Author: Haotian
In the asset tracking analysis report of Bybit's stolen assets disclosed yesterday by SlowMist and the Cosine Security team, it was mentioned that a total of 15,000 cmETH was successfully prevented from being withdrawn by the mETH Protocol, recovering a loss of $42 million. Many friends must be curious about what happened here?
The mETH Protocol is a liquid staking protocol launched on the Ethereum mainnet by the Mantle layer2 chain to allow users to earn native yields when depositing ETH on layer2. It is a liquid staking asset with a cumulative deposit volume second only to stETH, wBETH, and rETH.
Mantle, with mETH as its core focus, absorbs liquidity from various layer2 chains, becoming an interactive liquidity scheduling center for layer2. One can imagine how strategically important mETH is to the Mantle chain.
cmETH is a re-staked asset of mETH, meaning users can re-stake their circulating mETH assets to exchange for cmETH assets. Compared to mETH, cmETH carries an additional re-staking leverage risk, but it can be mined in various campaigns on layer2 to earn its new governance token, $COOK.
In short, cmETH is a proof-of-stake asset circulating in the layer2 network, which interacts and combines with various layer2 protocols.
Due to this complex business interaction logic, the cmETH protocol has incorporated three key security mechanisms in its design:
- Address Blacklist Mechanism: As the name suggests, it can quickly blacklist addresses marked as hackers to restrict their transfers or interactions with cmETH assets.
- Contract Temporary Suspension: In case of emergencies, the team has the authority to temporarily suspend withdrawal operations to prevent the circulation of suspicious assets.
- Withdrawal Delay Mechanism: It employs a FIFO (First In, First Out) queue mechanism, with a built-in withdrawal delay of up to 7 days (this incident lasted 8 hours), providing a cooling-off period for the team to identify abnormal withdrawal behaviors on-chain.
Although it seems that a certain degree of decentralization is sacrificed for security, it is important to remember that cmETH is a re-staked (leveraged) asset built on top of mETH, primarily used as a proof-of-stake asset for mining in various DeFi protocols. Its security is crucial for the overall liquidity safety across different cross-chain and cross-protocol systems.
At this stage, as an important component of the Mantle ecosystem, it is reasonable to consider and design additional security mechanisms to respond to hacker attacks and emergencies.
It was just unexpected that this design of cmETH did not play a role in the complex combinatorial ecosystem of on-chain DEXs, but instead, it first made a significant contribution to intercepting assets for Bybit.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
