Introducing Drosera: A Decentralized Solution for Security in the Blockchain Ecosystem

Today’s blockchain network is both fascinating and complex. Over the years, the ecosystem has faced numerous incidents that are challenging to fully quantify. This has led security agencies in the Web2 space to step in, addressing these issues and taking action against fraudulent players. In this context, Drosera emerges as a solution to a significant challenge that has long plagued the industry. We’re excited to share more about this innovative network.

Drosera is the first and only decentralized incident response protocol that utilizes hidden security intents to contain and mitigate exploits.

Drosera comprises a passionate team of developers and researchers dedicated to creating trustless, decentralized infrastructure for detecting exploits and minimizing financial losses. Our automation protocol simplifies the process of building monitoring systems for decentralized applications, providing a framework for executing automated responses to events on the Ethereum network. This enables developers to create more robust and secure applications.

Born out of the need for stronger security systems in DeFi protocols, Drosera is designed to integrate seamlessly with the Ethereum ecosystem, laying a solid foundation for future development. Our focus on simplicity and developer-friendliness ensures that Drosera can support a wide range of use cases for off-chain monitoring and on-chain responses.

As we continue to evolve, our commitment to providing secure and user-friendly solutions for the DeFi community remains steadfast. Our goal is to empower developers and users alike, fostering a more secure and resilient DeFi ecosystem.

On August 1, 2022, the **Nomad Bridge** was hacked, resulting in the loss of $190 million in locked funds. After the initial exploit, other attackers quickly followed suit, leading to what became a massive “crowdsourced” hack. A routine upgrade on one of Nomad’s proxy contracts inadvertently marked a zero hash value as a trusted root, allowing attackers to spoof the bridge contract and unlock funds. This devastating incident could have been prevented with Drosera’s intervention.

Similarly, on March 13, 2023, **Euler Finance**, a permissionless borrowing and lending protocol on Ethereum, fell victim to a flash loan attack, resulting in nearly $200 million in losses. Hackers stole funds in USDC, wrapped Bitcoin (wBTC), staked Ether (stETH), and DAI, all of which could have been safeguarded by Drosera.

Drosera functions as a security marketplace where protocols can establish a “Trap” to determine whether an emergency response should be initiated. A Trap is a smart contract that defines emergency conditions without being deployed on-chain. By concealing a protocol’s security intents, Drosera Operators monitor protocols, evaluating a Trap’s conditions with each new block. When emergency conditions are met, Operators execute the protocol’s on-chain emergency response upon consensus.

Traps consist of a set of smart contracts that outline the conditions for detecting invariants and performing on-chain responses. They include both on-chain and off-chain components:

• Trap: An off-chain smart contract responsible for data collection and analysis, signaling the execution of an on-chain response function.
• Trap Config: An on-chain smart contract that configures the Trap and defines the on-chain response callback function (e.g., “pause(uint256)”, “react(address)”).

The Trap Config holds a hash of the Trap contract and the address of the on-chain response function. It coordinates the execution of the Trap and the response function, ensuring accountability among Operators.

Operators are vital participants in Drosera, consisting of organizations and individual stakers who run the Drosera Operator Client software. They are responsible for executing Traps and carrying out on-chain response actions, thereby ensuring the security and stability of the network.

To execute a Trap, an Operator must first opt into the specific Trap, gaining access to its off-chain counterpart and current network peers. This enables them to actively monitor and evaluate each new block according to the Trap’s defined conditions. If the conditions of a Trap are met, the Operator promptly executes the corresponding on-chain response function, mitigating potential threats.

Seed Nodes form the backbone of the Drosera network, providing the infrastructure necessary to host Traps and onboard Operators into a decentralized network. These nodes host the Trap bytecode and supply it to Operators when they opt into a Trap. It’s essential to use only trusted Seed Nodes to ensure the integrity of the Trap bytecode. A list of trusted Seed Nodes can be found in the deployments section of the Drosera documentation.

The potential applications of Drosera are limitless:

• Infrastructure as Code: Define your incident response infrastructure using Solidity code and deploy it with drosera apply.
• Time-Series Analysis: Access historical state data within Solidity code by querying an array (e.g., data[block_3, block_2, block_1]).
• Automated Responses: Configure Drosera Traps to execute any smart contract function within the EVM and specify inputs (e.g., performAction() or performAction(anyData)).

