Cryptoeconomic Security

While traditional oracles rely on their proprietary tokens to maintain ecosystem health and secure operations, eoracle introduces a novel security approach with its dual-token design. The model synergizes the specific advantages of a protocol-dedicated token with the enhanced security and economic stability provided by a well-established token like ETH, used for staking purposes.

This dual-token approach marks a notable shift from the single token model. By incorporating ETH for staking purposes, eoracle connects to a broader and more resilient economic base. This strategy effectively mitigates risks associated with blockchain protocols that rely on protocol-specific tokens.

The following sections provide a mathematical analysis, showing the enhanced security and stability of such a system.

Measuring Cryptoeconomic Security

Cryptoeconomic security (CES) is a useful measure for analysis, consider the following;

Given a set of colluding validators that we henceforth term the attacker, we assume that the attacker has the ability to corrupt the majority of the validators. Therefore, the attacker possesses the power to manipulate the consensus process, potentially leading to double-spending, censoring transactions, or altering the integrity of the blockchain's state.

To assess whether attacking is beneficial, the attacker must take into account two elements: the Cost of Corruption ($\textit{CoC}$) and the Profit from Corruption ($\textit{PfC}$).

$\textit{CoC}$ encompasses the total resources the attacker must invest to successfully manipulate the protocol, i.e., slashing of their stake, technical resources required for the attack and other associated expenses. Since we focus on assessing the efficacy of stake slashing as a deterrent and its influence on the CES, we assume that the $CoC$ primarily involves the loss of the attacker's staked assets, while other costs will be disregarded.

$\textit{PfC}$ signifies the potential gains the attacker would achieve post-successful manipulation. Our analysis requires a more subtle approach towards $\textit{PfC}$, and thus we divide $\textit{PfC}$ into two sources as follows:

• Profit from Manipulation ($\textit{PfM}$) is the internal profit the attacker can gain by manipulating the protocol. For instance, for Oracle protocols, it is the profit that could be extracted by a malicious price update. The $\textit{PfM}$ is upper-bounded by the protocol's Total Value Secured (TVS).
• Profit from Depreciation ($\textit{PfD}$) addresses the external profit the attacker can gain from betting on price volatility or depreciation through, e.g., derivative markets or short selling.

Notice that $\textit{PfC}=\textit{PfM}+\textit{PfD}$. A rational attacker will only attack if $\textit{CoC} < \textit{PfC}$.

We capture this in the following definition.

Definition (CES Margin). A protocol has a $\beta$-crypto-economic security margin, or a $\beta$-CES margin, if

$$CoC-\underbrace{(\textit{PfM}+\textit{PfD})}_\textit{PfC} = \beta.$$

In what follows, we explicitly assume that increasing the CES margin implies a more crypto-economically (CE) secure protocol and say that a protocol is CE-secure or CE-vulnerable, referring to a positive or negative CES margin, respectively.

Profit from Short Selling

We now discuss the$\textit{PfD}$ ingredient and suggest a (stylized and simplified) way to quantify it. Crucially, it does not rely on any property of a protocol and refers to any asset, be it cryptocurrency, fiat, or stock.

Consider a token we call $TOK, and assume that the attacker can short $TOK. Since we assume the attack is relatively quick, we neglect the shorting fees.$^1$ The amount of short positions is bounded by $TOK's short interest. Namely, the percentage of $TOK's free float market cap that the attacker could short sell, which we denote by $k$. We stress that typically $k\in[0,1]$. Further, let $m$ denote $TOK's total market cap (in USD). We therefore assume the attacker can open a short position of $km$ USD. Next, let $d$ denote the percentage of depreciation due to the attack, for $d\in(0,1]$. A short seller can thus earn $d$ for every $TOK they short. All in all, a successful short trade will grant the attacker a profit of $kdm$ USD.

CES: A Tale of Two Oracles

To demonstrate how the CES margin is affected by the nature of the protocol's token, we compare the following two scenarios:

• EnshrinedOracle, which relies on the base-layer's token that we denote by $ETH.

• TraditionalOracle, relying on its own token that we denote by $TRD.

We assume that the only difference between EnshrinedOracle and the TraditionalOracle is the token used for staking. In both scenarios, the market cap of the stake is equal and worth $S$ (measured in USD); however, as we show shortly, the two scenarios imply different CES margins. The reason is that an attack's ramifications are different.

