# Cryptoeconomic Security While traditional blockchain oracles rely on their proprietary tokens to maintain ecosystem health and secure operations, EO introduces a novel security approach with its dual-token design. The model synergizes the specific advantages of a protocol-dedicated token with the enhanced security and economic stability provided by a well-established token like ETH, used for staking purposes. This dual-token approach marks a notable shift from the single token model. By incorporating ETH for staking purposes, EO connects to a broader and more resilient economic base. This strategy effectively mitigates risks associated with blockchain protocols that rely on protocol-specific tokens. The following sections provide a mathematical analysis, showing the enhanced security and stability of such a system. ### **Measuring Cryptoeconomic Security** *Cryptoeconomic security* (CES) is a useful measure for analysis, consider the following; Given a set of colluding validators that we henceforth term the *attacker*, we assume that the attacker has the ability to corrupt the majority of the validators. Therefore, the attacker possesses the power to manipulate the consensus process, potentially leading to double-spending, censoring transactions, or altering the integrity of the blockchain's state. To assess whether attacking is beneficial, the attacker must take into account two elements: the Cost of Corruption ($$\textit{CoC}$$) and the Profit from Corruption ($$\textit{PfC}$$). $$\textit{CoC}$$ encompasses the total resources the attacker must invest to successfully manipulate the protocol, i.e., slashing of their stake, technical resources required for the attack and other associated expenses. Since we focus on assessing the efficacy of stake slashing as a deterrent and its influence on the CES, we assume that the $$CoC$$ primarily involves the loss of the attacker's staked assets, while other costs will be disregarded. $$\textit{PfC}$$ signifies the potential gains the attacker would achieve post-successful manipulation. Our analysis requires a more subtle approach towards $$\textit{PfC}$$, and thus we divide $$\textit{PfC}$$ into two sources as follows: * **Profit from Manipulation** ($$\textit{PfM}$$) is the *internal* profit the attacker can gain by manipulating the protocol. For instance, for blockchain Oracle protocols, it is the profit that could be extracted by a malicious price update. The $$\textit{PfM}$$ is upper-bounded by the protocol's Total Value Secured (TVS). * **Profit from Depreciation** ($$\textit{PfD}$$) addresses the *external* profit the attacker can gain from betting on price volatility or depreciation through, e.g., derivative markets or short selling. Notice that $$\textit{PfC}=\textit{PfM}+\textit{PfD}$$. A rational attacker will only attack if $$\textit{CoC} < \textit{PfC}$$. We capture this in the following definition. **Definition (CES Margin)**. A protocol has a $$\beta$$-crypto-economic security margin, or a $$\beta$$-CES margin, if $$ CoC-\underbrace{(\textit{PfM}+\textit{PfD})}\_\textit{PfC} = \beta. $$ In what follows, we explicitly assume that increasing the CES margin implies a more crypto-economically (CE) secure protocol and say that a protocol is *CE-secure* or *CE-vulnerable*, referring to a positive or negative CES margin, respectively. ### Profit from Short Selling We now discuss the$$\textit{PfD}$$ ingredient and suggest a (stylized and simplified) way to quantify it. Crucially, it does not rely on any property of a protocol and refers to any asset, be it cryptocurrency, fiat, or stock. Consider a token we call `$TOK`, and assume that the attacker can short `$TOK`. Since we assume the attack is relatively quick, we neglect the shorting fees.$$^1$$ The amount of short positions is bounded by `$TOK`'s *short interest*. Namely, the percentage of `$TOK`'s free float market cap that the attacker could short sell, which we denote by $$k$$. We stress that typically $$k\in\[0,1]$$. Further, let $$m$$ denote `$TOK`'s total market cap (in USD). We therefore assume the attacker can open a short position of $$km$$ USD. Next, let $$d$$ denote the percentage of depreciation due to the attack, for $$d\in(0,1]$$. A short seller can thus earn $$d$$ for every `$TOK` they short. All in all, a successful short trade will grant the attacker a profit of $$kdm$$ USD. ### CES: A Tale of Two Blockchain Oracles To demonstrate how the CES margin is affected by the nature of the protocol's token, we compare the following two scenarios: * EnshrinedBlockchainOracle, which relies on the base-layer's token that we denote by `$ETH`. * TraditionalBlockchainOracle, relying on its own token that we denote by `$TRD`. We assume that the only difference between EnshrinedBlockchainOracle and the TraditionalBlockchainOracle is the token used for staking. In both scenarios, the market cap of the stake is equal and worth $$S$$ (measured in USD); however, as we show shortly, the two scenarios imply different CES margins. The reason is that