The Good Tech Companies - WTF IS A TRAP?
Episode Date: July 17, 2024This story was originally published on HackerNoon at: https://hackernoon.com/wtf-is-a-trap. A Trap is a standard for security automation on the Ethereum blockchain. It's... a smart contract that enables complex time series analysis of any EVM state data. Check more stories related to web3 at: https://hackernoon.com/c/web3. You can also check exclusive content about #web3, #drosera, #drosera-network, #drosera-traps, #decentralized-evm-security, #security-automation-ethereum, #what-are-drosera-traps, #good-company, and more. This story was written by: @drosera. Learn more about this writer by checking @drosera's about page, and for more stories, please visit hackernoon.com. A Trap is a standard for security automation on the Ethereum blockchain. It's a smart contract that allows for complex time series analysis of any EVM state data. Anyone can create a trap by defining data to collect and the conditions that trigger an emergency response. Traps are fully customizable due to the programmatic nature of smart contract code.
Transcript
Discussion (0)
This audio is presented by Hacker Noon, where anyone can learn anything about any technology.
WTF is a trap? by Dracera Network. In this article I'm going to touch on a crucial new
innovation that formed from months of research, experimentation, and orb pondering. The concept
is a completely new form of security infrastructure for protocols that we are aptly naming, traps.
After developing this concept internally and discussing it with
groups from all over the ecosystem, we felt it was about time to walk through it in depth.
I disown of those unique ideas that you don't see very often in this space and makes for a
great conversation piece. While discussing traps with others, we noticed that there was always a
light bulb moment where they understood the gravity of what we were building.
Seeing that spark of
excitement followed up with a few ideas of their own reminded me of the early days in crypto where
we were all learning about AMMs, flash loans, MEV, and ZK proofs. Traps are a unique intersection of
many of these crazy concepts in crypto. So depending on your background it can be a little
complex but our goal is to guide you from Dracera novice to certified trapper background some context on how dracera came about and where the idea of traps came from
it would be pretty cool if it came to us in a dream or a fortune cookie but the reality is it
came from the challenges of developing and maintaining internal monitoring systems
challenges no standardized approach no open source-source framework, time-consuming.
The team was already very familiar with creating monitoring systems that detect specific events,
transactions, and state changes in blockchains. We had to go through the process of building custom monitoring systems that required multiple services and unique implementation details.
We wondered how possible it would better decentralize these monitoring systems using
smart contracts. Creating a base security layer was exactly what we wanted to build.
Philosophy of a trap the name Dracera comes from a genera of carnivorous plants and we
liked the idea that a little liquidity could be used to help protocols catch bugs.
It made US think about how protocols can be symbiotic and how catching a bug quickly should
be incentivized. Most people
are familiar with the toothed snap traps of the Venus flytrap, this is what led us to the name,
traps, for our new security primitive. Attributes of decentralized EVM security
a system where anyone, anywhere, can become a participant in the security landscape,
regardless of skill. No hardware, no centralization, just an open network for
security driven by application-specific terms. EVM native security infrastructure built with
smart contract code, an open-source framework that fosters collaboration between solidity
developers and security professionals. Understanding a TRAPA trap is a standard
for security automation on the Ethereum blockchain.
It's a smart contract that allows for complex time-series analysis of any EVM state data.
Anyone can create a trap by defining data to collect in the conditions that trigger an emergency response. The key takeaway here is that traps are just developed in Solidity,
which allows developers to create security infra using the same tools they already use.
Traps are fully customizable due to the programmatic nature of smart contract code.
This means that trap development is as simple as adhering to a standard interface and writing a bit
of solidity. Below is an example of the trap interface. The core components of a trap are
the collect function and is valid function. Collect allows a developer to fetch any
state data that exists in the EVM. If a protocol developer wants to grab data from multiple DEXs,
oracles, bridges, interop layers, lending protocols or anything then they can.
Backslash dot is valid allows a developer to do analysis on an array of the latest collected data.
This array of data is a time series list of
the previous collect function calls. Being able to perform this type of historical data analysis
is unheard of in smart contracts, but Dracera has a unique approach that makes this all possible.
In order to describe this in detail, we will probably need to have a separate article on
the Dracera node. It simply leverages the EVM as a data
availability layer and ZK for objective historical analysis, like proof of execution between the
collect function and the is valid function. Incident response, okay, so the trap can detect
things but how is this useful for protocols? You, maybe, detecting that an incident has occurred is
a prerequisite for security. The saying,
knowing is half the battle, is certainly true but what matters most is the actions that take place in response to an incident. There are plenty of analogies to be drawn around emergency systems
detecting something and an action plan taking place. If a fire alarm goes off in a building,
then everyone evacuates. If a sprinkler system detects heat, then make it rain. If a car detects
massive impact, then deploy airbags. The current emergency systems in crypto follow a similar
recipe but are horribly inefficient as a first responder action plan. If an exploit of our
protocol is being discussed on X then try to wake everyone up to get in a war room.