DeFi Use Cases

Lending:

• Automated Liquidation Responses: Detect when a user’s collateralization ratio drops below a critical level, triggering a notification or partial liquidation to prevent full liquidation.
• Liquidation and Collateralization Safety Nets: Ensure that collateralization ratios and liquidation patterns are stable and fair, protecting against erroneous or malicious liquidations.

Decentralized Exchanges:

• Monitoring Volume, Liquidity, and Pricing: Perform actions in response to changes in trading volumes, liquidity, and pricing.

Layer 2/Rollups:

• Monitoring State Transitions and Fraud Proofs: Track pause statuses to automatically notify users or halt interactions if an L2 bridge is paused.

Yield Farms and Staking:

• Reward Draining Mitigation: Monitor reward rates and total rewards to detect abnormal drains and halt distributions if necessary.

Oracles:

• Data Integrity Checks: Analyze oracle data over time to detect inconsistencies and trigger alerts for unusual fluctuations.
• Guard Against Price Manipulation: Monitor historical price feeds for sudden drastic changes, which may imply some risk, and enact protective measures.

Insurance Protocols:

• Claim Anomaly Detection: Continuously analyze claim data to identify patterns of fraudulent claims or unexpected spikes.
• Assessment and Voting Anomalies: Analyze patterns in votes and rewards to identify malicious actors or manipulation in assessment voting.

Cross-Chain Bridges:

• Finality and Transfer Anomalies: Continuously verify the security of asset transfers across bridges, activating alerts for any anomalies.
• Staked Assets: Monitor staked assets and collateralization ratios to mitigate bridge failures or asset losses.

Pausable Functionality:

• Auto-Halt in Case of Unusual Activity: Drosera detects abnormal behavior like rapid treasury drains, excessive minting of tokens, or sudden spikes in governance proposals and automatically triggers the isPaused function to halt activity, protecting users and assets.

Regulatory Compliance:

• Compliance And Regulatory Adherence: Ensure that minting and redemption of tokens follow regulatory and compliance standards by monitoring state and ensuring they adhere to predefined rules. Custom data regarding jurisdictional regulatory requirements (like KYC/AML) can be monitored. When deviations or potential violations are detected, Drosera could enact responses, like freezing functionality or alerting relevant parties, to ensure protocols stay compliant.

Liquid Restaking:

• Mitigating Depegs: Analyze the state of liquid restaking mechanisms to prevent depegs or sudden price fluctuations due to ecosystem events.
• Handling Restaking Failures: Observe restaking mechanisms to ensure that restaking failures are detected and resolved quickly, preventing loss of rewards or staking assets.

Governance Mechanisms:

• Mitigating Governance Attacks: Analyze proposalInfo and voting patterns to safeguard against malicious governance attacks or unintended voting manipulations. Analyze token movement, approvals, and voting patterns (votes and proposalInfo) to guard against malicious governance takeovers or Sybil attacks.
• Ensuring Healthy Governance: Analyze participation and proposal outcomes, ensuring they align with a healthy, decentralized governance model and alert in case of centralized voting power emergence.

Multisigs:

• Multisig Operation Alerts: Trigger alerts or potential pauses if there’s a mismatch between votes and threshold for multi-signature activities, ensuring all operations adhere to organizational and security protocols.
• Unauthorized Activity Monitoring: Observe activity to catch and react to unauthorized or unusual transactions that could indicate a compromise.

Treasury Management:

• Automated Treasury Health Checks: Continuously check the balance and expenditures from the protocol’s treasury, ensuring financial stability and alerting if unusual or unauthorized transactions occur.

Since its inception in 2019 as a validator, 01node has significantly expanded its capabilities, evolving into various roles including network operators and RPC providers, among others. We currently serve as operators for Drosera.

Our contribution to the network is vital; we run the Drosera Operator Client software. We are responsible for executing Traps and carrying out on-chain response actions, thereby ensuring the security and stability of the network.

Drosera represents a significant advancement in the quest for security within the blockchain ecosystem. By offering a decentralized incident response protocol, they aim to empower developers and enhance the resilience of decentralized finance. We look forward to exploring more use cases and sharing updates as we continue to evolve and expand our network.