Life Memo

Tuesday, November 08, 2022

Attack and Defense in Distributed Finance (DeFi)

In the past four years (2018 ~ 2022), the blockchain-based distributed finance (DeFi) industry has raised 253 billion US dollars, and the losses due to attacks have exceeded 3 billion US dollars. Although this is lower than the loss of the traditional financial system, it still sounds the alarm for fintech scholars. Distributed finance is not a silver bullet in the face of multi-level complex attacks.

The paper "SoK: Decentralized Finance (DeFi) Attacks Liyi" co-authored by Imperial College London, Technical University of Munich, University of Macau, Swiss Institute of Technology, University of California, Berkeley, etc. analyzed 77 papers, 30 audit reports, and 181 incidents. Some interesting analysis came up.

First of all, in terms of architecture, the attack involves four layers, from top to bottom:

Protocol layer: realize the application of distributed scenarios, digital currency, exchange services, etc.;
Smart contract layer: code, data structure and execution environment for implementing financial logic;
Consensus layer: consensus algorithm (including PoW, PoS, etc.), incentive mechanism;
Network layer: communication and network protocols, traffic analysis, data transmission, etc.

In addition, there are auxiliary services outside the chain, including client, operation layer, Oracle, etc.

A few statistics:

The attack trend is increasing, with the highest in August 2021, with a monthly loss of 600 million US dollars. 3.1 attacks per month in 2020 and 8.5 in 2022;
Attacks mostly occur at the protocol layer (mostly stablecoins and lending applications), smart contract layers and auxiliary services;
Academic research is relatively average across layers, including network and consensus layers. However, almost all audit reports in the industry focus on smart contracts, and a small amount of them are auxiliary services;
Most attacks are not fast and can be prevented by a pause at the protocol layer. But in fact, only 1 of the 87 protocols can respond within an hour;
Auditing in advance can effectively prevent attacks. 15.49% of unaudited protocols were attacked, while only 4.09% of audited protocols;
Early detection is a more effective method, and most contract loopholes can be detected in advance. However, there is currently a lack of effective protocol layer detection tools;
Most attackers can be traced due to the centralized trading and mining mechanism used.

From the above statistical results, it can be seen that the attack and defense of DeFi is actually very close to the traditional attack and defense. The most common attacks are often not technically sophisticated enough to be identified at an early stage and effectively stopped, but systematic detection tools are currently lacking. In addition, academia and industry focus differently.

Monday, August 15, 2022

Mastering Systematic Thinking

The whole is greater than the sum of its parts, and structure determines system behavior.

What is System Thinking?

System thinking is an approach to problem solving by thinking holistically.

Different from the simple way of thinking about the problem itself intuitively, systematic thinking often needs to observe the behavior, structure, and association of complex systems, summarize its internal laws from different levels, and understand its operation. Furthermore, the internal laws can be changed by adjusting the structure of the system to achieve the goal of changing the behavior of the system.

Focus on the whole, not the parts. Focus on connections, not things.

For example, seeing an apple falling to the ground, the intuitive way of thinking is that the apple will fall to the ground when it is ripe.

Systems thinking may need to consider:

What is the connection between apples, fruit trees and the ground?

What internal law causes the behavior of the apple falling to the ground?

What factors can be changed to prevent apples from falling to the ground?

......

Another example is to see inflation, intuitive thinking may think that it is due to additional currency issuance. New systems thinking takes into account the cyclical laws and distribution mechanisms of the economy.

Why master systems thinking?

The world itself is a complex system, and many problems in real life are dealing with complexity. For example, designing a bridge, building an assembly line, implementing an enterprise software, and so on.

Simple systems tend to be linear, i.e. 1+1=2, while complex systems are usually nonlinear, i.e. 1+1>2.

Usually, due to the limitations of knowledge, cognition, and way of thinking, it is difficult for humans to intuitively see the whole of things.

Also, it's hard to understand it directly for most complex objects.

These all require dissection and thinking using systems thinking, which can help us analyze problems more comprehensively.

How to Master System Thinking

Systematic thinking can be mastered through training, which mainly includes the following steps:

First, to observe the dynamic behavior of the system, including system events, behavior characteristics, and summarize the behavior rules of the system.

Afterwards, its possible internal structure is predicted through behavioral laws.

