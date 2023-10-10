Introduction

This report follows How DeFi’s Operational Risks Could Influence Credit Quality, (published June 7, 2023), in which we explored the range of operational risks that can arise in decentralized finance (DeFi) applications. In this report, we take a deep dive into blockchain-specific risks. It is worth noting that operational risks exist in traditional financial infrastructure. (See Operational Resilience Is Key To Global FMIs’ Rating Strength, Chart 5, “Outages Are Common For Global FMIs.”) What is new in blockchain technology is how these risks can materialize and how they can be remedied or avoided.

This report focuses on three examples of blockchains that are prominent in DeFi and have supported recent use cases that interact with the traditional financial system: Ethereum, Polygon and Solana. We highlight that although decentralization may reduce the presence of intermediaries, blockchains still include material trust assumptions and dependencies. Currently, blockchain operational risks do not affect ratings, as rated issuers have only started dipping their toes in the water. As use cases for public blockchains begin to expand through the financial system, it is important to understand where dependencies lie, and what can go wrong and how, to effectively mitigate these risks. We also explore the direction of these blockchains, including the impact of zero knowledge (ZK) proof technology. We include a glossary of technical terms and related research at the end of this report.

The blockchain design trilemma

In this report, we take a deep dive into the following three blockchains:

– Ethereum is the blockchain with the largest DeFi ecosystem. Its initial design has prioritized decentralization and security at the cost of scalability. Specifically, decentralization is made possible by minimizing the hardware requirements to participate as a validator in the network, allowing many individuals to participate. However, minimizing hardware requirements involves limiting the number of transactions that can be processed in each block, hindering scalability. Ethereum uses a “proof of stake” (PoS) consensus mechanism (see next section). Its Ethereum virtual machine (EVM) provides the bedrock for a growing ecosystem of scalability focused blockchain solutions compatible with the main Ethereum chain (Ethereum mainnet).

– Polygon PoS is a sidechain to Ethereum, meaning that it is a separate blockchain that is compatible with the EVM and connected to the Ethereum mainnet through a two-way bridge. It aims to increase scalability relative to the Ethereum mainnet while benefiting from some, but not all, of Ethereum’s decentralization and security. It uses a PoS mechanism that is similar to but separate from Ethereum’s.

– Solana is designed to prioritize scalability and security at the expense of some centralization. Specifically, and in contrast with Ethereum, it prioritizes high transaction throughput, increasing the hardware requirements for validators to a point where currently only professional operators can participate. Whereas Polygon aims to develop within the Ethereum ecosystem, Solana aims to develop a separate ecosystem. Solana uses a “proof of history” mechanism, which is a modified PoS consensus mechanism that allows parallel validation by timestamping transactions and enhances transaction throughput.

How blockchains work:

Achieving consensus and finality

Polygon PoS’ consensus mechanism is similar to Ethereum’s and is connected to the Ethereum mainnet. Like Ethereum, the consensus for finality is two-thirds of the validators. There is a smart contract stored on the Ethereum mainnet to interact with Polygon validators. These smart contracts address the issues of staking management, delegation of validator shares and checkpoints. The PoS layer for Polygon is the validator layer where all blocks since the last checkpoint are validated and then coded to be stored on the Ethereum mainnet. The block-producing layer where individual transactions are aggregated into blocks is all EVM-compatible, allowing for the final blocks to be stored on the Ethereum mainnet. For more information, please see https://wiki.polygon.technology/docs/pos/what-is-polygon-pos/

Validators stake Polygon’s native token, MATIC, to participate in the network. Polygon PoS selects block producers and checkpoint proposers among validators based on their stake ratio, including delegations. Rewards are given to all validators at every checkpoint according to their stake ratio. Validators can leave the network at any time and withdraw their tokens at the end of an unbonding period.

Solana uses a proof-of-history (PoH) mechanism, which is a modified PoS consensus mechanism that allows parallel validation by timestamping transactions and thus enhancing transaction throughput. With PoH, a block proposer uses a verifiable delay function to keep the PoH digital ledger and encrypt timestamps for each transaction, providing a verifiable and permissionless source of time. This technique enhances the platform’s throughput by allowing nodes to review blocks without reviewing the entire chain and enabling parallel processing of transactions. The PoH mechanism, combined with other innovative features, allows Solana to achieve scalability with low transaction fees.

Blockchain security

Liveness versus security bias

A fundamental design choice when building a blockchain is how it will behave in the event of an accidental or malevolent security event. Ethereum has a “liveness biased” design intended to avoid any outage from the user’s perspective. Indeed, to date, Ethereum has not experienced such an outage per se: Risks arise, rather, in the form of delayed finality (that is, a delay before new blocks become immutable (see sidebar “Ethereum’s delayed finality event in May 2023” in next section). In contrast, Solana and Polygon are “security biased” blockchains: If a bug or attack prevents achieving consensus, these blockchains may experience an outage (that is, users will not be able to transact) while the security risk is addressed.

The timeline below illustrates the major outages on Polygon and Solana. Outages have occurred mainly when high network demand has stretched validator resources or triggered bugs in the client software used to validate the network. In some cases, high network demand has resulted from a distributed denial-of-service cyberattack: Low transaction costs enabled attackers to flood these blockchains with transactions. Both platforms have implemented modifications to their transaction fee structure to reduce vulnerability to such attacks. Solana has also increased its number of validators, whereas Polygon aims to achieve this as part of its “Polygon 2.0” proposal (described later in this report).

Blockchain cyberrisks — Ethereum example

Public blockchains mitigate cyberrisk through decentralization: In the absence of a centralized node operator, it is very difficult for an attacker to control or shut down the network (see Cyber Brief: Reviewing the Credit Aspects of Blockchain, published May 5, 2022). In the chart below, we illustrate the example of Ethereum and how its proof of-stake consensus mechanism addresses cyberrisk. An attacker’s ability to influence the network is directly related to the share of validator nodes that it controls and, therefore, to the volume of ETH the attacker has staked. The key defense mechanisms inhibiting any attack include:

– The cost of accumulating a stake large enough to launch an attack, against the near certainty that substantially all of this stake will be lost if the attack is successful.

– Slashing mechanisms to reduce the stake of validators that are behaving dishonestly.

– “Social” defense mechanisms: Honest validators can withhold consensus attestations on the chain and create a minority fork, to which all economic activity can migrate (see the chart “Governance and social layer” in the next section).

– In addition to the cost, it is difficult to accumulate such a proportion of control because there is a waiting time to activate new validators, and any stake accumulation is highly visible on-chain, making it difficult to reenter following an initial attack.



– The impossibility of creating invalid states of the chain: Even with control over a large share of validator nodes, there are limits to what an attacker can actually gain through “rewriting history” on the chain.



– The mitigation of “long-range reorg attacks” through regular validator checkpoints through time. This type of attack involves a validator that participated in the genesis of the chain, maintaining a separate chain until at some later point it attempts to have this separate chain accepted by validators as the legitimate chain. Simply put, validator checkpoints mitigate this risk because the consensus mechanism cannot be used to accept an alternative chain prior to the latest checkpoint. The risk of attack is, therefore, limited to “short range” and focused on the most recent blocks.



Risk of cyberattack on Ethereum

As of Oct. 9, 2023.

* Based on the price of ETH and volume staked.

Sources: Ethereum proof-of-stake attack and defense; ethereum.org; Dune (@hildobby).

© 2023 S&P Global.