๐ŸšจCryptoeconomic Security

While traditional oracles rely on their proprietary tokens to maintain ecosystem health and secure operations, eOracle introduces a novel security approach with its dual-token design. The model synergizes the specific advantages of a protocol-dedicated token with the enhanced security and economic stability provided by a well-established token like ETH, used for staking purposes.

This dual-token approach marks a notable shift from the single token model. By incorporating ETH for staking purposes, eOracle connects to a broader and more resilient economic base. This strategy effectively mitigates risks associated with blockchain protocols that rely on protocol-specific tokens.

The following sections provide a mathematical analysis, showing the enhanced security and stability of such a system.

Measuring Cryptoeconomic Security

Cryptoeconomic security (CES) is a useful measure for analysis, consider the following;

Given a set of colluding validators that we henceforth term the attacker, we assume that the attacker has the ability to corrupt the majority of the validators. Therefore, the attacker possesses the power to manipulate the consensus process, potentially leading to double-spending, censoring transactions, or altering the integrity of the blockchain's state.

To assess whether attacking is beneficial, the attacker must take into account two elements: the Cost of Corruption (CoC\textit{CoC}) and the Profit from Corruption (PfC\textit{PfC}).

CoC\textit{CoC} encompasses the total resources the attacker must invest to successfully manipulate the protocol, i.e., slashing of their stake, technical resources required for the attack and other associated expenses. Since we focus on assessing the efficacy of stake slashing as a deterrent and its influence on the CES, we assume that the CoCCoC primarily involves the loss of the attacker's staked assets, while other costs will be disregarded.

PfC\textit{PfC} signifies the potential gains the attacker would achieve post-successful manipulation. Our analysis requires a more subtle approach towards PfC\textit{PfC}, and thus we divide PfC\textit{PfC} into two sources as follows:

  • Profit from Manipulation (PfM\textit{PfM}) is the internal profit the attacker can gain by manipulating the protocol. For instance, for Oracle protocols, it is the profit that could be extracted by a malicious price update. The PfM\textit{PfM} is upper-bounded by the protocol's Total Value Secured (TVS).

  • Profit from Depreciation (PfD\textit{PfD}) addresses the external profit the attacker can gain from betting on price volatility or depreciation through, e.g., derivative markets or short selling.

Notice that PfC=PfM+PfD\textit{PfC}=\textit{PfM}+\textit{PfD}. A rational attacker will only attack if CoC<PfC\textit{CoC} < \textit{PfC}.

We capture this in the following definition.

Definition (CES Margin). A protocol has a ฮฒ\beta-crypto-economic security margin, or a ฮฒ\beta-CES margin, if

CoCโˆ’(PfM+PfD)โŸPfC=ฮฒ.CoC-\underbrace{(\textit{PfM}+\textit{PfD})}_\textit{PfC} = \beta.

In what follows, we explicitly assume that increasing the CES margin implies a more crypto-economically (CE) secure protocol and say that a protocol is CE-secure or CE-vulnerable, referring to a positive or negative CES margin, respectively.

Profit from Short Selling

We now discuss thePfD\textit{PfD} ingredient and suggest a (stylized and simplified) way to quantify it. Crucially, it does not rely on any property of a protocol and refers to any asset, be it cryptocurrency, fiat, or stock.

Consider a token we call $TOK, and assume that the attacker can short $TOK. Since we assume the attack is relatively quick, we neglect the shorting fees.1^1 The amount of short positions is bounded by $TOK's short interest. Namely, the percentage of $TOK's free float market cap that the attacker could short sell, which we denote by kk. We stress that typically kโˆˆ[0,1]k\in[0,1]. Further, let mm denote $TOK's total market cap (in USD). We therefore assume the attacker can open a short position of kmkm USD. Next, let dd denote the percentage of depreciation due to the attack, for dโˆˆ(0,1]d\in(0,1]. A short seller can thus earn dd for every $TOK they short. All in all, a successful short trade will grant the attacker a profit of kdmkdm USD.

CES: A Tale of Two Oracles

To demonstrate how the CES margin is affected by the nature of the protocol's token, we compare the following two scenarios:

  • EnshrinedOracle, which relies on the base-layer's token that we denote by $ETH.

  • TraditionalOracle, relying on its own token that we denote by $TRD.

We assume that the only difference between EnshrinedOracle and the TraditionalOracle is the token used for staking. In both scenarios, the market cap of the stake is equal and worth SS (measured in USD); however, as we show shortly, the two scenarios imply different CES margins. The reason is that an attack's ramifications are different.

The value and utility of $ETH are independent of EnshrinedOracle's activities, unlike $TRD, whose value is closely tied to the operations of TraditionalOracle.