Further, the divide-and-conquer system is divided into multiple small-scale simple systems according to the structure.

To verify that the predicted structures are accurate, prototypes can be built to conduct experiments. Make adjustments through experimental feedback.

Tuesday, July 12, 2022

Some whimsical thoughts

1. From the point of view of computational complexity, polynomial means equivalence, and exponent means difference; from the point of view of number, polynomial is an equivalence class, and exponent brings about the difference of rank. So, with a high probability, P!=NP . But why are indices so special? Can it be analyzed from an information theory perspective? In addition, from the perspective of differentiation, it means dimensionality reduction for polynomials; exponents maintain invariance, is it related to this?

2. Financial activity is like water, flowing in the direction of potential decline. The amount of water in the process does not change, but it will affect the environment on the path. Without path control, water flow can cause bad results. If there is demand, and there is no path, the flow may spontaneously rush out a new path.

3. The basic principles of the natural sciences have been studied relatively clearly, but the basic principles of the social sciences seem to be unclear, and in many places contradict the laws of the natural sciences. But living things themselves should obey the laws of nature. Unless it’s because of the introduction of a new variable through some spontaneous or other behavior.

4. The meaning of mathematics is to grasp the essence of the problem. Consistency in a system can be seen through different forms. For example, high dimensions look at low dimensions, and complex numbers look at simple numbers. Conversely, generalization from general concrete operations to abstract more general operations, such as addition, subtraction, multiplication and division, reflects the law of association between things. Perhaps, to study mathematics is to study how the universe is constructed.

5. Many times, the idea of solving the problem cannot be found because the problem has not been clearly defined. So the definition is the hardest. The reason why Tao Te Ching is difficult to understand is precisely because of the lack of this premise of definition. In this sense, the range of human perception depends on the ability to express language. So, are the expressive abilities of different languages equivalent? If not equivalent, which language is more efficient?

6. Asking questions is sometimes more important than solving them, especially in cutting-edge fields. Science is to ask questions and further find solutions. Engineering is more important to achieve better.

7. Increasing entropy means eliminating difference; decreasing entropy means introducing difference. The basic form of difference expression is comparison. And sorting is undoubtedly a natural comparison. Nature doesn’t like comparisons, but humans do.

8. The traditional goal of Eastern education is basic training, which means that there will be people who cannot get enough to eat. In the information age, there are more ways to access knowledge, which means that personal learning will become more critical; it means that education will return to the elite of Western education.

9. In the past, human civilization was based on individual abilities, that is, the development of the whole depended on talented individuals. And this model has basically approached its limit. The follow-up is either to develop group intelligence cooperation; or to see if machine-assisted thinking can break through.

10. The world is smooth in most cases, which means that the laws summarized through local analysis are likely to be general. It also means that many things have prior knowledge. But once there are a few unsmooth situations, there will be more out of control than expected.

11. Learning new knowledge will go through four stages: not understanding, feeling understood but unable to speak, being able to explain clearly to people in the same field, and being able to explain clearly across fields. Therefore, being able to talk about a thing means that you have already started; talking about a complex issue in a simple way means you really understand it.

12. Transformation (compression, encryption…) does not change the dimension and does not lose information, so it is reversible; but dimensionality reduction (hash) will lose information and be irreversible.

13. If DNA is the code for software, biology is the form in which the software’s interpretation operates. But where does consciousness come from? The essence of the physical world is information, but consciousness is not information.

14. Natural evolution is between intelligent design and random evolution, but because there are external influences, it is closer to intelligent design than random selection; but civilization evolution currently cannot see where the external influence is, which may be why civilization evolves Reasons for slower evolution relative to nature?

15. There are two major directions in the evolution of civilization: one is that all individuals greatly strengthen their ability to communicate and form a community; one is the great development of science and technology, and individuals completely separate from the group and exist independently.

16. The difference between countable and uncountable is that after separately countable division, the former will be finite, while the latter will remain infinite.

17. Information → increase order → break symmetry → destroy energy → generate mass. But how does the reverse generate information from mass? If it can also be proved, then information, energy, and quality can be unified, and the world will no longer have mysteries.

18. Both absolutely ordered and absolutely disordered systems are fragile, and most sustainable systems are always somewhere in between, and can constantly adjust themselves.

