February 16, 2024
The Theoretical Risks of dlcBTC
dlcBTC offers a secure method for wrapping BTC in DeFi on Ethereum, addressing risks with robust safeguards to ensure safety and trust.
The ongoing blockchain revolution continues to drive technological progress with the goal of developing innovative, interoperable solutions. dlcBTC is one such solution designed to unlock the potential of BTC on decentralized finance (DeFi). DlcBTC is a self-wrapped and non-custodial representation of BTC on the Ethereum blockchain, leveraging Discreet Log Contracts (DLCs) to provide a trustless bridge to DeFi on Ethereum without centralizing or pooling assets.
dlcBTC allows depositors to self-wrap BTC in a DLC, a special type of multisig wallet. Using a pre-signature mechanism, this "lockbox" is set to only pay out to the depositor. Even in the event of a hack or security breach, only the original depositor will receive the BTC deposit. This innovative safeguarding method ensures that users' assets are exceptionally secure and eliminates the risk of loss due to hacks, theft or fraud.
In this article, we dive into the potential risks posted by dlcBTC, a synthetic representation of BTC on Ethereum, and show you the safeguards and security measures in place.
Potential dlcBTC Risks
1. dlcBTC Merchant Redemption Risk
The first hypothetical risk of dlcBTC is that, if a merchant were to become bankrupt, it may not be able to process BTC redemptions for users. This scenario is reminiscent of traditional finance (TradFi) pitfalls, where an insolvent bank is unable to redeem customer deposits. In the case of an insolvency, any bank deposits not covered by insurance (such as FDIC insurance in the US) are at risk of being lost.
In the case of dlcBTC, the redemption risk is similar to that of a traditional bank, as a merchant bankruptcy can lead to redemption risk A bankruptcy would lead to a waiting period while the assets are bought out or auctioned off, and this waiting period can lead to a temporary loss in consumer confidence, leading to a depeg of dlcBTC-BTC price. However, unlike the traditional banking model, merchant insolvency does not equate to a loss of deposited assets. Since dlcBTC tokens can only be minted if BTC is physically locked in a lockbox, this means that the DLC provides built-in Proof of Reserves. Once the assets are acquired by a new owner (via an asset purchase or a government auction), that institution can process redemptions and therefore gain access to the underlying BTC.
Comparing the Redemption Risk of dlcBTC to Banks Backing USDC
The dlcBTC merchant system is perhaps most closely analogous to the system of banks backing USDC. USDC is backed by USD and cash equivalents held in Tier 1 financial institution accounts. Designated officers control access to these reserves with the necessary security clearance. In the event of a bankruptcy, control over these reserves (and the keys to access them) is transferred to a bankruptcy court or a government entity.
This structure introduces a level of counterparty risk, as seen when SVB's failure led to a temporary de-pegging of USDC due to lost consumer confidence. However, once the market confidence was restored, USDC's value recovered. The depeg of USDC created an arbitrage opportunity for investors who purchased USDC for less than $1 (driving up USDC-USD price), netting a profit when they later sold at parity.
Benefits of dlcBTC as Locked Bitcoin Collateral
dlcBTC collateral is physically locked using DLCs, thereby eliminating the traditional counterparty risk associated with bank deposits. This physical locking mechanism ensures that the BTC remains present and accounted for, irrespective of the financial health of the dlcBTC merchant. Therefore, the risk of a dlcBTC merchant facing bankruptcy does not directly impact the presence or availability of the locked BTC. However, it could potentially affect consumer confidence and, thus, the peg of dlcBTC to BTC.
dlcBTC stands out by offering a superior risk-reward ratio, combining the financial benefits of earning yield in DeFi with reduced redemption risk. This positions dlcBTC as a safer alternative to both holding BTC (which carries an opportunity cost) and newer, less adopted technologies like Bitcoin L2s or Babylon. Despite potential depegging risks, similar to USDC, dlcBTC offers a safer way of wrapping Bitcoin.
