In March 2023, Euler Finance was hacked for $200 million, thereby drawing attention to one of the critical DeFi protocol elements: the importance of adherence to the core protocol invariants. Such an incident highlighted that developers must not focus only on the functional safety of a program but also should focus on ensuring that the protocol level is one of the invariants. It was then when the Function Requirements-Effects-Interactions + Protocol Invariants (FREI-PI) pattern came up as a solution that demanded a holistic view of contract safety, integrating protocol invariants into the development process. There are many changes that Euler Finance encountered, where checks, effects, and interactions don’t help to include the comprehensive view of a protocol. By highlighting the lack of continuity in the broader context of protocols, it can easily miss what the core invariant is for lending markets, as was demonstrated by Euler Finance through failing to include a heath check in a function that would have done it if done properly.
FREI-PI
The FREI-PI pattern, such as seen in the dYdX’s SoloMargin contract, allows for well-structured contract design with an emphasis on protocol safety. It demands checks on input requirements, actions, and state requirements to ensure all protocol actions adhere to the core invariants. In fact, it has proven itself to be effective, with SoloMargin being hailed as one of the most secure contract systems out there.
In addition, FREI-PI highlights the idea of entity-centricity, which relates not only the user but also the oracle and the admins/governance, with their specific invariants. For example, an oracle is supposed to provide factual data, and the admins may only act where they intentionally affect other invariants. This complexity highlights how protocols can be secured but also points out that a robust method like FREI-PI is the only viable means of doing so.
Summary
Success by Uniswap, which was guided by simplicity in the core invariant and the absence of complex governance interventions, further supports the fact that simplicity is paramount in protocol design. These are the benefits FREI-PI brings for security as it also encourages developers to pay full attention to the core invariants throughout the development process, from the first design to deployment.
As a developer, it is critical to define and consistently consider the core invariant, supplemented by comprehensive testing and perhaps the use of tools like transient storage in order to improve security. Where some may argue that the additional checks introduced by FREI-PI have come about as inefficient, the real cost of not adhering to these measures is reflected in the Euler Finance hack. Hence, the acceptance of FREI-PI and the concentration on protocol-level invariants is crucial in developing secure DeFi protocols.
Leave a Reply