19. From the point of view of the scalability and complexity of interaction, the peer-to-peer network is polynomial, the centralized network is linear, and the hierarchical network is logarithmic. This, in turn, means that as the size of the network increases, most will naturally go through such processes as peer-to-peer, centralized, and hierarchical.

20. The ultimate mystery of how the world works is so fascinating. When I was young, I naturally took physics as my research direction. However, it soon became apparent that the subjects were unable to recognize the system itself. Probably the best way to understand a system is to construct it yourself. Information science brings a glimmer of possibility.

21. A paradox of traditional economic theory is that in order to optimize the allocation of resources, it is necessary to pass the production and consumption links. This leads to crises (economic, financial, war) that inevitably come periodically. Actually the two don’t have to be tied together at all.

22. The only difference between a market and a plan is who gets most of the resources, the contestants or the referees. Most countries now participate in both.

23. The reason why organisms evolve is because they have been unable to get rid of the influence of uncertain environmental changes; the reason why human beings stopped evolution is to create a controllable external environment through technological means.

24. In the early 20th century, the reason why physicists were able to discover the theory of relativity may have something to do with the emergence of this form of film at that time. Experience, abstraction, and association are important abilities. One of the important reasons why it is difficult for humans to imagine certain inferences in science is the lack of similar experience.

25. time == space, computation == storage.

26. Energy == Matter. Matter is the property of space, and space is the representation of information. There is a deeper level of conservation behind this. Incomprehensible experiments in quantum mechanics are much more natural if the understanding of the world simulates computation.

27. Resources are generally limited, so some members are allocated more and others less, requiring more labor and preferably acknowledging labor.

28. Local optima often lead to failure to achieve global optima. The way to improve is to introduce information and trust. Trust in technology will be the key to a new level of human social organization.

29. The essence of finance is to transcend time and space; the essence of exchange is to eliminate uncertainty through information.

30. The essence of mathematics is intuition, the cognition of the laws of the world. Calculation is just a process, not a necessity.

31. The only thing that can affect the speed of space-time is the electromagnetic force, perhaps because it is the fundamental force that makes up the world.

32. Perhaps the reason why fractals are ubiquitous in nature is that they are easier to generate with a small amount of computation.

Thursday, April 21, 2022

Latest Progress in the Fed's Digital Currency

Since 2016, Central Bank Digital Currency (CBDC) has gradually become an important subject of research and development experiments by central banks around the world. In terms of application scenarios, general CBDC is oriented to retail, online shopping, personal payment, etc., basically corresponding to cash scenarios, and is the main research direction at present. In addition, there are CBDCs such as financial institutions’ reserves.

The Federal Reserve has been cautious in its exploration of digital currencies, and has suppressed Facebook's Libra project. But it has been conducting exploration and research itself, mainly including its financial laboratory and the "Hamilton" project that authorized its Boston branch.

Note: The project name honors two people: Alexander Hamilton, the first U.S. Treasury Secretary and founder of the financial system. Margaret Hamilton, director of software engineering at the MIT Instrumentation Laboratory, was involved in software development for the Apollo program.

Hamilton Project

The "Hamilton" project is an exploratory research project by the Federal Reserve Boston Branch and the MIT Monetary Research Center.

The project is divided into two phases:

Phase 1: Solve core issues such as high performance, reliable transactions, scalability, and privacy protection. Target 100,000 TPS, second-level confirmation, multi-region fault tolerance.
Phase 2: Solve key issues such as auditable, programmable contracts, support for intermediary layers, attack prevention, and offline transactions.

After several years of hard work, the first phase was completed in February this year. The source code OpenCBDC was released in the form of open source software, mainly developed through C++, following the MIT open source license agreement, and the project address is mit-dci/opencbdc-tx.

Two kinds of engines were tested. The single-order node engine Atomizer (order-preserving) can reach a peak value of 170,000 TPS; the parallel execution engine 2PC (order-preserving) can reach 1.7 million TPS.

In terms of architecture, it is similar to other central bank digital currency systems, drawing on the technical characteristics of blockchain and cryptocurrencies.

