ERC 7265: Fixing DeFi’s biggest security issue – lack of response time to mitigate hacker attacks

ERC 7265: Addressing DeFi's major security problem - limited time to respond to hacker attacks.

Fluid Protocol researcher Meir Bank proposed ERC 7265, which aims to fix the biggest problem in DeFi security – the lack of response time to mitigate hacking attacks.

DeFi is broken. Not only are there many hacks, but the results are catastrophic. When a protocol is hacked, they usually lose everything. TVL drops to 0 in seconds. But why is this happening? It’s not because of cross-chain bridges, oracles, or dependencies. It’s also not inherent in smart contracts. Currently, most protocols can be fully upgraded through governance, meaning governance theoretically has the ability to mitigate hacks by fixing the protocol. However, in practice, most protocols simply lack the response time to react to hacks. By the time someone notices, it’s too late and by the time the team is able to formulate a recovery plan through governance, it’s too late. This makes no sense.

ERC 7265 allows teams to create circuit breakers to protect their protocols, with highly customized rate-limiting parameters for each asset. When a hack occurs, attackers will no longer be able to drain the entire contract in seconds. Most of the funds can be recovered. Circuit breakers are applicable to protocols that can be upgraded through governance, which make up most of DeFi today. These protocols and their assets are fully controlled by governance, so there are no additional centralization risks. When properly configured, circuit breakers should not generate a large number of false alarms. We have conducted data analysis confirming that DeFi protocols have no 25-40% daily TVL drawdowns unless there is a hack.

Reference: https://twitter.com/MeirBank/status/1675851684386570240