TL;DR
This standard outlines a smart contract interface for a Circuit Breaker that triggers a temporary halt on protocol-wide token outflows when a threshold is exceeded for a predefined metric. This circuit breaker does not assume the structure of the underlying protocol, and mainly serves as a pass-through vehicle for token outflows. In order to maintain correct internal accounting for integrated protocols, and to provide maximum flexibility for developers, developers can specify if the circuit breaker contract should delay settlement and temporarily custody outflows during the cooldown period, or revert on attempted outflows.
quote from Fellowship of Ethereum Magicians on EIP-7265: the Circuit Breaker Standard
Overview
GM AAVE Community & AAVE Team,
we are proposing to research and build tailored circuit breaker implementations to improve the security of the AAVE protocol and prevent most known attack vectors by default. Furthermore, our proposal will enhance and highly incentivize governance participation, as we are introducing new governance mechanisms that will allow safe management of emergency situations through DAO votings.
The idea of Circuit Breakers is not new. However, with the most recent developments under EIP-7265, new opportunities have evolved. Especially for asset-heavy protocols such as AAVE. Lightweight updates could exponentially increase the protocol’s security.
Being actively involved in the development of to EIP-7265, we are familiar with circuit breakers and their implementations.
With our contributions to EIP-7265, our research work, and our demos at various hackathons, we managed to prove how exploits on contracts with in-production vulnerabilities could be prevented.
The two main ones have been our Decentralized Circuit Breaker @ ETHGlobal Paris 2023 and our Firewall Hack at SOZU HAUS Paris 2023. Another one has been an on-chain firewall to protect Uniswap v3 from fraudulent contract interactions. A demo of this use-case received great acknowledgement and won over 5 prizes at the ETHPrague Hackathon.
After demonstrating the effectiveness of our approach through our prize-winning demos, and having raised enough confidence in circuit breaker implementations through our research and contributions, we are keen to further this exploration in collaboration with the AAVE Grants DAO.
For this project, we propose to develop a novel on-chain firewall (circuit breaker) system designed for optimal security, flexibility, and governance. This system will provide advanced measures to safeguard AAVE against all sorts of third-party attack vectors, all the while, preserving the core decentralized ethos of AAVE.
This proposed project will not necessitate any immediate changes or updates to the AAVE protocol, until mainnet integration decisions are made.
Why we do this:
$8.6 Billion is locked in Liquidity on AAVE across 5 different networks. If we succeed we will have added another layer of security to AAVE, protecting its assets.
Goals
- Develop innovative methods for proactive protocol security within the AAVE ecosystem.
- Enhance and secure the upcoming modifications to the AAVE Protocol by integrating tailor-made circuit-breakers.
- Quantify and minimize protocol risks through the use of circuit-breakers.
- Improve user experience by offering opt-in security features.
- Enhancing Governance Participation by adding new functionality that naturally:
- Motivates participation from individual voters
- Increases the number of high-quality and engaged delegate platforms
- Improves the visibility and understanding of governance processes and proposals
- Identify and overcome potential implementation challenges before the integration of circuit breakers into the AAVE Protocol.
Project Details:
Core Components
Documentation
- Research results outlining the benefits and technicalities of implementing circuit-breaker systems to AAVE.
- Detailed description of all functionalities.
- Step-by-step guide for circuit-breaker implementation.
- Limitations and potential obstacles in the use of circuit-breakers
- Suitable governance solutions for handling a triggered circuit breaker event
- Outline and Analysis of circuit-breaker event strategies
- Github repository, complete with all relevant unit tests
Frontend
- Dashboard:
- Security monitoring & analytics
- UI Components, displaying relevant Data
- UX improvements, seamlessly integrating new functionality to the existing interface (if given)
- Dashboard, displaying subgraph data relevant to AAVE stakeholders
- Governance Interface
- For handling proposals in emergency situations, such as circuit breaker events
Smart Contracts
- Development and testing of smart contracts to facilitate circuit breaker functionalities.
Subgraphs
- Creation of subgraphs to gather data relevant to firewall functionalities and AAVE stakeholders.
Scope of Work, Milestones, Grant Allocation
We propose to divide the grant into three phases, corresponding to the complexity and novelty of the project. We are asking for an initial grant of $15K for Phase 1. Upon successful completion of Phase 1, we intend to discuss further phases and the corresponding funding requirements with AAVE Grants DAO.
