What Celer Network should do in the aftermath of the Harmony attack!
Summary
Set up compensation mechanism, set up insurance mechanism, sgn detection of bridge data and on-chain data&&security meltdown mechanism,Replace USDC.e on the Avalanche chain with USDC, or introduce a new Avalanche USDC
(I am not good at English, and use deepl machine translation, for some words usage may not be accurate, so I hope you can forgive me and read what I wrote, some of the content in the text may also have inaccuracies, if it can become a formal proposal, I hope you can help me improve it)
Abstract
After the Harmony Bridge theft, we found that cbridge security is not just simply cbridge contract security or mechanism security, but also related to cross-chain bridge on-chain data, and this incident led us to discover mechanism issues that cannot be ignored. Now Harmony hackers have started to transfer ETH, and the recovered assets are unlikely, so Celer officials should do a good job on how to deal with this loss after the unrecovered assets.
Motivation
Compensate users for losses and improve cbridge system security
Proposal
Set up compensation mechanism
In the event that a portion of user assets are lost after this attack, in the event that Harmony assets cannot be recovered, a compensation mechanism should be set up to make a ten percent monthly draw on other on-chain fees for stolen assets until they are paid back, and if this ten percent continues to be drawn after it is paid back, it is used as a reserve for possible future hacking events. cbridge is the pool structure that is Because the loss of these people’s assets protects the assets of others, the remaining fees should be used to compensate users for the loss.
Secondly, mining rewards on the Harmony chain cannot be stopped, and the user’s assets have been completely locked up on Harmony, so the loss of liquidity generated by this should also be compensated.
Set up insurance mechanism
Different chains have complex architectures and different security, even if you want to improve the security of the chain, the project side is not under our control, hackers can always find all kinds of vulnerabilities, so the risk of Cbridge is very high, should take out 10 percent of revenue insured by the chain insurance agencies, by the project side to design this insurance rules, should be designed to best protect the kind of user assets.
SGN should also set up a similar insurance scheme.
I also saw an inquiry that Defi hacker identification and incentive protocol LosslessProtocol blocked part of the AGG assets stolen in this Harmony incident, I’m not sure what solution they used, but I think Celer should be introduced into it if it really works
Sgn detection of bridge data and on-chain data&&security meltdown mechanism
In this case it was the official bridge that was stolen, but in the next case is it possible that the project assets were added, or that the blocks generated in Arbitrum / Optimism were questioned as problematic and really problematic, then the Arbitrum / Optimism network may be restructured, which is why it takes 7 days to exit from the official bridge, because This is why it takes 7 days to exit the official bridge, because an error must occur for 7 days to verify if there is a problem with the data on the chain.
So I suggest to have an on-chain data policy for all chains and assets supported on cbridge, and when there is an abnormality in the on-chain data, or if there is a large reduction in assets on the official bridge, etc., every effort should be made to immediately transfer the assets on the corresponding abnormal chain back to the main ETH network (by any method, official or otherwise). It is better to do your best to protect user assets and take the initiative to defend than to wait for the hacker to pay back or for the project owner to come up with a solution to the problem.
Replace USDC.e on the Avalanche chain with USDC, or introduce a new Avalanche USDC
The most important reason for this attack on the bridge causing user assets is the loss of L1 anchors, so it is safer to use the native assets of the project owner than to use the bridge assets, and the native assets such as USDC officially have control and have a little chance to freeze the stolen assets if something goes wrong. Now there are native assets of USDC on Avalanche and the stock is more than USDC.e, so using USDC to replace USDC.e or newly adding USDC is a way to both secure and possibly enhance the usage. This is going to be even if the bridge is attacked, but the asset does not lose its anchor and the value is still there.
USDC Contract:USD Coin (USDC) Token Tracker | SnowTrace
Avalanche Native Assets USDC Provenance:What is USDC | Circle APIs
Poll
Set up compensation mechanism
- Yes
- No
0 voters
Even if the compensation plan is not approved by everyone, I think it must be done.
Set up insurance mechanism
- Yes
- No
0 voters
Sgn detection of bridge data and on-chain data&&security meltdown mechanism
- Yes
- No
0 voters
Replace USDC.e on the Avalanche chain with USDC, or introduce a new Avalanche USDC
- Yes
- No
0 voters