2. Smart Contract Bugs
According to a report by Halborn, smart contract vulnerabilities account for a whopping 47% of the top 50 DeFi attacks since 2016. The report further reveals that logic bugs are the most common smart contract vulnerability type, accounting for 26% of all smart contract hacks. Failed input validation and math bugs come second and third, accounting for 23% and 12% of smart contract attacks, respectively. These findings emphasize the need for improving smart contract security, implementing robust management practices, and mitigating risks in the DeFi ecosystem.
dlcBTC users are exposed to smart contract risks, security breaches, and regulatory uncertainties when they interact with DeFi protocols. This is a standard aspect of engaging with DeFi platforms. To mitigate these risks, dlcBTC users must perform extensive due diligence before engaging with any DeFi protocol. This includes examining the smart contract code, evaluating existing security protocols, and ensuring the platform's compliance with relevant regulations.
Though all smart contracts have risks, dlcBTC is the safest way of wrapping BTC with the lowest risks. dlcBTC smart contract bugs pose two risks: the BTC collateral may be released prematurely, making dlcBTC to depeg or the BTC collateral might become permanently locked.
Smart Contract-Based dlcBTC Depegging
dlcBTC can depeg on two instances. First, if the dlcBTC contract has a bug that leads to incorrect calling of the dlcClose function. In this case, a depositor gets their BTC back, but they still hold their dlcBTC tokens. The second scenario is when attestors attest to a close event, and a depositor gets their BTC collateral back, but they still hold their dlcBTC. In other words, the burn never happened.
In the unlikely event that the attestors lose their PSBTs (partially signed Bitcoin transactions needed for opening and closing events), the system holds backups of the necessary data. We have also introduced a waiting period of 2 hours, during which an Attestor verification process performs a secondary off-chain check. If the DLC is not marked safe, it triggers a call to pause the contract. Importantly, this pause role may involve both on-chain and off-chain elements, requiring a multisig setup to ensure a robust and decentralized control mechanism.
BTC Collateral Becoming Permanently Locked
The BTC collateral might become permanently locked, limiting the depositor from accessing it under two circumstances. First, a bug in the dlcBTC contract might lead to the mint never taking place, though the user did lock their BTC. Secondly, dlcBTC tokens might be minted to the wrong address because of a bug in the contract.
We have gone the extra mile and implemented a multi-layered approach to ensure that dlcBTC can never depeg from BTC. First, we require attestors (decentralized third-party services that verify DLC outcomes) to only listen to Ethereum Virtual Machine (EVM) events after adequate confirmations. Importantly, we’re not running a separate L2 or chain; we rely on the official Ethereum validators to verify and confirm dlcBTC transactions. This ensures a higher level of security against potential erroneous or malicious transactions.
Secondly, we’re decentralizing our Attestor Network to ensure that normal operations (such as opening and closing vaults) are not affected even when some attestors malfunction. This way, a user cannot lock BTC in a DLC lockbox and fail to mint dlcBTC tokens or get their BTC back without burning dlcBTC tokens.
Conclusion
In summary, dlcBTC represents a significant advancement in the cross-chain transfer of assets, eliminating major risks, such as centralization and counterparty vulnerabilities. By enabling users to self-wrap BTC in a DLC lockbox, dlcBTC ensures that assets are directly controlled by the depositors, thereby significantly reducing the chances of loss due to external threats or malicious actors. DLC.Link mitigates the hypothetical risks of redeeming dlcBTC and smart contract bugs by:
- Leveraging an in-built Proof-of-Reserves
- Providing a superior risk-reward ratio
- Requiring attestors to only listen to the EVM events after adequate confirmations
- Decentralizing the Attestor Network to avoid creating a central point of failure
- Holding backups of all the necessary data
- Implementing a waiting period of 2 hours to perform secondary off-chain checks.
The non-custodial nature of dlcBTC coupled with these security measures make it the first and only theft-proof form of wrapped BTC on the Ethereum blockchain. With its ground-breaking cross-chain approach and unparalleled risk mitigation measures, dlcBTC isn't just setting new standards in BTC wrapping — it's redefining trust and security in the DeFi space.