an attack's ramifications are different. {% hint style="warning" %} The value and utility of $ETH are independent of EnshrinedBlockchainOracle's activities, unlike $TRD, whose value is closely tied to the operations of TraditionalBlockchainOracle. {% endhint %} ### Resilience to Attacks For Traditional Blockchain Oracle (`$TRD`), a successful attack on the TraditionalBlockchainOracle will affect the `$TRD` value, as the `$TRD`'s inherent value is tied to the operations of TraditionalBlockchainOracle. The attacker can gain $$kdm$$ USD by shorting `$TRD` prior to the attack; hence, in TraditionalBlockchainOracle's case $$\textit{PfD}=kdm$$. For EnshrinedBlockchainOracle (`$ETH`), as the value and utility of `$ETH` are unrelated to the EnshrinedBlockchainOracle protocol the price of `$ETH` will not be affected. Thus, the $$\textit{PfD}$$ equals 0 for EnshrinedBlockchainOracle. [**Observation 1**](#proof-of-observation-1.)**.** If the TraditionalBlockchainOracle, which relies on its own token `$TRD`, has a $$\beta$$-CES margin, then EnshrinedBlockchainOracle, which relies on the base-layer's token `$ETH`, has a $$(\beta+kdm)$$-CES margin. **Observation 1 is illuminating.** To illustrate, assume that the TraditionalBlockchainOracle is a medium-sized decentralized service ($$m \approx 1$$ billion USD) with a reasonable short interest ($$k=0.1$$). Under a severe attack ($$0.7 \leq d \leq 1$$)**,** its CES margin **is smaller by 70-100 million USD compared to EnshrinedBlockchainOracle.** {% hint style="warning" %} Under the same attack, the EnshrinedBlockchainOracle is far more cryptoeconomically secure, as the underlying stake is not derived from the operations of the EnshrinedBlockchainOracle. In contrast, such an attack would devastate the cryptoeconomic security of the TraditionalBlockchainOracle. {% endhint %} ### Divergences in the Cost of Corruption External, unforeseen events can break the CES of the TraditionalBlockchainOracle. A crucial observation is that the $$CoC$$, which is the stake $$S$$ of the validators, is always smaller than `$TRD`'s market cap $$m$$. Let $$s$$ denote the proportion of `$TRD` market cap used for staking in the protocol, namely $$s\triangleq \frac{S}{m}$$. We use this formulation to analyze the robustness of the protocol and suggest it is susceptible to a death spiral. [**Observation 2.** ](#proof-of-observation-2.)For any real number $$q \in \[1, \infty)$$, the TraditionalBlockchainOracle could be CE-vulnerable even if the cost of corruption is $$q$$ times the profit of manipulation, i.e., $$\textit{CoC} = q \cdot \textit{PfM}$$. The above observation means that attacks might be executed even if the $$\textit{PfM}$$ is negligible, provided that the attacker can gain from a `$TRD` price decrease after the attack. The $$\textit{CoC}$$ component should thus reflect not only the TVS (through $$\textit{PfM}$$) but also the short interest (through $$k$$). {% hint style="warning" %} Being able to short $TRD based on the TraditionalBlockchainOracle's operations increases the potential profit from attack, whereas there is no such benefit for attacking EnshrinedBlockchainOracle {% endhint %} ### Market Fluctuation Impact Next, we analyze the ramifications of a sudden decrease of `$TRD` market cap. Such a change in valuation could result from the volatile nature of the crypto space or the unintended fault of the protocol. [**Observation 3.**](#proof-of-observation-3.) Assume the protocol is CE-secure. Any fluctuation in `$TRD` market cap can make the protocol CE-vulnerable. This observation is demonstrated using an example. #### Example 1: We analyze the CES of TraditionalBlockchainOracle after a major price drop, which occurs due to, e.g., a major crypto volatility event. We denote by $$t\_0$$ the time of the price drop. We assume that the stake proportion is $$s=20%,$$ the attacker's foreseen price drop is $$d=50%$$, and the short interest is $$k=15%$$. Before the attack at $$t\_0$$, we assume the market cap of `$TRD` is $$m=1000$$ (all monetary quantities are given in million USD terms). Consequently, $$\textit{CoC} = sm = 200$$, and $$\textit{PfD} = kdm = 75.$$ Additionally, we assume that before time $$t\_0$$ the potential profit from manipulation is $$\textit{PfM}=90.$$ The event at $$t\_0$$, which occurs due to a major crypto volatility event, **causes the market cap of all crypto tokens to decrease.** Particularly, we assume that `$TRD` drops by $$50%$$ and that the more stable`$ETH` drops by $$20%$$. Furthermore, such a market cap change also decreases the $$\textit{PfM}$$. TraditionalBlockchainOracle's TVS is comprised of different tokens, for instance in `$ETH`, wrapped versions of `$BTC`, stable coins (`$USDT`/`$USDC` ), and more. Some of those tokens are more volatile than others, and some do not fluctuate at all. We thus assume that, on average, the$$\textit{PfM}$$ drops on the same scale as `$ETH`, namely by $$20%$$. The figure below depicts the situation before and after $$t\_0$$, as we formally analyze next.

