The following sections outline security aspects of the EO protocol

While traditional blockchain oracles rely on their proprietary tokens to maintain ecosystem health and secure operations, EO introduces a novel security approach with its dual-token design. The model synergizes the specific advantages of a protocol-dedicated token with the enhanced security and economic stability provided by a well-established token like ETH, used for staking purposes.

This dual-token approach marks a notable shift from the single token model. By incorporating ETH for staking purposes, EO connects to a broader and more resilient economic base. This strategy effectively mitigates risks associated with blockchain protocols that rely on protocol-specific tokens.

The following sections provide a mathematical analysis, showing the enhanced security and stability of such a system.

Measuring Cryptoeconomic Security

Cryptoeconomic security (CES) is a useful measure for analysis, consider the following;

Given a set of colluding validators that we henceforth term the attacker, we assume that the attacker has the ability to corrupt the majority of the validators. Therefore, the attacker possesses the power to manipulate the consensus process, potentially leading to double-spending, censoring transactions, or altering the integrity of the blockchain's state.

To assess whether attacking is beneficial, the attacker must take into account two elements: the Cost of Corruption ($\textit{CoC}$) and the Profit from Corruption ($\textit{PfC}$).

$\textit{CoC}$ encompasses the total resources the attacker must invest to successfully manipulate the protocol, i.e., slashing of their stake, technical resources required for the attack and other associated expenses. Since we focus on assessing the efficacy of stake slashing as a deterrent and its influence on the CES, we assume that the $CoC$ primarily involves the loss of the attacker's staked assets, while other costs will be disregarded.

$\textit{PfC}$ signifies the potential gains the attacker would achieve post-successful manipulation. Our analysis requires a more subtle approach towards $\textit{PfC}$, and thus we divide $\textit{PfC}$ into two sources as follows:

• Profit from Manipulation ($\textit{PfM}$) is the internal profit the attacker can gain by manipulating the protocol. For instance, for blockchain Oracle protocols, it is the profit that could be extracted by a malicious price update. The $\textit{PfM}$ is upper-bounded by the protocol's Total Value Secured (TVS).

• Profit from Depreciation ($\textit{PfD}$) addresses the external profit the attacker can gain from betting on price volatility or depreciation through, e.g., derivative markets or short selling.

Notice that $\textit{PfC}=\textit{PfM}+\textit{PfD}$. A rational attacker will only attack if $\textit{CoC} < \textit{PfC}$.

We capture this in the following definition.

Definition (CES Margin). A protocol has a $\beta$-crypto-economic security margin, or a $\beta$-CES margin, if

In what follows, we explicitly assume that increasing the CES margin implies a more crypto-economically (CE) secure protocol and say that a protocol is CE-secure or CE-vulnerable, referring to a positive or negative CES margin, respectively.

Profit from Short Selling

We now discuss the$\textit{PfD}$ ingredient and suggest a (stylized and simplified) way to quantify it. Crucially, it does not rely on any property of a protocol and refers to any asset, be it cryptocurrency, fiat, or stock.

Consider a token we call $TOK, and assume that the attacker can short $TOK. Since we assume the attack is relatively quick, we neglect the shorting fees.$^1$ The amount of short positions is bounded by $TOK's short interest. Namely, the percentage of $TOK's free float market cap that the attacker could short sell, which we denote by $k$. We stress that typically $k\in[0,1]$. Further, let $m$ denote $TOK's total market cap (in USD). We therefore assume the attacker can open a short position of $km$ USD. Next, let $d$ denote the percentage of depreciation due to the attack, for $d\in(0,1]$. A short seller can thus earn $d$ for every $TOK they short. All in all, a successful short trade will grant the attacker a profit of $kdm$ USD.

CES: A Tale of Two Blockchain Oracles

To demonstrate how the CES margin is affected by the nature of the protocol's token, we compare the following two scenarios:

• EnshrinedBlockchainOracle, which relies on the base-layer's token that we denote by $ETH.

• TraditionalBlockchainOracle, relying on its own token that we denote by $TRD.

We assume that the only difference between EnshrinedBlockchainOracle and the TraditionalBlockchainOracle is the token used for staking. In both scenarios, the market cap of the stake is equal and worth $S$ (measured in USD); however, as we show shortly, the two scenarios imply different CES margins. The reason is that an attack's ramifications are different.