Resilience to Attacks

For TraditionalOracle ($TRD), a successful attack on the TraditionalOracle will affect the $TRD value, as the $TRD's inherent value is tied to the operations of TraditionalOracle. The attacker can gain kdmkdm USD by shorting $TRD prior to the attack; hence, in TraditionalOracle's case PfD=kdm\textit{PfD}=kdm.

For EnshrinedOracle ($ETH), as the value and utility of $ETH are unrelated to the EnshrinedOracle protocol the price of $ETH will not be affected. Thus, the PfD\textit{PfD} equals 0 for EnshrinedOracle.

Observation 1. If the TraditionalOracle, which relies on its own token $TRD, has a ฮฒ\beta-CES margin, then EnshrinedOracle, which relies on the base-layer's token $ETH, has a (ฮฒ+kdm)(\beta+kdm)-CES margin.

Observation 1 is illuminating. To illustrate, assume that the TraditionalOracle is a medium-sized decentralized service (mโ‰ˆ1m \approx 1 billion USD) with a reasonable short interest (k=0.1k=0.1).

Under a severe attack (0.7โ‰คdโ‰ค10.7 \leq d \leq 1), its CES margin is smaller by 70-100 million USD compared to EnshrinedOracle.

Under the same attack, the EnshrinedOracle is far more cryptoeconomically secure, as the underlying stake is not derived from the operations of the EnshrinedOracle. In contrast, such an attack would devastate the cryptoeconomic security of the TraditionalOracle.

Divergences in the Cost of Corruption

External, unforeseen events can break the CES of the TraditionalOracle. A crucial observation is that the CoCCoC, which is the stake SS of the validators, is always smaller than $TRD's market cap mm. Let ss denote the proportion of $TRD market cap used for staking in the protocol, namely sโ‰œSms\triangleq \frac{S}{m}. We use this formulation to analyze the robustness of the protocol and suggest it is susceptible to a death spiral.

Observation 2. For any real number qโˆˆ[1,โˆž)q \in [1, \infty), the TraditionalOracle could be CE-vulnerable even if the cost of corruption is qq times the profit of manipulation, i.e., CoC=qโ‹…PfM\textit{CoC} = q \cdot \textit{PfM}.

The above observation means that attacks might be executed even if the PfM\textit{PfM} is negligible, provided that the attacker can gain from a $TRD price decrease after the attack. The CoC\textit{CoC} component should thus reflect not only the TVS (through PfM\textit{PfM}) but also the short interest (through kk).

Being able to short $TRD based on the TraditionalOracle's operations increases the potential profit from attack, whereas there is no such benefit for attacking EnshrinedOracle.

Market Fluctuation Impact

Next, we analyze the ramifications of a sudden decrease of $TRD market cap. Such a change in valuation could result from the volatile nature of the crypto space or the unintended fault of the protocol.

Observation 3. Assume the protocol is CE-secure. Any fluctuation in $TRD market cap can make the protocol CE-vulnerable.

This observation is demonstrated using an example.

Example 1:

We analyze the CES of TraditionalOracle after a major price drop, which occurs due to, e.g., a major crypto volatility event. We denote by t0t_0 the time of the price drop. We assume that the stake proportion is s=20%,s=20\%, the attacker's foreseen price drop is d=50%d=50\%, and the short interest is k=15%k=15\%.

Before the attack at t0t_0, we assume the market cap of $TRD is m=1000m=1000 (all monetary quantities are given in million USD terms). Consequently, CoC=sm=200\textit{CoC} = sm = 200, and PfD=kdm=75.\textit{PfD} = kdm = 75. Additionally, we assume that before time t0t_0 the potential profit from manipulation is PfM=90.\textit{PfM}=90.

The event at t0t_0, which occurs due to a major crypto volatility event, causes the market cap of all crypto tokens to decrease. Particularly, we assume that $TRD drops by 50%50\% and that the more stable$ETH drops by 20%20\%. Furthermore, such a market cap change also decreases the PfM\textit{PfM}. TraditionalOracle's TVS is comprised of different tokens, for instance in $ETH, wrapped versions of $BTC, stable coins ($USDT/$USDC ), and more. Some of those tokens are more volatile than others, and some do not fluctuate at all. We thus assume that, on average, thePfM\textit{PfM} drops on the same scale as $ETH, namely by 20%20\%.

The figure below depicts the situation before and after t0t_0, as we formally analyze next.

Let us analyze the CES margin. Before t0t_0, we see that the CES margin is positive, since

CoCโˆ’PfMโˆ’PfD=200โˆ’90โˆ’75=35.\textit{CoC} - \textit{PfM} - \textit{PfD} = 200 - 90 - 75 = 35.

