Multi-Party Computation May Hold The Key To Overcoming DeFi’s Persistent Vulnerabilities

FinanceFeeds Editorial Team

Even though the DeFi universe has grown exponentially over the last years, the still-evolving ecosystem has become the breeding ground for malicious actors. On one end, the DeFi market is witnessing an inflow of billions of dollars and helping manifest blockchain’s vision of more democratized and inclusive access to financial services. At the same time, hackers are siphoning off millions in the blink of an eye. This recurring problem needs to stop if DeFi wishes to expand its footprint across the larger market.

Take, for instance, the latest Wormhole network exploit. Hackers exploited the flawed logic in the bridge between Solana and Ethereum blockchains, stealing over $325 million. In general, any transaction triggered through the Wormhole Bridge to Solana requires two things: a valid transaction signature and a “Guardian” approved validation node. Once both conditions are satisfied, the Solana network approves the transaction request. However, in the case of an invalid transaction signature and a valid guardian, the underlying determiners for initiating a transaction don’t match up, leading Solana to deny the mint request.

In Wormhole’s recent exploit, the hacker used an invalid signature and a non-guardian to create two different unapproved conditions. Since the process relies on matching conditions, in this case, a valid signature and guardian, to process transaction requests, the underlying code considered the two “invalid conditions” generated by the hacker as a “match.” As a result, the hacker minted 120,000 wETH, worth around $325 million, on Solana without depositing the corresponding amount of ETH in Wormhole.

For now, the vulnerability has been patched, and the Wormhole management team has reassured users that stolen funds would be returned. However, the team didn’t specify who would provide the funds to backstop the wETH on Solana. 

Multi-Party Computation (MPC) To The Rescue

The Wormhole bridge exploit highlights the growing trend of exploits on cross-chain protocols, raising important questions about the promised security of blockchain networks. While interoperability and cross-chain communication are essential to DeFi, the underlying concept of “validation via signatures” needs a significant overhaul to ward off malicious attempts.

This is where multi-party computation (MPC) comes into the picture. While the core concept of requiring multiple parties or proofs (like signatures) to approve transactions is a common feature used by blockchain wallets, Partisia Blockchain’s MPC technology further diminishes the chances of exploits by distributing signature power to multiple parties. 

Most existing signature-based transaction approvals rely on a single point of trust, but with Partisia’s MPC model, there’s no single point of trust. Instead, the security feature is distributed across the entire Partisia Blockchain, effectively removing problems like a fraud. 

Leveraging the power of ZK (zero-knowledge) computations for on-chain, off-chain, and cross-chain transactions, the MPC model adds privacy and confidentiality with no single point of trust. A subset of the secret keys, but not the entire secret key set, is stored in entirely modifiable endpoints in MPC. These endpoints are used in conjunction to build a consensus, and a minimum number of endpoints must be reached for a transaction to be successful.

According to Kurt Nielsen, the President and Co-founder of Partisia blockchain, “Interoperability via token bridges exhibits immense potential to become a main value creator in the blockchain ecosystem. However, as we saw in the Wormhole exploit, moving tokens outside their established security model poses significant challenges and vulnerabilities. Our answer is more sophisticated, proven audit principles and large-scale MPC security measures.”

He further explains, “First, a regularly expiring Oracle effectively and transparently represents the values across the different blockchains like the double-entry bookkeeping that has proven its worth since the Medici Bank in the 14th century. Second, large scale MPC security measures avoid the accumulation of financial risk across Oracles or epochs. Third, the nodes operating the Oracle in a given epoch provide collateral to back the transferred values and finally, objective imbalances are compensated through a decentralized dispute process.”

The Partisia team is a pioneer in the MPC space, offering commercial-grade MPC software solutions to global enterprises since 2008. It has been involved in bringing the power of MPC to blockchain since 2017, gradually building a privacy-focused solution that ensures DeFi users get access to greater trust and security in moving their assets between individual ecosystems. By merging blockchains and ZK computations in a collaborative fashion, Partisia addresses the privacy and interoperability security issues of on-chain, off-chain, and cross-chain transactions. 

Read this next

Institutional FX

Euronext reports double-digit growth in FX volume

Pan-European exchange, Euronext has reported a 10 percent rebound in the average daily volume on its spot foreign exchange market. The ADV figure stood at $19.6 billion in January 2022, which is up from December’s $18 billion.

Digital Assets

Voyager subpoenas FTX’s inner circle over Alameda loan

Bankrupt crypto broker Voyager Digital, represented by law firm Kirkland & Ellis, is seeking court approval to subpoena Sam Bankman-Fried’s inner circle, as well as Alameda Research’s former executives.

Retail FX

AvaTrade seals sponsorship deal with F1’s Aston Martin team

Dublin-based forex broker AvaTrade today announced that it has concluded a sponsorship deal with Formula One’s Aston Martin Cognizant team that entails sponsorship rights and other marketing benefits.

Executive Moves

M4Markets onboards Invaxa CEO Marios Antoniou as COO

Seychelles-regulated brokerage firm M4Markets has appointed Marios Antoniou, who has a colorful career within the foreign exchange industry, in the capacity of its Chief Operations Officer.

Digital Assets

GK8 now allows clients to control their digital assets as they would their fiat

“As the institutional market is increasingly turning to self custody, our policy engine empowers them to automate transactions, approvals, and even crucial workflows, while providing the highest degree of security, consistency, governance and control.”

Digital Assets

Retail CBDCs in the UK: “Welcomed” by CryptoUK and R3, but “Dystopian” for ETC Group

“At this stage, we judge it likely that the digital pound will be needed in the future. It is too early to decide whether to introduce the digital pound, but we are convinced preparatory work is justified”, said the BoE and HM Treasury.

Institutional FX

Centroid taps Iress API to provide retail brokers with real-time market data

“It has always been a challenge to have an efficient, elegant solution for market data and order execution for retail brokers, but with Iress we have found absolutely the right partner to add to our client offering.”

Digital Assets

Ramp launches FCA-approved off-ramp product, onboards Brave, Trust Wallet, Ledger

“To obtain and maintain our FCA registration, we must meet and operate within their strict anti-money laundering and counter-terrorist financing standards. This is a huge achievement for us, as compliance is a cornerstone of our business and what we stand for.”

Institutional FX

State Street launches FIX API for Fund Connect ETF platform

“Expanding from proprietary APIs to the FIX industry standard will bring us closer to our goal of 100% digital interactions. This is another example of innovations we’ve brought to our operating model as we celebrate 30 years of servicing ETFs since the launch of SPY.”