The value and utility of $ETH are independent of EnshrinedOracle's activities, unlike $TRD, whose value is closely tied to the operations of TraditionalOracle.

Resilience to Attacks

For TraditionalOracle ($TRD), a successful attack on the TraditionalOracle will affect the $TRD value, as the $TRD's inherent value is tied to the operations of TraditionalOracle. The attacker can gain $kdm$ USD by shorting $TRD prior to the attack; hence, in TraditionalOracle's case $\textit{PfD}=kdm$.

For EnshrinedOracle ($ETH), as the value and utility of $ETH are unrelated to the EnshrinedOracle protocol the price of $ETH will not be affected. Thus, the $\textit{PfD}$ equals 0 for EnshrinedOracle.

Observation 1. If the TraditionalOracle, which relies on its own token $TRD, has a $\beta$-CES margin, then EnshrinedOracle, which relies on the base-layer's token $ETH, has a $(\beta+kdm)$-CES margin.

Observation 1 is illuminating. To illustrate, assume that the TraditionalOracle is a medium-sized decentralized service ($m \approx 1$ billion USD) with a reasonable short interest ($k=0.1$).

Under a severe attack ($0.7 \leq d \leq 1$), its CES margin is smaller by 70-100 million USD compared to EnshrinedOracle.

Under the same attack, the EnshrinedOracle is far more cryptoeconomically secure, as the underlying stake is not derived from the operations of the EnshrinedOracle. In contrast, such an attack would devastate the cryptoeconomic security of the TraditionalOracle.

Divergences in the Cost of Corruption

External, unforeseen events can break the CES of the TraditionalOracle. A crucial observation is that the $CoC$, which is the stake $S$ of the validators, is always smaller than $TRD's market cap $m$. Let $s$ denote the proportion of $TRD market cap used for staking in the protocol, namely $s\triangleq \frac{S}{m}$. We use this formulation to analyze the robustness of the protocol and suggest it is susceptible to a death spiral.

Observation 2. For any real number $q \in [1, \infty)$, the TraditionalOracle could be CE-vulnerable even if the cost of corruption is $q$ times the profit of manipulation, i.e., $\textit{CoC} = q \cdot \textit{PfM}$.

The above observation means that attacks might be executed even if the $\textit{PfM}$ is negligible, provided that the attacker can gain from a $TRD price decrease after the attack. The $\textit{CoC}$ component should thus reflect not only the TVS (through $\textit{PfM}$) but also the short interest (through $k$).

Being able to short $TRD based on the TraditionalOracle's operations increases the potential profit from attack, whereas there is no such benefit for attacking EnshrinedOracle.

Market Fluctuation Impact

Next, we analyze the ramifications of a sudden decrease of $TRD market cap. Such a change in valuation could result from the volatile nature of the crypto space or the unintended fault of the protocol.

Observation 3. Assume the protocol is CE-secure. Any fluctuation in $TRD market cap can make the protocol CE-vulnerable.

This observation is demonstrated using an example.

Example 1:

We analyze the CES of TraditionalOracle after a major price drop, which occurs due to, e.g., a major crypto volatility event. We denote by $t_0$ the time of the price drop. We assume that the stake proportion is $s=20\%,$ the attacker's foreseen price drop is $d=50\%$, and the short interest is $k=15\%$.

Before the attack at $t_0$, we assume the market cap of $TRD is $m=1000$ (all monetary quantities are given in million USD terms). Consequently, $\textit{CoC} = sm = 200$, and $\textit{PfD} = kdm = 75.$ Additionally, we assume that before time $t_0$ the potential profit from manipulation is $\textit{PfM}=90.$

The event at $t_0$, which occurs due to a major crypto volatility event, causes the market cap of all crypto tokens to decrease. Particularly, we assume that $TRD drops by $50\%$ and that the more stable$ETH drops by $20\%$. Furthermore, such a market cap change also decreases the $\textit{PfM}$. TraditionalOracle's TVS is comprised of different tokens, for instance in $ETH, wrapped versions of $BTC, stable coins ($USDT/$USDC ), and more. Some of those tokens are more volatile than others, and some do not fluctuate at all. We thus assume that, on average, the$\textit{PfM}$ drops on the same scale as $ETH, namely by $20\%$.

The figure below depicts the situation before and after $t_0$, as we formally analyze next.

Figure 1: The TraditionalOracle loses its CES security after a price drop in its sovereign token.

