Today, Revest Finance is excited to announce that we have introduced a bevy of upgrades to bring the security surrounding our value-storage systems to well beyond the leading-edge of what is currently utilized in DeFi. Through our innovative “Sandboxed Counterfactual Storage” method, Revest is now the undisputed industry leader in secure token-storage.
How It Works:
Over the past few days, we have quietly upgraded our token storage vault system to a radically more compartmentalized design. The current industry standard for token storage relies on centralization of deposits: when a deposit is made to a vault, it is recorded to an internal ledger and the tokens are then sent to an often-singular “depository” contract, where they are pooled either with all other deposits or with all other tokens of their ticker. At best, tokens are pooled in different contracts based on their asset-type, as is the case with Uniswap and similar contracts. At worst, they are stored in the same contract as all other tokens, as is the case with 99% of token-locking solutions currently in-use. To solve this, Revest has devised an innovative decentralized alternative.
This presents a serious problem, as we ourselves learned in March. Should an attacker be able to convince the depository contract’s internal ledger that their deposit position is worth more than it should be (a commonly utilized tactic in the vast majority of exploits), when they go to withdraw that position, they will have access to a contract which contains enough tokens to satisfy that request, allowing them to steal tokens. The inability of smart-contract depositories to resist the malicious creation of insolvent states represents a systemic security flaw in the vast majority of token-storage contracts.
Example: A depository contract contains 500,000 tokens, of which 200,000 are owed to Person A and 300,000 are owed to Person B. An attacker convinces the contract that he is owed 500,000 tokens. The contract now has debts for 1,000,000 tokens but only holds assets to back half of those debts, making it insolvent — this is not detected, and all 500,000 tokens can be stolen.
So what is to be done about this problem? Complex and confusing methods of tracking deposits could be introduced, but they would struggle with rebase-tokens and other such edge-cases. Rather than attempting to fix an inherently insecure storage method, Revest Finance has instead opted to forge a new path; a decentralized one.
Revest’s new value storage standard, “Sandboxed Counterfactual Storage”, is based on several principles. The first of these is sandboxing, where one FNFT series will now be represented by one storage vault (also referred to as “Smart Wallets” in our work with LiquidDriver and SpiritSwap). For each FNFT created, one dedicated token-storage contract will be utilized. Each vault is only accessible by the FNFT series associated with it. This ensures that any potential attacker attempting to place the token vault in a state of insolvency will be unable to do so, as any new FNFT they attempt to utilize as an attack vector will not have access to the vault they desire to target. The only way to withdraw funds from a vault is to own the FNFT needed to access it. Through the magic of EIP-1167, this has been accomplished in a way that is 17% cheaper in gas costs than the previous Revest Protocol storage solution was. It has the further advantage of natively supporting rebase tokens without costing any additional gas or requiring unusual tracking systems.
How can this possibly be cheaper? This is where the concept of “Counterfactual Storage” comes into play. Through EIP-1167, we are able to predict what address a given FNFT series will have as its sandboxed vault prior to deployment. Rather than deploying the smart-wallet contract at this during vault-creation, we can instead send value to this address — this is possible even before a contract has ever been deployed there. That is why we refer to this as “Counterfactual Storage”: no contract has ever existed at this address, and until the FNFT underlying it is burnt, none ever will (and even then, never between blocks).
What does this mean for me?
Going forwards, all new FNFTs will utilize this standard, ensuring that no attack vectors can ever again render our systems insolvent. Porting existing FNFTs to it is not possible, however, they will continue to function as they always have, without any interruption of service.
What does this mean for the Industry?
We hope to inspire others with this system, as it is the most secure methodology for securing deposit that we have ever come across. As always, our code is open-source, and we highly recommend either utilizing our core systems or replicating our mechanism design to those in need of a value-storage solution. A safer DeFi for others is a safer DeFi for all.