This tweet is GOLD for protocol owners and stakeholders.
This unassuming, deceptively simple tweet captures a set of critical security principles our industry would be wise not to ignore.
Here are my top observations (strictly from this tweet)
Huge volatility today — AVAX briefly crashed from $24 to $8.5 on CEXs.
I was using AVAX as collateral on @BenqiFinance and thought everything was liquidated. For 20 minutes it felt like total loss.
But thanks to Benqi’s dual oracle system, my positions were actually safe once feeds recovered.
Grateful for solid oracle design — it literally saved me today. Thanks to the entire Benqi team for building with such resilience. 💪 #Avalanche #Benqi
For context, the Dual Oracle Model implies having a backup oracle, where one oracle is the primary source and the other is secondary.
This is one of those defence-in-depth principles that every protocol knows, yet hardly anyone pays attention to it since the probability of such an arrangement actually coming in clutch is very minimal.
But what people fail to recognise is that when such black swan-ish events do happen, the magnitude of damage done to protocols is unprecedented and often causes irreversible damage.
This is a very human issue where people know EXACTLY what needs to be done, but just don't do it
What makes this tweet even better is that the attached image also talks about circuit breakers. This is something that we DO NOT talk enough about in our industry.
I am currently consulting with a bunch of protocols and I have advised almost every single one of them to set up circuit breakers (or at least withdrawal throttling) that are triggered automatically based on monitoring alerts.
It constantly blows my mind just how many people are comfortable waking up to the news of a hacked protocol rather than a paused protocol, just because the protocol might be paused due to a false positive and it might worsen the UX for the users.
I am not oblivious to the business requirements, but there is a lot of room to work with when considering the exact invariants that should trigger a protocol-wide pause via a circuit breaker.
But refusing to consider it altogether is NOT IT.
Another under-appreciated security aspect that this tweet highlights is: dog-fooding your security arrangements.
I have never worked with the Benqi protocol, but I am quite certain they had some simulations that mimic today's events to test the robustness of their defences.
Overall, great job @BenqiFinance. Love to see such rising standards of security in our space.
4.85K
22
The content on this page is provided by third parties. Unless otherwise stated, OKX is not the author of the cited article(s) and does not claim any copyright in the materials. The content is provided for informational purposes only and does not represent the views of OKX. It is not intended to be an endorsement of any kind and should not be considered investment advice or a solicitation to buy or sell digital assets. To the extent generative AI is utilized to provide summaries or other information, such AI generated content may be inaccurate or inconsistent. Please read the linked article for more details and information. OKX is not responsible for content hosted on third party sites. Digital asset holdings, including stablecoins and NFTs, involve a high degree of risk and can fluctuate greatly. You should carefully consider whether trading or holding digital assets is suitable for you in light of your financial condition.