Resilience to Attacks

For Traditional Blockchain Oracle ($TRD), a successful attack on the TraditionalBlockchainOracle will affect the $TRD value, as the $TRD's inherent value is tied to the operations of TraditionalBlockchainOracle. The attacker can gain $kdm$ USD by shorting $TRD prior to the attack; hence, in TraditionalBlockchainOracle's case $\textit{PfD}=kdm$.

For EnshrinedBlockchainOracle ($ETH), as the value and utility of $ETH are unrelated to the EnshrinedBlockchainOracle protocol the price of $ETH will not be affected. Thus, the $\textit{PfD}$ equals 0 for EnshrinedBlockchainOracle.

Observation 1. If the TraditionalBlockchainOracle, which relies on its own token $TRD, has a $\beta$-CES margin, then EnshrinedBlockchainOracle, which relies on the base-layer's token $ETH, has a $(\beta+kdm)$-CES margin.

Observation 1 is illuminating. To illustrate, assume that the TraditionalBlockchainOracle is a medium-sized decentralized service ($m \approx 1$ billion USD) with a reasonable short interest ($k=0.1$).

Under a severe attack ($0.7 \leq d \leq 1$), its CES margin is smaller by 70-100 million USD compared to EnshrinedBlockchainOracle.

Divergences in the Cost of Corruption

External, unforeseen events can break the CES of the TraditionalBlockchainOracle. A crucial observation is that the $CoC$, which is the stake $S$ of the validators, is always smaller than $TRD's market cap $m$. Let $s$ denote the proportion of $TRD market cap used for staking in the protocol, namely $s\triangleq \frac{S}{m}$. We use this formulation to analyze the robustness of the protocol and suggest it is susceptible to a death spiral.

Observation 2. For any real number $q \in [1, \infty)$, the TraditionalBlockchainOracle could be CE-vulnerable even if the cost of corruption is $q$ times the profit of manipulation, i.e., $\textit{CoC} = q \cdot \textit{PfM}$.

The above observation means that attacks might be executed even if the $\textit{PfM}$ is negligible, provided that the attacker can gain from a $TRD price decrease after the attack. The $\textit{CoC}$ component should thus reflect not only the TVS (through $\textit{PfM}$) but also the short interest (through $k$).

Market Fluctuation Impact

Next, we analyze the ramifications of a sudden decrease of $TRD market cap. Such a change in valuation could result from the volatile nature of the crypto space or the unintended fault of the protocol.

Observation 3. Assume the protocol is CE-secure. Any fluctuation in $TRD market cap can make the protocol CE-vulnerable.

This observation is demonstrated using an example.

Example 1:

We analyze the CES of TraditionalBlockchainOracle after a major price drop, which occurs due to, e.g., a major crypto volatility event. We denote by $t_0$ the time of the price drop. We assume that the stake proportion is $s=20\%,$ the attacker's foreseen price drop is $d=50\%$, and the short interest is $k=15\%$.

Before the attack at $t_0$, we assume the market cap of $TRD is $m=1000$ (all monetary quantities are given in million USD terms). Consequently, $\textit{CoC} = sm = 200$, and $\textit{PfD} = kdm = 75.$ Additionally, we assume that before time $t_0$ the potential profit from manipulation is $\textit{PfM}=90.$

The event at $t_0$, which occurs due to a major crypto volatility event, causes the market cap of all crypto tokens to decrease. Particularly, we assume that $TRD drops by $50\%$ and that the more stable$ETH drops by $20\%$. Furthermore, such a market cap change also decreases the $\textit{PfM}$. TraditionalBlockchainOracle's TVS is comprised of different tokens, for instance in $ETH, wrapped versions of $BTC, stable coins ($USDT/$USDC ), and more. Some of those tokens are more volatile than others, and some do not fluctuate at all. We thus assume that, on average, the$\textit{PfM}$ drops on the same scale as $ETH, namely by $20\%$.

The figure below depicts the situation before and after $t_0$, as we formally analyze next.