Let us analyze the CES margin. Before $t_0$, we see that the CES margin is positive, since

$$\textit{CoC} - \textit{PfM} - \textit{PfD} = 200 - 90 - 75 = 35.$$

After $t_0$, which occurs due to a major crypto volatility event, the market cap of $TRD drops by $50\%$ and becomes $m'=500$. As a result, the $\textit{CoC}$ falls to $sm'=100$ and the $\textit{PfD}$ drops to $kdm'=37.5$. Furthermore, the market cap of all crypto market drops and, as noted above, the$\textit{PfM}$ drops by $20\%$. Overall, the CES margin becomes negative, since

$$\textit{CoC} -\textit{PfM}-\textit{PfD} = 100 - 72 - 37.5 = -9.5.$$

Thus, the event at $t_0$ that sparked a price drop made the TraditionalOracle CE vulnerable.

Next, we analyze EnshrinedOracle, relying on the independent $ETH token. The CES margins of EnshrinedOracle before the event is

$$\textit{CoC} -\textit{PfM}-\textit{PfD} = 200-90-0=110.$$

The event at $t_0$ affects EnshrinedOracle's CES margin as well. First, EnshrinedOracle has no $\textit{PfD}$ as it relies on an independent token; thus, the attacker cannot gain from betting on price drops. Secondly, EnshrinedOracle's $\textit{CoC}$ decreases due to the drop of $ETH, by $20\%$ to become$\textit{CoC}=160$. Thirdly, as in the case of TraditionalOracle, the$\textit{PfM}$ drops by $20\%$, becoming $\textit{PfM}=72$. Overall, the CES margins of EnshrinedOracle after the event is

$$\textit{CoC} -\textit{PfM}-\textit{PfD} = 160-72-0=88.$$

The figure below depicts the change in the CES margin of EnshrinedOracle due to the same event. Importantly, under precisely the same event, EnshrinedOracle remains CE secure.

Figure 2: EnshrinedOracle's CES margin decrease after the same event, but remains highly positive.

The TraditionalOracle's CE security is far more susceptible to market fluctuations, whereas EnshrinedOracle's security is resilient to external market forces.

Beyond Profit from Depreciation

Until now, we have focused on $\textit{PfD}$, an element that plays a crucial role in the TraditionalOracle but not in EnshrinedOracle. The $\textit{PfD}$ analysis assisted in understanding how an independent token ($TRD) decreases the CES margin (Observation 1), making the protocol susceptible to attacks even if the $\textit{CoC}$ is orders of magnitude greater than the $\textit{PfM}$ (Observation 2), and could result in vulnerabilities in times of price fluctuations (Observation 3). But relying on a dedicated token $TRD bares other weaknesses. In the next section, we extend our analysis to challenges in the $\textit{CoC}$, particularly around issues of scaling and cost of capital.

Scaling Cost of Corruption with Total Value Secured

Assume that both protocols gain traffic and usage, resulting in a ten-fold increase in the TVS. The higher the TVS, the higher the $\textit{PfM}$; hence, the CES margin decreases dramatically. For simplicity, we shall assume that the $\textit{PfM}$ is a constant fraction of the TVS. How can the protocols regain their CE security?

Observation 4. To keep the CES margin positive, the $CoC$ should scale linearly with the TVS.

Recall that for TraditionalOracle, $\textit{CoC} = S = sm,$ where $s$ is the staked proportion of $TRD and $m$ is $TRD market cap. The TraditionalOracle can hence increase its $\textit{CoC}$ in two ways:

• Passively, due to an increase in $TRD market cap.

• Actively, by increasing the staked proportion $s$.

Let us examine these two solutions. For the passive approach of experiencing an increase in $TRD market cap, note that the TraditionalOracle cannot (legally) control the price and ensure a positive CES margin. Particularly, if the TVS fluctuation and the price fluctuation are not identical (correlation is not enough in this case), the TraditionalOracle could become CES-vulnerable (a scenario similar to that in Observation 3). The active approach is also challenging, as it requires the TraditionalOracle to call capital on demand while not being connected to an independent pool of capital.

EnshrinedOracle can mitigate a TVS increase by controlling the stake, allowing the CoC to scale accordingly.