After t0t_0, which occurs due to a major crypto volatility event, the market cap of $TRD drops by 50%50\% and becomes mโ€ฒ=500m'=500. As a result, the CoC\textit{CoC} falls to smโ€ฒ=100sm'=100 and the PfD\textit{PfD} drops to kdmโ€ฒ=37.5kdm'=37.5. Furthermore, the market cap of all crypto market drops and, as noted above, thePfM\textit{PfM} drops by 20%20\%. Overall, the CES margin becomes negative, since

CoCโˆ’PfMโˆ’PfD=100โˆ’72โˆ’37.5=โˆ’9.5.\textit{CoC} -\textit{PfM}-\textit{PfD} = 100 - 72 - 37.5 = -9.5.

Thus, the event at t0t_0 that sparked a price drop made the TraditionalOracle CE vulnerable.

Next, we analyze EnshrinedOracle, relying on the independent $ETH token. The CES margins of EnshrinedOracle before the event is

CoCโˆ’PfMโˆ’PfD=200โˆ’90โˆ’0=110.\textit{CoC} -\textit{PfM}-\textit{PfD} = 200-90-0=110.

The event at t0t_0 affects EnshrinedOracle's CES margin as well. First, EnshrinedOracle has no PfD\textit{PfD} as it relies on an independent token; thus, the attacker cannot gain from betting on price drops. Secondly, EnshrinedOracle's CoC\textit{CoC} decreases due to the drop of $ETH, by 20%20\% to becomeCoC=160\textit{CoC}=160. Thirdly, as in the case of TraditionalOracle, thePfM\textit{PfM} drops by 20%20\%, becoming PfM=72\textit{PfM}=72. Overall, the CES margins of EnshrinedOracle after the event is

CoCโˆ’PfMโˆ’PfD=160โˆ’72โˆ’0=88.\textit{CoC} -\textit{PfM}-\textit{PfD} = 160-72-0=88.

The figure below depicts the change in the CES margin of EnshrinedOracle due to the same event. Importantly, under precisely the same event, EnshrinedOracle remains CE secure.

The TraditionalOracle's CE security is far more susceptible to market fluctuations, whereas EnshrinedOracle's security is resilient to external market forces.

Beyond Profit from Depreciation

Until now, we have focused on PfD\textit{PfD}, an element that plays a crucial role in the TraditionalOracle but not in EnshrinedOracle. The PfD\textit{PfD} analysis assisted in understanding how an independent token ($TRD) decreases the CES margin (Observation 1), making the protocol susceptible to attacks even if the CoC\textit{CoC} is orders of magnitude greater than the PfM\textit{PfM} (Observation 2), and could result in vulnerabilities in times of price fluctuations (Observation 3). But relying on a dedicated token $TRD bares other weaknesses. In the next section, we extend our analysis to challenges in the CoC\textit{CoC}, particularly around issues of scaling and cost of capital.

Scaling Cost of Corruption with Total Value Secured

Assume that both protocols gain traffic and usage, resulting in a ten-fold increase in the TVS. The higher the TVS, the higher the PfM\textit{PfM}; hence, the CES margin decreases dramatically. For simplicity, we shall assume that the PfM\textit{PfM} is a constant fraction of the TVS. How can the protocols regain their CE security?

Observation 4. To keep the CES margin positive, the CoCCoC should scale linearly with the TVS.

Recall that for TraditionalOracle, CoC=S=sm,\textit{CoC} = S = sm, where ss is the staked proportion of $TRD and mm is $TRD market cap. The TraditionalOracle can hence increase its CoC\textit{CoC} in two ways:

  • Passively, due to an increase in $TRD market cap.

  • Actively, by increasing the staked proportion ss.

Let us examine these two solutions. For the passive approach of experiencing an increase in $TRD market cap, note that the TraditionalOracle cannot (legally) control the price and ensure a positive CES margin. Particularly, if the TVS fluctuation and the price fluctuation are not identical (correlation is not enough in this case), the TraditionalOracle could become CES-vulnerable (a scenario similar to that in Observation 3). The active approach is also challenging, as it requires the TraditionalOracle to call capital on demand while not being connected to an independent pool of capital.

EnshrinedOracle can mitigate a TVS increase by controlling the stake, allowing the CoC to scale accordingly.

Cost of Capital

TraditionalOracle's security scheme demands stakers hold $TRD , thus, stakers have to posses a token with relatively small market cap that depends on the protocol's performance. In contrast, EnshrinedOracle could accept stake in $ETH, the base-layer's token. $ETH is less volatile, does not suffer from inflation, and is a multi-purpose token. These differences allow EnshrinedOracle to demand less of its stakers compared to TraditionalOracle's stakers, who may demand a premium for the additional risks they take (possessing $TRD and being exposed to a potential turbulent macroeconomic environment). Additionally, since EnshrinedOracle's stakers could be re-stakers through Eigenlayer, their capital efficiency is maximized.

The Dual Token Model

An independent token makes EnshrinedOracle significantly more CE secure than its counterparts utilizing a staking token. However, oracle sovereign tokens offer other advantages if decoupled from the CES risks.

