独家优惠奖金 100% 高达 1 BTC + 180 免费旋转

THORChain Chaosnet Risk Summary

A brief summary of Chaosnet risks, read this before using the network.

If you’re still thinking about participating, read on…

THORChain is a decentralized liquidity network which has been in active R&D for the past two years. THORChain enables cross-chain asset swaps in a permissionless & trustless setting via continuous liquidity pools.

The THORChain team have released their first live product on mainnet dubbed ‘Chaosnet’ enabling BEP2 asset staking & swapping for the first time.

Chaosnet is designed to expose the network to scrutiny & attack in order to prove the security & economic incentives are correct; and to demonstrate the network is resilient, performant and overall fit-for-purpose.

The rationale for Chaosnet is based on game theory & behavioral economics ie. without genuine incentives for all agents it’s not possible to test the hypothesis or design assumptions underpinning the network. Chaosnet is a vital step before THORChain’s mainnet.

The following sections are designed to make the community aware of the key risks.

Asset holders provide liquidity into pools by making on-chain transactions which swappers then take advantage of. THORChain uses one-way state pegs to observe events on connected chains and thus does not use two way pegs or representative assets.

Liquidity Providers (LPs) are incentivized to provide liquidity through block rewards and liquidity fees. Swappers are motivated to swap across pools by virtue of its deep liquidity, fair market prices & low fees; and owing to its permissionless and trustless nature. Since there are no external price oracles, arbitrageurs keep pools balanced to correct ratios in order to ensure assets are priced fairly.

The network is run by anonymous nodes (THORNodes) who run software to keep the network operational. Nodes facilitate staking and swapping via observation consensus, after which THORChain’s state changes & becomes instantly final. Nodes also participate in multi-party computation to sign outgoing transactions using threshold signature schemes.

TLDR; THORChain is a decentralized liquidity network connecting blockchains together in a marketplace of liquidity. It’s permissionless, trustless and manipulation resistant; and constitutes a paradigm shift in liquidity.

THORChain is live on mainnet and released to the public under the ‘Chaosnet’ designation. This comes with significant risk for ordinary users & power users alike.

There is a likelihood that use of Chaosnet and BEPSwap will result in loss of staked or bonded assets, as well as those being swapped.

Chaosnet is an experiment in digital asset liquidity and serves two key functions related to the security & economic design assumptions.

Persistent security bounty
Mainnet assets incentivize agents to attack the network for a potential reward.

Assets bonded & staked on the network therefore could be drained, stolen or irrevocably lost through malicious actors, disruptive node behavior or technical malfunction.

Live test of the economic model
Mainnet assets incentivize node operators to bond capital, LP’s to pool liquidity, arbitrageurs to balance pools & swappers to access liquidity.

Liquidity may be lost or eroded temporarily or permanently due to the economic design of liquidity pools. This includes staking, swapping & arbitrage.

The THORChain team leverage industry standard risk management (eg. ISO3000) and quality frameworks (eg. ISO90001/ISO25010) in both project operations and product development processes in order to deliver high quality product and minimize risk.

This section covers only key risks from the risk management process and is not designed to be exhaustive. The team will constantly monitor & review risks as time goes by.

THORChain is built on embryonic technology brought together in configurations never tested before. While the team have taken measures to minimize the likelihood of things going wrong, risks in crypto remain latent and difficult to identify & quantify .

Accordingly the risk profile for THORChain remains relatively high based on these unknown/unknowns.

The following key risk areas are put forward for consideration using generic linguistic scales based on qualitative risk analysis.

Nb. Impact scales are based on users not deploying more capital than they can afford to lose.

Med Likelihood / Low Impact
Chaosnet is the first live test of the network in a real world scenario. While 5 testnets have proven the network to be resilient there may still be latent defects/bugs.

In all prior situations the network has been upgraded on the fly which provides some confidence that in the event of a serious defect/issue/malfunction, there is a serviceable solution for patching issues on the fly.

Med Likelihood / Med Impact
Chaosnet is a decentralised, permissionless network based on game theory and using complex & immature technology. There are likely many attack vectors which have not been identified during audits and testing.

Users should not bond, stake or swap more assets than they can afford to lose.

Med Likelihood / Med Impact
Node operators bond capital to secure the network and underwrite staked capital. Operating a node is a serious business and comes with risk which is why rewards are extremely high.

Node operators should carefully consider the risks before becoming a THORNode operator.

Med Likelihood / Med Impact
Liquidity Providers (aka Stakers) send assets to the network in order to “pool” them to earn fees on swaps and a share of the block rewards. LP’s surrender these assets and own a share of the pool. LP’s can withdraw their share of the pool by signing a transaction with their private key.

Med Likelihood / Med Impact
Swappers send assets in order to swap them for other assets. eg. BNB > RUNE. Swappers pay fees and experience a slip based during this process.

Low Likelihood / High Impact
Participants in the network have many touch points with THORChain both technical & non-technical. eg. THORNodes, API’s, interfaces, on-chain transactions, telegram, twitter etc.

The risk of publicly identifiable information have privacy & security implications and may result in loss of digital assets, identity theft etc. This is entirely within the users sphere of influence. Interaction with THORChain should be done at your own risk.

High Likelihood / High Impact
THORChain’s code repositories are public with opensource licenses. It is trivial to fork the BEPSwap interface and trick users into using the malicious interface. Phishing is an extremely common scam and the team fully expect to see them spring up soon after launch.

Users should never click on any link to BEPSwap unless it’s from the THORChain website, twitter, telegram or discord group. Users should also make small test transactions before staking or swapping and verify pool addresses with the THORChain team on telegram.

The following common mitigation strategies have been employed to reduce the risk profile for Chaosnet.

Other avoidance and mitigation strategies have been and will continue to be employed to reduce the risk profile further. More information will be made available in future updates.

During Chaosnet social media will be relied on heavily to provide updates about the network, including twitter, telegram and discord. The team will immediately disclose any issue affecting the network and will continue to update the community until resolution.

The team have responses planned for several scenarios, and in the event of a major issue request the community keep telegram chatter to a minimum so the team are able to communicate effectively and work with affected members to diagnose and resolve issues.

Should the network require an upgrade, the team will work with node operators to coordinate an emergency upgrade. In this situation the team rely on THORNode operators and therefore may experience a delay in getting the network back online. THORNode operators have been asked to monitor communication channels regularly for any emergency maintenance.

In the event you have discovered a vulnerability, contact the team immediately via twitter, telegram or discord. The team have allocated budget for security bounties and will reward those who uncover attack vectors at all levels of the technology stack. Links to socials can be found at the bottom of this blog.

Chaosnet is an exciting moment in THORChain’s history. Your participation is vital for product validation and will accelerate development toward multi-chain Chaosnet later this year.

In an ideal world the risks of using magical internet money in new DeFi products would be assumed & implied, but history has shown that’s not the case. The team therefore asks the community to exercise caution during Chaosnet.

To keep up to date, please monitor community channels, particularly Telegram and Twitter:

Add a comment

What is your view?

Send

Related posts:

Memories will be For EVER with you

The situation which has happened is the situation that is decided before (1). The situation that is happening is the situation that is decided before (2). The situation which will happen is the…