Figure 1: The TraditionalBlockchainOracle loses its CES security after a price drop in its sovereign token.

Let us analyze the CES margin. Before $$t\_0$$, we see that the CES margin is positive, since $$ \textit{CoC} - \textit{PfM} - \textit{PfD} = 200 - 90 - 75 = 35. $$ After $$t\_0$$, which occurs due to a major crypto volatility event, the market cap of `$TRD` drops by $$50%$$ and becomes $$m'=500$$**.** As a result, the $$\textit{CoC}$$ falls to $$sm'=100$$ and the $$\textit{PfD}$$ drops to $$kdm'=37.5$$. Furthermore, the market cap of all crypto market drops and, as noted above, the$$\textit{PfM}$$ drops by $$20%$$. Overall, the CES margin becomes negative, since $$ \textit{CoC} -\textit{PfM}-\textit{PfD} = 100 - 72 - 37.5 = -9.5. $$ Thus, the event at $$t\_0$$ that sparked a price drop made the TraditionalBlockchainOracle CE vulnerable. Next, we analyze EnshrinedBlockchainOracle, relying on the independent `$ETH` token. The CES margins of EnshrinedBlockchainOracle *before* the event is $$ \textit{CoC} -\textit{PfM}-\textit{PfD} = 200-90-0=110. $$ The event at $$t\_0$$ affects EnshrinedBlockchainOracle's CES margin as well. First, EnshrinedBlockchainOracle has no $$\textit{PfD}$$ as it relies on an independent token; thus, the attacker cannot gain from betting on price drops. Secondly, EnshrinedBlockchainOracle's $$\textit{CoC}$$ decreases due to the drop of `$ETH`, by $$20%$$ to become$$\textit{CoC}=160$$. Thirdly, as in the case of TraditionalBlockchainOracle, the$$\textit{PfM}$$ drops by $$20%$$, becoming $$\textit{PfM}=72$$. Overall, the CES margins of EnshrinedBlockchainOracle *after* the event is $$ \textit{CoC} -\textit{PfM}-\textit{PfD} = 160-72-0=88. $$ The figure below depicts the change in the CES margin of EnshrinedBlockchainOracle due to the same event. Importantly, under precisely the same event, EnshrinedBlockchainOracle remains CE secure.

Figure 2: EnshrinedBlockchainOracles CES margin decrease after the same event, but remains highly positive.

{% hint style="warning" %} The TraditionalBlockchainOracle CE security is far more susceptible to market fluctuations, whereas EnshrinedBlockchainOracle's security is resilient to external market forces. {% endhint %} ### Beyond Profit from Depreciation Until now, we have focused on $$\textit{PfD}$$, an element that plays a crucial role in the TraditionalBlockchainOracle but not in EnshrinedBlockchainOracle. The $$\textit{PfD}$$ analysis assisted in understanding how an independent token (`$TRD`) decreases the CES margin (Observation 1), making the protocol susceptible to attacks even if the $$\textit{CoC}$$ is orders of magnitude greater than the $$\textit{PfM}$$ (Observation 2), and could result in vulnerabilities in times of price fluctuations (Observation 3). But relying on a dedicated token `$TRD` bares other weaknesses. In the next section, we extend our analysis to challenges in the $$\textit{CoC}$$, particularly around issues of scaling and cost of capital. ### Scaling Cost of Corruption with Total Value Secured Assume that both protocols gain traffic and usage, resulting in a ten-fold increase in the TVS. The higher the TVS, the higher the $$\textit{PfM}$$; hence, the CES margin decreases dramatically. For simplicity, we shall assume that the $$\textit{PfM}$$ is a constant fraction of the TVS. How can the protocols regain their CE security? [**Observation 4.**](#proof-of-observation-4.) To keep the CES margin positive, the $$CoC$$ should scale linearly with the TVS. Recall that for TraditionalBlockchainOracle, $$\textit{CoC} = S = sm,$$ where $$s$$ is the staked proportion of `$TRD` and $$m$$ is `$TRD` market cap. The TraditionalBlockchainOracle can hence increase its $$\textit{CoC}$$ in two ways: * Passively, due to an increase in `$TRD` market cap. * Actively, by increasing the staked proportion $$s$$. Let us examine these two solutions. For the passive approach of experiencing an increase in `$TRD` market cap, note that the TraditionalBlockchainOracle cannot (legally) control the