Multi-Party Computation May Hold The Key To Overcoming DeFi’s Persistent Vulnerabilities

FinanceFeeds Editorial Team

Even though the DeFi universe has grown exponentially over the last years, the still-evolving ecosystem has become the breeding ground for malicious actors. On one end, the DeFi market is witnessing an inflow of billions of dollars and helping manifest blockchain’s vision of more democratized and inclusive access to financial services. At the same time, hackers are siphoning off millions in the blink of an eye. This recurring problem needs to stop if DeFi wishes to expand its footprint across the larger market.

Take, for instance, the latest Wormhole network exploit. Hackers exploited the flawed logic in the bridge between Solana and Ethereum blockchains, stealing over $325 million. In general, any transaction triggered through the Wormhole Bridge to Solana requires two things: a valid transaction signature and a “Guardian” approved validation node. Once both conditions are satisfied, the Solana network approves the transaction request. However, in the case of an invalid transaction signature and a valid guardian, the underlying determiners for initiating a transaction don’t match up, leading Solana to deny the mint request.

In Wormhole’s recent exploit, the hacker used an invalid signature and a non-guardian to create two different unapproved conditions. Since the process relies on matching conditions, in this case, a valid signature and guardian, to process transaction requests, the underlying code considered the two “invalid conditions” generated by the hacker as a “match.” As a result, the hacker minted 120,000 wETH, worth around $325 million, on Solana without depositing the corresponding amount of ETH in Wormhole.

For now, the vulnerability has been patched, and the Wormhole management team has reassured users that stolen funds would be returned. However, the team didn’t specify who would provide the funds to backstop the wETH on Solana. 

Multi-Party Computation (MPC) To The Rescue

The Wormhole bridge exploit highlights the growing trend of exploits on cross-chain protocols, raising important questions about the promised security of blockchain networks. While interoperability and cross-chain communication are essential to DeFi, the underlying concept of “validation via signatures” needs a significant overhaul to ward off malicious attempts.

This is where multi-party computation (MPC) comes into the picture. While the core concept of requiring multiple parties or proofs (like signatures) to approve transactions is a common feature used by blockchain wallets, Partisia Blockchain’s MPC technology further diminishes the chances of exploits by distributing signature power to multiple parties. 

Most existing signature-based transaction approvals rely on a single point of trust, but with Partisia’s MPC model, there’s no single point of trust. Instead, the security feature is distributed across the entire Partisia Blockchain, effectively removing problems like a fraud. 

Leveraging the power of ZK (zero-knowledge) computations for on-chain, off-chain, and cross-chain transactions, the MPC model adds privacy and confidentiality with no single point of trust. A subset of the secret keys, but not the entire secret key set, is stored in entirely modifiable endpoints in MPC. These endpoints are used in conjunction to build a consensus, and a minimum number of endpoints must be reached for a transaction to be successful.

According to Kurt Nielsen, the President and Co-founder of Partisia blockchain, “Interoperability via token bridges exhibits immense potential to become a main value creator in the blockchain ecosystem. However, as we saw in the Wormhole exploit, moving tokens outside their established security model poses significant challenges and vulnerabilities. Our answer is more sophisticated, proven audit principles and large-scale MPC security measures.”

He further explains, “First, a regularly expiring Oracle effectively and transparently represents the values across the different blockchains like the double-entry bookkeeping that has proven its worth since the Medici Bank in the 14th century. Second, large scale MPC security measures avoid the accumulation of financial risk across Oracles or epochs. Third, the nodes operating the Oracle in a given epoch provide collateral to back the transferred values and finally, objective imbalances are compensated through a decentralized dispute process.”

The Partisia team is a pioneer in the MPC space, offering commercial-grade MPC software solutions to global enterprises since 2008. It has been involved in bringing the power of MPC to blockchain since 2017, gradually building a privacy-focused solution that ensures DeFi users get access to greater trust and security in moving their assets between individual ecosystems. By merging blockchains and ZK computations in a collaborative fashion, Partisia addresses the privacy and interoperability security issues of on-chain, off-chain, and cross-chain transactions. 

  • Read this next

    Retail FX

    Lark Funding reopens to US traders, MyFundedFX picks cTrader

    Canada-based prop trading firm Lark Funding announced it will once again welcome clients from the United States.

    Institutional FX

    Cboe FX volume falls to lowest level since summer

    Cboe’s institutional spot FX platform, known as Cboe Spot, today announced its trading volume for the month ending February 2024, which took a step back after a strong rebound in December.

    Retail FX

    ThinkMarkets secures lucrative DFSA license in Dubai

    Melbourne-based broker ThinkMarkets has secured a license from the Dubai Financial Services Authority (DFSA) after it has already incorporated its new subsidiary in the Dubai International Financial Center (DIFC).

    Digital Assets

    New Horizen Lays Out Its Vision Of A Modular, Proof Verification Layer For Web3 Networks

    Horizen is forging a new path for the future of blockchain with its New Horizen initiative, which is building a modular Proof Verification layer that’s dedicated to verifying cryptographic proofs for any settlement layer, beginning with Ethereum. 

    Digital Assets

    Karma3 Labs Raises a $4.5M Seed Round Led By Galaxy and IDEO CoLab to Build OpenRank, a Decentralized Reputation Protocol

    Using OpenRank, developers and web3 companies can build consumer apps where people can discover, use, fund, read, or buy something on-chain without worrying about getting spammed or scammed.

    Digital Assets

    Worldcoin down as Elon Musk sues OpenAI CEO Sam Altman

    Worldcoin’s (WLD) token dropped following news of a lawsuit against related company OpenAI. The lawsuit was filed by Elon Musk and accused OpenAI and CEO Sam Altman of breach of contract.

    Institutional FX

    Exegy’s Liquidity Lamp adds intraday data to outperform S&P 500 by 31.8%

    Exegy has incorporated intraday signals into its AI-powered iceberg order detection tool, Liquidity Lamp. By adding intraday data to a baseline mean reversion strategy, Exegy’s model outperformed the baseline by 10.5% and the S&P 500 (SPY) by 31.8%, respectively in the out-of-sample testing.

    Industry News

    Think Elon Musk backed your crypto exchange? ASIC’s latest reveal may shock you

    In an absolutely shocking turn of events that nobody could have possibly seen coming, the Australian Securities and Investments Commission (ASIC) has bravely stepped forward to reveal that, yes, those videos of Elon Musk passionately endorsing a cryptocurrency exchange are as fake as a three-dollar bill.

    Fundamental Analysis

    Global FX Market Summary: EUR, USD March 1st, 2024

    The ISM’s February Manufacturing PMI is expected to show a slight increase, but remain below the expansionary threshold, while inflationary pressures persist and a Fed rate cut in June is still possible.

    <