Ad
DeFi risks and protocol safety with Tarun Chitra of Gauntlet Network DeFi risks and protocol safety with Tarun Chitra of Gauntlet Network

DeFi risks and protocol safety with Tarun Chitra of Gauntlet Network

Chitra broke down fundamental differences in security models between PoW and PoS protocols, alongside talking about two categories of DeFi risks. While focusing on attacks caused by unexpected user behaviour, such as rug pulls, his team uses a simulation engine that enables risk predictions.

In this week’s interview with Alex Fazel of crypto edutainment channel Cryptonites, Tarun Chitra discusses the difference between Proof of Stake (PoS) vs Proof of Work (PoW), layer-one protocols, and the risks involved with blockchain tools.

Chitra is CEO at Gauntlet Network, the financial modeling and simulation platform for blockchains, which he co-founded with Rei Chiang in 2018.

For the past seven years, he has been working on simulation-based R&D at the intersection of high-performance computing and AI. His research includes some of the first academic papers examining the economic security properties of DeFi protocols, such as Uniswap and Compound.

In the beginning, Gauntlet focused on doing financial risk measurement of PoS networks, but in mid-2019, when Uniswap hit a $10 million TVL, Chitra and his co-founder decided to shift their focus. According to him, that was the moment when the team dropped the PoS analysis and shifted 100% to measuring risk in DeFi.

This is an episode you don’t want to miss, providing valuable insight into how user behavior models and edge-case scenario simulations enable assessing protocol safety.

Here are some interesting quotes from the interview that dove into more than one riveting topic, touching on hash power, Bitcoin mining, and smart contract attacks.

Differences in security models between PoW and PoS

“If I wanna take over, say a PoW chain, like Bitcoin, I need to actually amass 51% hash power, and that means I need to either buy/spend that much energy, or I need to borrow hash power from mining pools and get them to agree on my attack fork. On the other hand, in PoS someone could actually just borrow the asset itself and then be able to use that to take care of the network.”

“In some sense, in PoW assets, there is a separation between the asset that’s actually being traded and the assets or resource that is being locked to generate the currency. So, PoW is really locking up power, or energy, in order to generate Bitcoin or Ethereum, whereas, in PoS, it’s the staked asset itself, which is much easier to imagine people kind of find the way to make a borrowing market or derivatives market that allows someone to do some of this malicious attacks.”

“Overall, the main core thing that we do is, we’ve built this, sort of like, simulation engine for simulating all these different types of attacks and different types of edge-case scenarios so that we can take in new market data, take in new borrower data, take in new on-chain data, run this simulation and make predictions about how safe or unsafe certain protocols are and whether they should change things.”

Two categories of DeFi risks

“One thing to start with is, we should partition DeFi risks into, sort of, two categories. The first category is pure smart contract risk, so that is, you know, one plus one is supposed to equal two, but someone found a way to call a function, like add, such that one plus one equals five – and that’s sort of, just a bug in the execution of the contract, not a bug in usage.”

“On the other hand, there’s financial risk, and that’s what we focus on, which is dependent on the usage of the protocol. So, the protocol, the code, can be perfectly correct, but under certain market conditions, the user behavior will cause rug pulls. A lot of rug pulls are not actually something that’s wrong with the code.”

“The way that we assess risk is, we take in new data every day from centralized exchanges, from on-chain sources, and then we try to basically say what types of users do we see, and fit a model for how they behave, and then we also say what types of users do we not see, who are sort of orthogonal to the actual behavior, who are maybe more malicious, maybe more, in some ways, use the protocol differently, and then we run simulations as if it’s a game.”

“There’s not a clear hierarchy between safety, I think, in these systems, because of composability. Because you can use one protocol in another protocol and it now co-mingles their risk, it’s not totally – you can’t cleanly segment it. But that’s the beauty of these systems. Because they’re composable you can actually do these things and look at the risk, but you can’t really fractionalize, really discretize the risk into – this is the safest vs. this is not safe.”

Latest Episodes