standard and implement it as such.
- Report: Over $204 Million Lost to DeFi Hacks and Scams in Q2
- Attacker Siphons $10 Million in Crypto From Poly Network – Here's What Happened
- What is DeFi? Decentralized Finance Explained
- Top 10 Decentralized Exchanges (DEX) in 2023