Cost of Capital

TraditionalOracle's security scheme demands stakers hold $TRD , thus, stakers have to posses a token with relatively small market cap that depends on the protocol's performance. In contrast, EnshrinedOracle could accept stake in $ETH, the base-layer's token. $ETH is less volatile, does not suffer from inflation, and is a multi-purpose token. These differences allow EnshrinedOracle to demand less of its stakers compared to TraditionalOracle's stakers, who may demand a premium for the additional risks they take (possessing $TRD and being exposed to a potential turbulent macroeconomic environment). Additionally, since EnshrinedOracle's stakers could be re-stakers through Eigenlayer, their capital efficiency is maximized.

The Dual Token Model

An independent token makes EnshrinedOracle significantly more CE secure than its counterparts utilizing a staking token. However, oracle sovereign tokens offer other advantages if decoupled from the CES risks.

By rewarding validators with a token, an incentive structure can be designed to increase the rate of rewards. Factors such as uptime, accuracy , and longevity of validators may increase their rewards earned. This achieves both incentivization of higher quality validation, and alignment of validators with the interests of the protocol.

A token vesting mechanism requires validators to be aligned with the network by locking their rewards and ensuring the commitment of the validators during the vesting period. This enhances the stability and security of the network.

A sovereign token design also allows for creating a punishment structures , where rewards can be revoked on non-malicious misbehavior. To avoid slashing Beacon Chain ETH , all non-malicious behavior will addressed with sovereign token punishments.

Implementing all of these mechanisms while having stake rooted in $ETH retains the CES benefits of EnshrinedOracle while avoiding the CES vunerabilities of TraditionalOracle.

Proofs

Proof of Observation 1.

The TraditionalOracle satisfies $CoC-{(PfM+PfD)} = \beta$, with $PfD=kdm$. EnshrinedOracle has the same $CoC$ and $PfM$, but zero $PfD$ since it relies on the independent $ETH token. Its CES margin is thus $\beta+kdm$. $\blacksquare$

Proof of Observation 2.

Assume that $CoC=q\cdot PfM$, namely that $PfM=\frac{sm}{q}$. Therefore,

$$CoC-PfM-PfD=sm-\frac{sm}{q}-kdm=m\left(s(1-\frac{1}{q})-kd\right).$$

The attack is thus beneficial as long as $kd>s(1-\frac 1 q)$. Specifically, if the short interest $k$ is greater or equal to the stake proportion $s$, the protocol becomes CE-vulnerable if the attacker expects a price drop of $d\geq 1-\frac 1 q$. This vulnerability still remains even if $q\rightarrow\infty$, since $d$ could potentially reach 1 and $1-\frac 1 q \leq 1$ for any $q\in [1,\infty).$ $\blacksquare$

Proof of Observation 3.

Assume that before the event, the market cap $m$ satisfies $PfM < m(s-kd)$; thus, the protocol is CE-secure since

$$CoC-PfD-PfM=m(s-kd)-PfM > m(s-kd) -m(s-kd)=0.$$

Assume that the $PfM$ does not depend on the market cap $m$. This is the case for, e.g., lending markets that mostly offer contracts in $ETH, etc. Since $PfM < m(s-kd)$, there exists a real number $m_0$, for $m_0<m$, such that $PfM=m_0(s-kd)$. Denote by $m'$ the market cap of $TRD after the event. Consequently, if $m'<m_0$, it holds that

$$CoC-PfD-PfM=m'(s-kd)-PfM = (m'-m_0)(s-kd) < 0;$$

thus, the protocol is CE-vulnerable. In other words, if the $PfM$ is not affected by the event, a market cap decrease can spark an attack.

Proof of Observation 4.

For the sake of this proof, we use the subscript $t$ to refer to objects in time $t$; for instance, $CoC_t$ is the $CoC$ at time $t$. The CES margin at time $t$ is given by

$$CoC_t -PfM_t-PfD_t.$$

Assume at time $t=0$ the CES margin is positive and equals $\beta$. Further, assume by contradiction that $CoC_t =o(\textnormal{TVS }_t)$, where $o(\cdot)$ is the little-o notation. Our assumption about the $PfM$ being a constant fraction of the TVS implies that $CoC_t =o(PfM_t)$ also holds. By definition, there exists a time $t'$ for which $CoC_{t'}<PfM_{t'}$, and hence

$$CoC_{t'} -PfM_{t'}-PfD_{t'} \leq CoC_{t'} -PfM_{t'}<0;$$

therefore, the protocol is CE-vulnerable at time $t'$. $\blacksquare$

End Notes

$^1$ In practice, the attacker would buy leveraged contracts and employ trading strategies. We focus on short positions, ensuring our model is simple yet aligned with reality.