This situation is what Dracera is trying to improve by allowing protocol developers
to specify the incident conditions for automatic response. Dracera node operators run a protocol's
trap and when conditions arise, the network works together to execute a predefined incident response
with at least two-thirds consensus. WHO defines the incident response and how the creator of the
trap just needs to specify the
path to the emergency button and the name of the emergency button. This is an address of any smart
contract and any function on that smart contract. A response action could be swapping assets,
pausing functionality, circuit breaking, performing disputes, liquidations, updating
protocol configurations, or anything that a protocol developer can dream up.
This is the power of fully leveraging smart contract code. As for how the incident response gets triggered, this is done when the isValid function returns false, indicating that the
validity of the trap conditions have been broken and an action must take place. The Dracera network
is constantly attesting to the results calculated from performing the as-valid execution on their machine. Benefits of EVM native security
Now that we have covered traps at a high level, it's important to understand the benefits of
solidity security infrastructure, composability. It shouldn't be a surprise that one of the most
powerful concepts in Ethereum IS smart contracts. The ability for contracts to be built on top of
contracts with
any custom implementation is why crypto stands as a multi-billion-dollar hub for innovation and
technological advancement. Traps are smart contracts, which means they can be composed
in any shape that a protocol developer sees fit without needing to compromise.
When new contracts are deployed to the EVM, their data and functionality is automatically
made available for traps to leverage.
This leaves the door open for creativity, experimentation, and network effects.
Extensibility The concept of a trap is actually quite simple.
Our current implementation OFITS interface is pretty straightforward as far as smart
contract definitions go.
This means that there is plenty of room for new unique functionality that can be developed for smart contract security infrastructure. Drossier's
proof of execution primitives will allow us to innovate on new permutations as this new research
area begins to gain traction. Community. This aspect of traps is actually huge. By creating
an open framework for developers to come together through shared knowledge of smart contract code and T-H-E-E-V-M, we are enabling a new community to form.
We believe that this alone has been a huge blocker for security-related projects to take form.
Developers are curious and want to experiment with their tools.
Frontends can be nice but developer communities do not form around how great a toggle button is, they form around tools that give them the ability to develop and talk with fellow developers. Testability. While
the concept of testing may seem a bit boring, it's actually an incredible pain when integrating with
a monitoring system. To be completely honest, there really isn't any good way to test your
security infrastructure against your protocol unless you are building monitoring in-house.
I've built the Ceph-Frankenstein integration tests that connect in-house monitoring to a protocol and
it's never pretty. Insanely time-consuming and detracts from the development of the actual
product. Fortunately with traps, a developer can test their security infrastructure in the same
dev environment as their protocol with Foundry. This allows for developers to verify their
security infra is set up properly and they This allows for developers to verify their security
infra is set up properly and they don't even need to leave their repo. How traps fit into DROSERA
the Dracera protocol at a high level a trap is security infrastructure as solidity code.
Dracera is the protocol you deploy your security infrastructure to. Operators run the security
infrastructure on Dracera. Traps run on Dracera. Operators run traps. This on dracera traps run on dracera operators run traps
this means dracera brings operators together with security for those asking for it in conclusion
traps are dope i mean it's a completely new way to do application security and acts as a fundamental
base layer of security for the ecosystem we are excited to give additional insights on this new
vertical on dare planning on creating follow-on articles to discuss other critical components of the Dracera protocol.
Become a trapper we're looking for solidity developers for a private testnet coming this
month. We're offering significant grants to those selected. Currently, we have a hackathon running
with a top prize of $2,500 but the grants available would be even more substantial.
Key what's in it for you.
Significant rewards through grants. Exclusive access to work closely with our core team.
Influence the development and direction of the Dracera protocol. Light bulb why join us.
Exclusive opportunity. Only 20 top tier solidity developers will be selected.
Significant rewards. Receive substantial grants for your contributions.
Work with industry giants. Our operator program was already oversubscribed and protocols such as
Swell, Yieldnest, and EtherFI have each pledged $300 million in ETH delegations to Dracera.
Direct access to the team. Collaborate closely with Dracera experts. Cutting-edge technology.
Work with traps to build robust security infrastructure using solidity code.
Ongoing events. The Dora Hacks Hackathon is live now.
Check out the exciting bounties available here.
Bullseye ready to dive in? 1. Sign up on our Discord.
2. Select the trapper role. 3. Say hello and introduce yourself.
Thank you for listening to this Hackernon story, read by Artificial Intelligence.
Visit HackerNoon.com to read, write, learn and publish.