price and ensure a positive CES margin. Particularly, if the TVS fluctuation and the price fluctuation are not identical (correlation is not enough in this case), the TraditionalBlockchainOracle could become CES-vulnerable (a scenario similar to that in Observation 3). The active approach is also challenging, as it requires the TraditionalBlockchainOracle to call capital on demand while not being connected to an independent pool of capital. {% hint style="warning" %} EnshrinedBlockchainOracle can mitigate a TVS increase by controlling the stake, allowing the CoC to scale accordingly. {% endhint %} ### Cost of Capital TraditionalBlockchainOracle's security scheme demands stakers hold `$TRD` , thus, stakers have to posses a token with relatively small market cap that depends on the protocol's performance. In contrast, EnshrinedBlockchainOracle could accept stake in `$ETH`, the base-layer's token. `$ETH` is less volatile, does not suffer from inflation, and is a multi-purpose token. These differences allow EnshrinedBlockchainOracleto demand less of its stakers compared to TraditionalBlockchainOracle's stakers, who may demand a premium for the additional risks they take (possessing `$TRD` and being exposed to a potential turbulent macroeconomic environment). Additionally, since EnshrinedBlockchainOracle's stakers could be re-stakers through Eigenlayer, their capital efficiency is maximized. ## The Dual Token Model An independent token makes EnshrinedBlockchainOracle significantly more CE secure than its counterparts utilizing a staking token. However, blockchain oracle sovereign tokens offer other advantages if decoupled from the CES risks. By rewarding validators with a token, an incentive structure can be designed to increase the rate of rewards. Factors such as uptime, accuracy , and longevity of validators may increase their rewards earned. This achieves both incentivization of higher quality validation, and alignment of validators with the interests of the protocol. A token vesting mechanism requires validators to be aligned with the network by locking their rewards and ensuring the commitment of the validators during the vesting period. This enhances the stability and security of the network. A sovereign token design also allows for creating a punishment structures , where rewards can be revoked on non-malicious misbehavior. To avoid slashing Beacon Chain ETH , all non-malicious behavior will addressed with sovereign token punishments. Implementing all of these mechanisms **while having stake rooted in `$ETH` retains the CES benefits of EnshrinedBlockchainOracle** **while avoiding the CES vunerabilities of TraditionalBlockchainOracle's.** ## Proofs ### *Proof of Observation 1.* The TraditionalBlockchainOracle satisfies $$CoC-{(PfM+PfD)} = \beta$$, with $$PfD=kdm$$. EnshrinedBlockchainOraclehas the same $$CoC$$ and $$PfM$$, but zero $$PfD$$ since it relies on the independent `$ETH` token. Its CES margin is thus $$\beta+kdm$$. $$\blacksquare$$ ### *Proof of Observation 2.* Assume that $$CoC=q\cdot PfM$$, namely that $$PfM=\frac{sm}{q}$$. Therefore, $$ CoC-PfM-PfD=sm-\frac{sm}{q}-kdm=m\left(s(1-\frac{1}{q})-kd\right). $$ The attack is thus beneficial as long as $$kd>s(1-\frac 1 q)$$. Specifically, if the short interest $$k$$ is greater or equal to the stake proportion $$s$$, the protocol becomes CE-vulnerable if the attacker expects a price drop of $$d\geq 1-\frac 1 q$$. This vulnerability still remains even if $$q\rightarrow\infty$$, since $$d$$ could potentially reach 1 and $$1-\frac 1 q \leq 1$$ for any $$q\in \[1,\infty).$$ $$\blacksquare$$ ### *Proof of Observation 3.* Assume that *before* the event, the market cap $$m$$ satisfies $$PfM < m(s-kd)$$; thus, the protocol is CE-secure since $$ CoC-PfD-PfM=m(s-kd)-PfM > m(s-kd) -m(s-kd)=0. $$ Assume that the $$PfM$$ does not depend on the market cap $$m$$. This is the case for, e.g., lending markets that mostly offer contracts in `$ETH`, etc. Since $$PfM < m(s-kd)$$, there exists a real number $$m\_0$$, for $$m\_0\