A centralized transaction structure is adopted because the central bank can provide a strong premise of trust;
Transactions are verified by private key signature;
The user uses the currency through the wallet client;
Referring to the UTXO model, the spent currency will be destroyed, and then a new currency will be created;
Transaction verification and execution are decoupled, making it easier to expand.

The project is still at an early stage and the scenarios under consideration are very limited. The author believes that there is still a long way to go before it can be used on the ground.

Several major open issues at present:

How is identity verification implemented? This still depends on the public-private key mechanism, which can be accelerated by specific hardware.
How to monitor anti-money laundering? This may be handled offline in an extended manner.
How is the audit granularity of identity and transaction data achieved? The main purpose is to allow different roles to see different granularities. This can be achieved through data isolation and encryption mechanisms.
How is the currency issued? It can be directly exchanged to individuals, or it can be authorized by secondary commercial banks (the latter is adopted by the digital renminbi).
How to integrate with the existing financial system? You can go through the transaction gateway, or simply not get through first, and go separately.

Summary

In fact, objectively speaking, under the premise of a centralized architecture, it is not difficult to implement a high-throughput trading system by using the existing software and hardware system. The difficulty is to support complex financial services, multi-transaction associations, and scalability, while taking into account conflicting requirements such as compliance, auditability, and privacy protection. These often require a lot of hands-on experience.

Monday, April 11, 2022

Decentralized Exchange

If you want to exchange between different digital assets, you need to go through intermediary channels such as exchanges.

The traditional exchange is a centralized model, that is, the two parties of the transaction exchange according to the exchange rate through the trading platform provided by the third party, and the trading platform side often needs to collect the handling fee from the transaction. This model is not only costly, but also has the risk of relying too much on the trading platform.

To solve these problems, Decentralized Exchange (DEX) was designed. The initial idea is to allow both parties to exchange directly peer-to-peer through a blockchain-based protocol. Since there is no need to participate in the trading platform, the transaction cost is low, and it can be completed in real time without worrying about security risks. Currently, decentralized exchanges are one of the hottest topics in decentralized finance.

To implement a decentralized exchange, some basic problems need to be solved:

The transaction can be completed automatically without manual participation;
No one can fake or deceive the other party during the transaction;
Calculate the exchange rate automatically and complete the transaction according to the exchange rate;
Avoid excessive market volatility and losses.

At present, decentralized exchanges mainly include three modes according to their order positions: on-chain bookkeeping, off-chain bookkeeping and automatic market makers.

On-chain accounting

The idea of on-chain bookkeeping is very simple, and the exchange transactions are directly stored on the blockchain.

This mode is simple to implement, but has major flaws.

Every transaction needs to be on the chain, and there will be billing fees. When transactions are frequent, the cost of bookkeeping is too high;
All information needs to be recorded on the chain, which may benefit someone from knowing the transaction information in advance;
When there are many transactions, the performance requirements of the blockchain are very high, and most public chains cannot support it.

Platforms adopting this scheme include Stellar and others.

Off-chain accounting

In contrast to on-chain bookkeeping, off-chain bookkeeping stores transactions on a third-party platform. Third-party platforms only write transactions to the blockchain when needed.

This method can avoid writing a large number of transactions to the blockchain, but it needs to rely on a third-party platform, and there is a high security risk.

Platforms that have adopted this solution include Binance and others.

Automated market maker

Similar to market makers in the securities market, smart contracts can be used to implement an automated market maker mechanism (AMM).

When users need to exchange currency, they do not directly trade with other users, but exchange with blockchain smart contracts.

Behind the smart contract, the exchange rate is calculated in real time according to its liquidity pool and pricing algorithm (such as reciprocal curve, straight line, etc.). A small fee is charged per transaction (e.g. Uniswap charges 0.3%).

This mechanism does not need to rely on transaction bookkeeping, transaction costs are generally low, and risks are small.

Users can also put the currency they hold into the liquidity pool according to the protocol and become a Liquidity Provider (LP). Liquidity providers can obtain benefits from transaction fees.

The main problem of this model is that the depth of the market depends on the liquidity pool, and it is necessary to balance the contradiction between LP income and transaction costs. At the same time, when the currency price fluctuates greatly, LP may incur Impermanent Loss.

Typical implementation protocols include Uniswap, Bancor, etc., and platforms include Chainlink, Kyber, etc.