search

ubiquity / ubiquity-dollar

Ubiquity Dollar (UUSD) smart contracts and user interface.
https://uad.ubq.fi
Apache License 2.0
34 stars 91 forks source link

Better security #928

Open rndquu opened 7 months ago

rndquu commented 7 months ago

After the deployment we'll have most of the liquidity resided in the LibUbiquityPool so it makes sense to make its security better by imlementing more fuzzing and invariant tests, adding formal verification and monitoring solution.

@0x4007 FYI

zugdev commented 1 month ago

@rndquu one very good and novel solution for security monitoring is Drosera. They allow developers to deploy contracts which they call "Traps", which must implement two functions one to collect data and another one which will be the response function. The trap is then run on a shadow forked network every single block by their high trust operators, this allows for very expensive computation to be made for free since no gas will be spent. Once some condition found by the data collecting function happens the response function is triggered and the operator will call a specified function in a specified contract.

Drosera is currently private but I happen to be extremely close to the team and I have access to deploy traps. Here is one example of trap I've deployed. You can check the contract's transaction history to see trap was indeed successful in automating these super frequent , every 10 minutes, calls.

My idea is:

  1. Deploy a PauseManager contract: This contract will have a single entry point that pauses all contracts in a single function. It will also contain an unpause similar function. Could have two roles, one for the trap and another for the PauseManager owner.

  2. Deploy the Trap The trap will monitor the protocol and call pause on PauseManager if condition is met.

This aligned with traditional security monitoring can be very powerful.

rndquu commented 1 month ago

@zugdev What's the difference between https://www.drosera.io/ and https://www.openzeppelin.com/defender? I believe both of them work the same way: a) Check for pause condition (off-chain) b) Pause (on-chain)

zugdev commented 1 month ago

@zugdev What's the difference between https://www.drosera.io/ and https://www.openzeppelin.com/defender? I believe both of them work the same way: a) Check for pause condition (off-chain) b) Pause (on-chain)

There are actually a couple differences:

  1. Drosera runs in a shadow fork (local chain) which means they run in the EVM environment. They even have proof-of-execution capabilities with zk-SNARKs.

  2. Traps as contracts mean that you can run foundry to test infra, this is very different from a completely off-chain setup which is not even transparent. Drosera allows for a contract and CLI deployment and setup, you can even write shell scripts to keep CLI run logs "open sourced".

  3. It can do much more than pause, it can collect any arbitrary data and call any arbitrary function so there are much more powerful uses. In the example I linked, I use it to automate callings routinely, but you can even leverage the fact computation is done off-chain to do much harder calculations.

  4. No KYC, all on-chain. No logins, no password and team key management.

rndquu commented 1 month ago

@zugdev What's the difference between https://www.drosera.io/ and https://www.openzeppelin.com/defender? I believe both of them work the same way: a) Check for pause condition (off-chain) b) Pause (on-chain)

There are actually a couple differences:

  1. Drosera runs in a shadow fork (local chain) which means they run in the EVM environment. They even have proof-of-execution capabilities with zk-SNARKs.
  2. Traps as contracts mean that you can run foundry to test infra, this is very different from a completely off-chain setup which is not even transparent. Drosera allows for a contract and CLI deployment and setup, you can even write shell scripts to keep CLI run logs "open sourced".
  3. It can do much more than pause, it can collect any arbitrary data and call any arbitrary function so there are much more powerful uses. In the example I linked, I use it to automate callings routinely, but you can even leverage the fact computation is done off-chain to do much harder calculations.
  4. No KYC, all on-chain. No logins, no password and team key management.

We already have a monitoring solution almost ready to be shipped in https://github.com/ubiquity/ubiquity-dollar/pull/959 via https://www.openzeppelin.com/defender

zugdev commented 1 month ago

We already have a monitoring solution almost ready to be shipped

Your call, if you want to have both setup I'd be happy to help.