Let us analyze the CES margin. Before $t_0$, we see that the CES margin is positive, since

After $t_0$, which occurs due to a major crypto volatility event, the market cap of $TRD drops by $50\%$ and becomes $m'=500$. As a result, the $\textit{CoC}$ falls to $sm'=100$ and the $\textit{PfD}$ drops to $kdm'=37.5$. Furthermore, the market cap of all crypto market drops and, as noted above, the$\textit{PfM}$ drops by $20\%$. Overall, the CES margin becomes negative, since

Thus, the event at $t_0$ that sparked a price drop made the TraditionalBlockchainOracle CE vulnerable.

Next, we analyze EnshrinedBlockchainOracle, relying on the independent $ETH token. The CES margins of EnshrinedBlockchainOracle before the event is

The event at $t_0$ affects EnshrinedBlockchainOracle's CES margin as well. First, EnshrinedBlockchainOracle has no $\textit{PfD}$ as it relies on an independent token; thus, the attacker cannot gain from betting on price drops. Secondly, EnshrinedBlockchainOracle's $\textit{CoC}$ decreases due to the drop of $ETH, by $20\%$ to become$\textit{CoC}=160$. Thirdly, as in the case of TraditionalBlockchainOracle, the$\textit{PfM}$ drops by $20\%$, becoming $\textit{PfM}=72$. Overall, the CES margins of EnshrinedBlockchainOracle after the event is

The figure below depicts the change in the CES margin of EnshrinedBlockchainOracle due to the same event. Importantly, under precisely the same event, EnshrinedBlockchainOracle remains CE secure.

Beyond Profit from Depreciation

Until now, we have focused on $\textit{PfD}$, an element that plays a crucial role in the TraditionalBlockchainOracle but not in EnshrinedBlockchainOracle. The $\textit{PfD}$ analysis assisted in understanding how an independent token ($TRD) decreases the CES margin (Observation 1), making the protocol susceptible to attacks even if the $\textit{CoC}$ is orders of magnitude greater than the $\textit{PfM}$ (Observation 2), and could result in vulnerabilities in times of price fluctuations (Observation 3). But relying on a dedicated token $TRD bares other weaknesses. In the next section, we extend our analysis to challenges in the $\textit{CoC}$, particularly around issues of scaling and cost of capital.

Scaling Cost of Corruption with Total Value Secured

Assume that both protocols gain traffic and usage, resulting in a ten-fold increase in the TVS. The higher the TVS, the higher the $\textit{PfM}$; hence, the CES margin decreases dramatically. For simplicity, we shall assume that the $\textit{PfM}$ is a constant fraction of the TVS. How can the protocols regain their CE security?

Observation 4. To keep the CES margin positive, the $CoC$ should scale linearly with the TVS.

Recall that for TraditionalBlockchainOracle, $\textit{CoC} = S = sm,$ where $s$ is the staked proportion of $TRD and $m$ is $TRD market cap. The TraditionalBlockchainOracle can hence increase its $\textit{CoC}$ in two ways:

• Passively, due to an increase in $TRD market cap.

• Actively, by increasing the staked proportion $s$.

Let us examine these two solutions. For the passive approach of experiencing an increase in $TRD market cap, note that the TraditionalBlockchainOracle cannot (legally) control the price and ensure a positive CES margin. Particularly, if the TVS fluctuation and the price fluctuation are not identical (correlation is not enough in this case), the TraditionalBlockchainOracle could become CES-vulnerable (a scenario similar to that in Observation 3). The active approach is also challenging, as it requires the TraditionalBlockchainOracle to call capital on demand while not being connected to an independent pool of capital.

Cost of Capital

TraditionalBlockchainOracle's security scheme demands stakers hold $TRD , thus, stakers have to posses a token with relatively small market cap that depends on the protocol's performance. In contrast, EnshrinedBlockchainOracle could accept stake in $ETH, the base-layer's token. $ETH is less volatile, does not suffer from inflation, and is a multi-purpose token. These differences allow EnshrinedBlockchainOracleto demand less of its stakers compared to TraditionalBlockchainOracle's stakers, who may demand a premium for the additional risks they take (possessing $TRD and being exposed to a potential turbulent macroeconomic environment). Additionally, since EnshrinedBlockchainOracle's stakers could be re-stakers through Eigenlayer, their capital efficiency is maximized.

The Dual Token Model

An independent token makes EnshrinedBlockchainOracle significantly more CE secure than its counterparts utilizing a staking token. However, blockchain oracle sovereign tokens offer other advantages if decoupled from the CES risks.