By rewarding validators with a token, an incentive structure can be designed to increase the rate of rewards. Factors such as uptime, accuracy , and longevity of validators may increase their rewards earned. This achieves both incentivization of higher quality validation, and alignment of validators with the interests of the protocol.

A token vesting mechanism requires validators to be aligned with the network by locking their rewards and ensuring the commitment of the validators during the vesting period. This enhances the stability and security of the network.

A sovereign token design also allows for creating a punishment structures , where rewards can be revoked on non-malicious misbehavior. To avoid slashing Beacon Chain ETH , all non-malicious behavior will addressed with sovereign token punishments.

Implementing all of these mechanisms while having stake rooted in $ETH retains the CES benefits of EnshrinedOracle while avoiding the CES vunerabilities of TraditionalOracle.


Proof of Observation 1.

The TraditionalOracle satisfies CoCโˆ’(PfM+PfD)=ฮฒCoC-{(PfM+PfD)} = \beta, with PfD=kdmPfD=kdm. EnshrinedOracle has the same CoCCoC and PfMPfM, but zero PfDPfD since it relies on the independent $ETH token. Its CES margin is thus ฮฒ+kdm\beta+kdm. โ– \blacksquare

Proof of Observation 2.

Assume that CoC=qโ‹…PfMCoC=q\cdot PfM, namely that PfM=smqPfM=\frac{sm}{q}. Therefore,


The attack is thus beneficial as long as kd>s(1โˆ’1q)kd>s(1-\frac 1 q). Specifically, if the short interest kk is greater or equal to the stake proportion ss, the protocol becomes CE-vulnerable if the attacker expects a price drop of dโ‰ฅ1โˆ’1qd\geq 1-\frac 1 q. This vulnerability still remains even if qโ†’โˆžq\rightarrow\infty, since dd could potentially reach 1 and 1โˆ’1qโ‰ค11-\frac 1 q \leq 1 for any qโˆˆ[1,โˆž).q\in [1,\infty). โ– \blacksquare

Proof of Observation 3.

Assume that before the event, the market cap mm satisfies PfM<m(sโˆ’kd)PfM < m(s-kd); thus, the protocol is CE-secure since

CoCโˆ’PfDโˆ’PfM=m(sโˆ’kd)โˆ’PfM>m(sโˆ’kd)โˆ’m(sโˆ’kd)=0.CoC-PfD-PfM=m(s-kd)-PfM > m(s-kd) -m(s-kd)=0.

Assume that the PfMPfM does not depend on the market cap mm. This is the case for, e.g., lending markets that mostly offer contracts in $ETH, etc. Since PfM<m(sโˆ’kd)PfM < m(s-kd), there exists a real number m0m_0, for m0<mm_0<m, such that PfM=m0(sโˆ’kd)PfM=m_0(s-kd). Denote by mโ€ฒm' the market cap of $TRD after the event. Consequently, if mโ€ฒ<m0m'<m_0, it holds that

CoCโˆ’PfDโˆ’PfM=mโ€ฒ(sโˆ’kd)โˆ’PfM=(mโ€ฒโˆ’m0)(sโˆ’kd)<0;CoC-PfD-PfM=m'(s-kd)-PfM = (m'-m_0)(s-kd) < 0;

thus, the protocol is CE-vulnerable. In other words, if the PfMPfM is not affected by the event, a market cap decrease can spark an attack.

Proof of Observation 4.

For the sake of this proof, we use the subscript tt to refer to objects in time tt; for instance, CoCtCoC_t is the CoCCoC at time tt. The CES margin at time tt is given by

CoCtโˆ’PfMtโˆ’PfDt.CoC_t -PfM_t-PfD_t.

Assume at time t=0t=0 the CES margin is positive and equals ฮฒ\beta. Further, assume by contradiction that CoCt=o(TVSย t)CoC_t =o(\textnormal{TVS }_t), where o(โ‹…)o(\cdot) is the little-o notation. Our assumption about the PfMPfM being a constant fraction of the TVS implies that CoCt=o(PfMt)CoC_t =o(PfM_t) also holds. By definition, there exists a time tโ€ฒt' for which CoCtโ€ฒ<PfMtโ€ฒCoC_{t'}<PfM_{t'}, and hence

CoCtโ€ฒโˆ’PfMtโ€ฒโˆ’PfDtโ€ฒโ‰คCoCtโ€ฒโˆ’PfMtโ€ฒ<0;CoC_{t'} -PfM_{t'}-PfD_{t'} \leq CoC_{t'} -PfM_{t'}<0;

therefore, the protocol is CE-vulnerable at time tโ€ฒt'. โ– \blacksquare

End Notes

1^1 In practice, the attacker would buy leveraged contracts and employ trading strategies. We focus on short positions, ensuring our model is simple yet aligned with reality.

Last updated