Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better security #928

Open
2 of 4 tasks
rndquu opened this issue Apr 16, 2024 · 5 comments
Open
2 of 4 tasks

Better security #928

rndquu opened this issue Apr 16, 2024 · 5 comments

Comments

@rndquu
Copy link
Member

rndquu commented Apr 16, 2024

After the deployment we'll have most of the liquidity resided in the LibUbiquityPool so it makes sense to make its security better by imlementing more fuzzing and invariant tests, adding formal verification and monitoring solution.

@0x4007 FYI
@rndquu rndquu mentioned this issue Apr 17, 2024
Open
Open
@zugdev
Copy link
Contributor

zugdev commented Oct 3, 2024
edited
Loading

@rndquu one very good and novel solution for security monitoring is Drosera. They allow developers to deploy contracts which they call "Traps", which must implement two functions one to collect data and another one which will be the response function. The trap is then run on a shadow forked network every single block by their high trust operators, this allows for very expensive computation to be made for free since no gas will be spent. Once some condition found by the data collecting function happens the response function is triggered and the operator will call a specified function in a specified contract.

Drosera is currently private but I happen to be extremely close to the team and I have access to deploy traps. Here is one example of trap I've deployed. You can check the contract's transaction history to see trap was indeed successful in automating these super frequent , every 10 minutes, calls.

My idea is:

  1. Deploy a PauseManager contract:
    This contract will have a single entry point that pauses all contracts in a single function. It will also contain an unpause similar function. Could have two roles, one for the trap and another for the PauseManager owner.

  2. Deploy the Trap
    The trap will monitor the protocol and call pause on PauseManager if condition is met.

This aligned with traditional security monitoring can be very powerful.

@rndquu
Copy link
Member Author

rndquu commented Oct 3, 2024
edited
Loading

@zugdev What's the difference between https://www.drosera.io/ and https://www.openzeppelin.com/defender? I believe both of them work the same way:
a) Check for pause condition (off-chain)
b) Pause (on-chain)

@zugdev
Copy link
Contributor

zugdev commented Oct 4, 2024

@zugdev What's the difference between https://www.drosera.io/ and https://www.openzeppelin.com/defender? I believe both of them work the same way:
a) Check for pause condition (off-chain)
b) Pause (on-chain)

There are actually a couple differences:

  1. Drosera runs in a shadow fork (local chain) which means they run in the EVM environment. They even have proof-of-execution capabilities with zk-SNARKs.

  2. Traps as contracts mean that you can run foundry to test infra, this is very different from a completely off-chain setup which is not even transparent. Drosera allows for a contract and CLI deployment and setup, you can even write shell scripts to keep CLI run logs "open sourced".

  3. It can do much more than pause, it can collect any arbitrary data and call any arbitrary function so there are much more powerful uses. In the example I linked, I use it to automate callings routinely, but you can even leverage the fact computation is done off-chain to do much harder calculations.

  4. No KYC, all on-chain. No logins, no password and team key management.

@rndquu
Copy link
Member Author

rndquu commented Oct 4, 2024

@zugdev What's the difference between https://www.drosera.io/ and https://www.openzeppelin.com/defender? I believe both of them work the same way:
a) Check for pause condition (off-chain)
b) Pause (on-chain)

There are actually a couple differences:

  1. Drosera runs in a shadow fork (local chain) which means they run in the EVM environment. They even have proof-of-execution capabilities with zk-SNARKs.
  2. Traps as contracts mean that you can run foundry to test infra, this is very different from a completely off-chain setup which is not even transparent. Drosera allows for a contract and CLI deployment and setup, you can even write shell scripts to keep CLI run logs "open sourced".
  3. It can do much more than pause, it can collect any arbitrary data and call any arbitrary function so there are much more powerful uses. In the example I linked, I use it to automate callings routinely, but you can even leverage the fact computation is done off-chain to do much harder calculations.
  4. No KYC, all on-chain. No logins, no password and team key management.

We already have a monitoring solution almost ready to be shipped in #959 via https://www.openzeppelin.com/defender

@zugdev
Copy link
Contributor

zugdev commented Oct 4, 2024

We already have a monitoring solution almost ready to be shipped

Your call, if you want to have both setup I'd be happy to help.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rndquu @zugdev