By rewarding validators with a token, an incentive structure can be designed to increase the rate of rewards. Factors such as uptime, accuracy , and longevity of validators may increase their rewards earned. This achieves both incentivization of higher quality validation, and alignment of validators with the interests of the protocol.

A token vesting mechanism requires validators to be aligned with the network by locking their rewards and ensuring the commitment of the validators during the vesting period. This enhances the stability and security of the network.

A sovereign token design also allows for creating a punishment structures , where rewards can be revoked on non-malicious misbehavior. To avoid slashing Beacon Chain ETH , all non-malicious behavior will addressed with sovereign token punishments.

Implementing all of these mechanisms while having stake rooted in $ETH retains the CES benefits of EnshrinedBlockchainOracle while avoiding the CES vunerabilities of TraditionalBlockchainOracle's.

Proofs

Proof of Observation 1.

The TraditionalBlockchainOracle satisfies $CoC-{(PfM+PfD)} = \beta$, with $PfD=kdm$. EnshrinedBlockchainOraclehas the same $CoC$ and $PfM$, but zero $PfD$ since it relies on the independent $ETH token. Its CES margin is thus $\beta+kdm$. $\blacksquare$

Proof of Observation 2.

Assume that $CoC=q\cdot PfM$, namely that $PfM=\frac{sm}{q}$. Therefore,

The attack is thus beneficial as long as $kd>s(1-\frac 1 q)$. Specifically, if the short interest $k$ is greater or equal to the stake proportion $s$, the protocol becomes CE-vulnerable if the attacker expects a price drop of $d\geq 1-\frac 1 q$. This vulnerability still remains even if $q\rightarrow\infty$, since $d$ could potentially reach 1 and $1-\frac 1 q \leq 1$ for any $q\in [1,\infty).$ $\blacksquare$

Proof of Observation 3.

Assume that before the event, the market cap $m$ satisfies $PfM < m(s-kd)$; thus, the protocol is CE-secure since

Assume that the $PfM$ does not depend on the market cap $m$. This is the case for, e.g., lending markets that mostly offer contracts in $ETH, etc. Since $PfM < m(s-kd)$, there exists a real number $m_0$, for $m_0<m$, such that $PfM=m_0(s-kd)$. Denote by $m'$ the market cap of $TRD after the event. Consequently, if $m'<m_0$, it holds that

thus, the protocol is CE-vulnerable. In other words, if the $PfM$ is not affected by the event, a market cap decrease can spark an attack.

Proof of Observation 4.

For the sake of this proof, we use the subscript $t$ to refer to objects in time $t$; for instance, $CoC_t$ is the $CoC$ at time $t$. The CES margin at time $t$ is given by

Assume at time $t=0$ the CES margin is positive and equals $\beta$. Further, assume by contradiction that $CoC_t =o(\textnormal{TVS }_t)$, where $o(\cdot)$ is the little-o notation. Our assumption about the $PfM$ being a constant fraction of the TVS implies that $CoC_t =o(PfM_t)$ also holds. By definition, there exists a time $t'$ for which $CoC_{t'}<PfM_{t'}$, and hence

therefore, the protocol is CE-vulnerable at time $t'$. $\blacksquare$

End Notes

$^1$ In practice, the attacker would buy leveraged contracts and employ trading strategies. We focus on short positions, ensuring our model is simple yet aligned with reality.

Validator Set Membership

EO is an expansion chain that derives its cryptoeconomic security from Ethereum staking and benefits from the stability of ETH. Through innovative infrastructure provided by Eigenlayer, Ethereum Validators are able to participate in the EO blockchain as part of Validator Set. Validators can initiate a withdrawal from the Validator Set, and membership can be revoked for misbehavior, within Ethereum.

Naively implementing a new PoS protocol is not possible since the validators' stake is managed on Ethereum rather than directly by the protocol. To address this challenge, we developed Aegis—a novel protocol for creating an expansion chain based on primary-chain stake, in our case, restaked ETH. The EO blockchain is built on Aegis.

Aegis uses references from Aegis blocks to primary-chain blocks to define Validator Set, checkpoints on the primary chain to perpetuate decisions, and resets on the primary chain to establish a new committee if the previous one becomes obsolete. It ensures safety at all times and rapid progress when latency among Aegis nodes is low.

Link to full article