Loss of funds by users due to malicious activity is not unheard of on Ethereum. In fact, it’s the same reason why some researchers have recently developed a proposal to introduce a type of token that is reversible in case of hacking or other unpleasant behavior.
Specifically, the suggestion would contemplate the creation of an ERC-20R and an ERC-721Rwhich would be modified versions of the standards that govern both regular Ethereum tokens and non-fungible tokens (NFTs).
The premise is as follows: this new standard would allow users place a “freeze request” on recent transactions that would block those funds until a “decentralized court system” determined the validity of the transaction. Both sides would be allowed to present their evidence, and judges would be chosen randomly from a decentralized pool to minimize collusion.
At the end of the process, a verdict would be reached and the funds would be returned or left where they are.. This decision would then be final and not subject to any further dispute. This would open up a practical avenue for victims of hacks and other malicious activity to recover their assets in a direct, community-led way.
Unfortunately, this may well be an unnecessary and ultimately damaging proposition. One of the cornerstones of the decentralized philosophy is that transactions only go in one direction. They cannot be undone under virtually any circumstances. This new protocol change would undermine that fundamental precept and to fix what is not broken.
So how does this work when an attacker steals ERC-20R and cashes out to ETH via a DEX in the same transaction? Or ERC-20R will be incompatible with the current DeFi ecosystem? https://t.co/n5pN82ZBBe
— Roman Semenov ️ (@semenov_roman_) September 25, 2022
So how does this work when an attacker steals ERC-20R and collects ETH via a DEX in the same transaction? Or will ERC-20R be incompatible with the current DeFi ecosystem?
There is also the fact that even implementing such tokens would be a logistical nightmare. Unless all platforms adapt to the new standard, there would be huge loopholes in the system, which would mean that thieves could quickly swap their reversible assets for non-reversible ones and avoid the repercussions altogether. This would render the entire asset completely useless, and users would most likely simply not commit to it.
Also, The whole idea of a judicial review implies a centralization. Isn’t independence from a third party exactly what cryptocurrencies were created for? The existing proposal is unclear as to how these judges are chosen, other than that it will be “random.” Without the system being carefully balanced, it is hard to say that collusion or manipulation is impossible..
a better proposal
Ultimately, the notion of a reversible crypto asset may be well-intentioned, but it’s also entirely unnecessary. The premise introduces a lot of new complexities in terms of its actual integration into existing systems, and that’s even assuming the platforms want to use it. Nevertheless, there are other ways to achieve security in the decentralized ecosystem that do not undermine what makes cryptocurrencies so powerful to begin with.
On the one hand, the audit of all smart contract codes continuously. Many problems in decentralized finance (DeFi) arise from exploits present in the underlying smart contracts. Thorough and independent security audits can help find where there are potential problems before these protocols are released. Also, it’s important to try to understand how multiple Contracts will interact together when going live, as some issues only arise when used in their natural habitat.
Any contract implemented will have risk factors that must be monitored and defended. However, many development teams do not have a robust security monitoring solution in place. Often the first sign that something problematic is going on comes from an on-chain diagnostic. Massive or unusual transactions and other unusual transaction patterns can point to an attack that is happening in real time. Being able to detect and understand these signals is key to being aware of them.
Of course also it is necessary to have a system to document and record the events and communicate the most important information to the correct entities. Some alerts can be sent to the developer team and others can be made available to the community. With a community informed in this way, security can be enhanced in a way that aligns with the decentralized ethos rather than being relegated to a judicial review function.
Let’s look at the Ronin hack as an example. It took six days for the team behind the project to realize that an attack had taken place, only realizing it when a user complained that he was unable to withdraw funds. Had the network been monitored in real time, it could have responded almost instantly when the first large, suspicious transaction occurred. Instead, no one noticed for nearly a week, giving the attacker enough time to keep moving funds and hide his history.
It seems quite obvious that reversible tokens wouldn’t have helped much in this situation, but monitoring might have. By the time it became known, many of the stolen coins had been repeatedly transferred through wallets and exchanges. Could all these transactions be reversed? The complexities introduced, as well as the possible new risks created, make this effort simply not worth it. Especially considering that powerful mechanisms already exist that can offer a similar level of security and accountability.
Instead of altering the formula that makes cryptocurrencies so powerful, it would make much more sense to implement extensive and continuous security processes throughout the Web3 so that decentralized assets remain immutable but not unprotected.
Stephen Lloyd Webber is a software engineer and author with diverse experience simplifying complex situations. He is fascinated by open source, decentralization and everything that has to do with the Ethereum blockchain. Stephen currently works in product marketing at Open Zeppelin, a premier cybersecurity services and technology company, and has an MFA in English Writing from New Mexico State University.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information set forth herein should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Keep reading:
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the full amount invested may be lost. The services or products offered are not aimed at or accessible to investors in Spain.