SEAL Chaos Team

Running Protocol Drills

Slides: https://hackmd.io/@shield3/sealchaos

digraph G {

  graph [bgcolor="#181818", fontcolor="white", fontname="Courier New", fontsize=18];
  node [fontname="Courier New", fontsize=18, fontcolor="white"];
  edge [fontname="Courier New", fontsize=12, color="white", fontcolor="white"];
  
  node [shape=none]; // No shape for nodes to make them look like labels

  subgraph cluster_timeline {
      rank=same;
      "June '23" [fontcolor="lightgray"];
      "July '23" [fontcolor="lightgray"];
      "Aug '23" [fontcolor="lightgray"];
      "Sep '23" [fontcolor="lightgray"];
      "Oct '23" [fontcolor="lightgray"];
      "Nov '23" [fontcolor="lightgray"];
      "Dec '23" [fontcolor="lightgray"];
      "June '23" -> "July '23" -> "Aug '23" -> "Sep '23" -> "Oct '23" -> "Nov '23" -> "Dec '23" [style=invis]; // Invisible edges to establish order
  }

  CompoundTabletop [shape=polygon, label="Compound Tabletop", style="filled", fillcolor="#00cd89"];
  CompoundLive [shape=polygon, label="Compound Live", style="filled", fillcolor="#00cd89"];
  YearnTabletop [shape=polygon, label="Yearn Tabletop", style="filled", fillcolor="#074bf8"];
  YearnLive [shape=polygon, label="Yearn Live", style="filled", fillcolor="#074bf8"];
  AaveTabletop [shape=polygon, label="Aave Tabletop", style="filled", fillcolor="#8968a3"];
  AaveLive [shape=polygon, label="Aave Live (Planned)", style="filled", fillcolor="#8968a3", style=dashed];

  "June '23" -> CompoundTabletop [dir=none];
  "July '23" -> CompoundLive [dir=none];
  "Aug '23" -> YearnTabletop [dir=none];
  "Sep '23" -> YearnLive [dir=none];
  "Oct '23" -> AaveTabletop [dir=none];
  "Nov '23" -> AaveLive [dir=none];
}

Drill Phases

1. Reconnaissance: Review public code, documentation, and communications.
2. Tabletop simulation: Theoretical threat scenarios.
3. Live exercise: Real-time war room setup on a network fork.

Incite Panic

Practice Emergency Response

Key Takeaways

• Understanding the core dependencies of the protocol: What happens if they fail?
• Assessing the adequacy of monitoring systems.
• Evaluating team preparedness: Do they know the necessary steps?
• Identifying who holds access and controls for rapid response.
• Ensuring inter-protocol communication: Who contacts whom?

Infrastructure

Technology Stack

• Blockscout: Blockchain explorer.
• Anvil node: For network forks.
• RETH node: Mainnet backup.
• Foundry: Scenario planning and configuration.
• Apeworx scripts: Bot orchestration.
• Forta nodes: Real-time monitoring.

Blockscout Explorer

Compound

$2.2B in collateral

Scenario

A price feed for a collateral asset in Compound V3 reports inconsistent values.

Impact: Arbitrage bots exploit the discrepancy, accumulating bad debt for the protocol.

Bot 1 - Market Dynamics

Bot 2 - Introduce the Chaos

Bot 3 - Exploit

Monitoring & Detection

Action Taken

Yearn

$170M TVL

Yearn's complexity required a different approach

Pick a strategy

GenLevCompV4

Each Yearn strategy is equipped with an emergency card detailing experts, action steps, and stakeholders.

Scenario

A strategy in Yearn allocates a significant fund volume to a protocol.

Consequence: The protocol is under attack, necessitating fund retrieval to avert losses.

Monitor

Monitor

Respond

Result

Observations

• Protocol relationships with their 'auditors' extends far beyond initial engagements
• Choose multisig guardians who have to take regular action on the protocol
• Risk processes should always produce emergency procedures artifacts

Thank you

And all the SEAL Contributors!