Milestone 1: Research & Proof-of-Concept
- Estimated Duration: 1 Month
- FTE: 3 (*FTE = Full Time Equivalent)
- Costs: $15,000
- Estimated delivery date: 30th August 2023
This phase will focus on in-depth research and the creation of proof-of-concepts demonstrating how tailored circuit-breakers can enhance the security and functionality of AAVE.
Number | Deliverable | Specification |
---|---|---|
1. | Documentation | We will provide both inline documentation of the code and examples that explain how on-chain security methods, mainly circuit-breakers could be integrated to the AAVE Protocol. |
All technical components needed to realise this, will be explained.
The documentation will also include the detailed research findings that address
→ technical limitations,
→ potential risks,
→ benefits
→ different technical and non-technical implications for AAVE |
| 2. | Proof-of-Concepts | Based on examples that result from the conducted research, functional prototypes will be build proving its technical feasibility.
This proof-of-concepts also serve for demonstration purposes to the AAVE Grants DAO and its stakeholders, so they have more material to evaluate the further future of this Grant. |
| 3. | Technical Blog Post | A technical blogpost explaining the proof-of-concept and research findings |
We are asking for $15K for this proof-of-concept milestone, to be paid upon grant approval.
Milestone 2: Prototyping & Production
- Estimated Duration: 2 Months
- FTE: 3
- Costs: $30,000
- Estimated delivery date: 30th October 2023
The second phase will concentrate on the development and testing of circuit breaker prototypes based on the findings of the first phase. The prototypes will showcase the practicality and benefits of integrating on-chain firewalls into the AAVE protocol.
Number | Deliverable | Specification |
---|---|---|
1. | Smart Contracts | Development and testing of smart contracts to facilitate circuit breaker functionalities. |
2. | Subgraphs | to gather data relevant to firewall functionalities and AAVE stakeholders. |
→ relevant for voters and governance overall |
| 3. | Frontend | → Dashboard:
◦ security monitoring & analytics
◦ UI Components, displaying relevant Data
◦ UX improvements, seamlessly integrating new functionality to the existing interface (if given)
→ Dashboard, displaying subgraph data relevant to AAVE stakeholders
→ Governance Interface
◦ for handling proposals in emergency situations, such as circuit breaker events |
The TurtleShell Team will also assist in marketing and explaining the integration, including:
- Public blog post and co-marketing.
- Detailed technical explanation of circuit architecture.
- Detailed analysis of security guarantees.
Milestone 3: Testnet Deployment
- Estimated Duration: 1 Month
- FTE: 3
- Costs: $15,000
- Estimated delivery date: 30th November 2023
The final phase will involve the testnet deployment of all firewall components, followed by rigorous testing and refinement to ensure the system is ready for mainnet audit and potential integration into AAVE.
Number | Deliverable | Specification |
---|---|---|
1. | Testing Guide | All code will have proper unit-test coverage (e.g. 95%) to ensure functionality and robustness. In the guide we will describe how to run these tests |
2. | Public and clearly documented open-source repos for: | |
→ Smart Contracts | ||
→ Subgraphs | ||
→ Frontend | We will provide both inline documentation of the code and a basic tutorial that explains how a user can (for example) spin up the application. Application is up, it will be possible to send test transactions that will show how the new functionality of circuit breakers & governance functionalities, work. | |
3. | Testnet deployments | all |
4. | Informational Publications | → Blog Posts, etc. |
The TurtleShell Team will also assist in preparing the system for mainnet deployment, including:
- Coordination with AAVE for all relevant security audits
- Operating and maintaining relevant components such as the frontend and governance interface
- Providing an open-source implementation for backup
Team
Valerio Fichera
- Twitter: valerio_eth
- Telegram handle: nft_valerio
- Github: valeriofichera
Philipp Keinberger
- Twitter: phil10013
- Telegram handle: keinberger
- Github: keinberger
Vinent Daubry
- Twitter: vdaubry
- Telegram handle: vdaubry
- Github: vdaubry
Resources:
The TurtleShell team is fully committed to this project and excited about the potential to enhance the security, reliability, and functionality of AAVE through the integration of circuit breakers. We look forward to your consideration of this proposal.
link to notion page of this proposal, with all further links