How CCIP Risk Management Network Makes Web3 a Safer Place‍

DeFiLlama reports that hackers have stolen over $15 billion from DeFi protocols. In many instances, attackers needed multiple transactions to siphon off all the funds, giving project teams a window to react to the attack and salvage some assets. Many of them failed to do so, lacking automated protection.

The future of DeFi security lies in fully automated and decentralized security systems, and the Chainlink Risk Management Network (RMN) is a prime example of such a system.

What is RMN and Why CCIP Needs It

The Risk Management Network is an independent, decentralized network that verifies cross-chain transactions parallel to the Chainlink Cross-Chain Interoperability Protocol. RMN enhances CCIP’s security by providing independent monitoring and verification of operations. If simplified, it can halt CCIP services on a particular chain even in extreme cases of compromised Chainlink nodes.

RMN is a hybrid system, combining off-chain and on-chain elements. It compares message roots from the CCIP’s Decentralized Oracle Network with source network roots to determine transaction validity.

If a transaction is not finalized, is invalid, doesn’t have valid Merkle roots on the source chain, or is an attempt to execute the same transaction twice, RMN nodes curse it. If the curse threshold is reached, CCIP operations on that chain are temporarily halted for further investigation.

The main takeaway is the following: the first malicious transaction going through CCIP will halt the network and isolate the funds on the attacked chain. Combined with CCIP’s built-in rate-limiting protection, it won’t allow hackers to steal any reasonable amount. If such a system existed before and was widely adopted, the Ronin Bridge hack worth $625 million wouldn’t have happened.

How Risk Management Network Works in Detail

Let’s talk about off-chain and on-chain parts and a bit more about the blessing and cursing mechanism.

Blessing. Nodes independently verify the integrity of cross-chain messages by reconstructing Merkle trees and comparing them to the roots committed by the primary system. A message is “blessed” and is considered valid if the roots match — it means, for example, that the tokens about to be bridged exist, and the sender controls them.

Cursing. If nodes detect anomalies, such as finality violations or unauthorized message executions, they “curse” the system, temporarily pausing CCIP until the issue is investigated and resolved.

Then we need to know if the operation goes off- or on-chain.

Off-chain part. A network of Risk Management nodes constantly monitors all CCIP-involved operations for any unusual or suspicious activity. Each node has distinct capabilities for 

On-chain part. Each blockchain supported by CCIP has its dedicated Risk Management contract, ensuring that security measures are implemented directly on the blockchain itself.

Why Risk Management Network is a Necessary Measure

The Risk Management Network was designed using the N-version programming (NVP) principle: creating multiple independent implementations of the system that run in parallel and compare their results. In case of discrepancies, measures are taken to minimize potential damage. CCIP and RMN run in parallel, and as long as their outputs on cross-chain operations match, everything is going alright. If their outputs differ, CCIP is halted because it is designed to prioritize safety over continuity.

Additionally, RMN’s decentralization provides an extra layer of security, as control over processes is distributed among many independent participants. This prevents manipulation and increases the system’s resilience.

How Does RMN Work in Tandem with CCIP

CCIP enables the secure transfer of data and assets between different blockchains. RMN plays a crucial role in double-checking the security of these operations.

‍

How it works:

1. Monitoring. RMN always monitors all blockchains connected to CCIP, identifying any anomalies, such as unusual token flows or forged messages. This continuous monitoring ensures that any potential threats are detected early on.
2. Secondary Approval. Each cross-chain message must be confirmed not only by the main CCIP system but also by RMN. This creates an additional barrier for attackers, as they must compromise both systems to carry out a successful attack, which is possible only in theory.
3. Rate Limiting. CCIP limits the amount of funds processed within a specific timeframe, reducing the potential damage from a hack that uses valid transactions. This feature helps to minimize losses in the event of a successful attack, either by completely blocking bridging or by allowing only a small amount to be stolen, giving the team the time to react.
4. Anomaly Detection and Automatic Shutdown. If RMN detects suspicious activity, it can automatically pause CCIP, preventing further movement of funds until the situation is clarified. This rapid response mechanism helps to contain the damage and protect the system’s integrity.

This synergy between the Risk Management Network and Chainlink Cross-Chain Interoperability Protocol serves as a robust defense against potential threats, ensuring that cross-chain transactions are not only effortless but also secure. They cultivate trust in the evolving landscape of blockchain interoperability.

Benefits of RMN for DeFi Security

In the realm of DeFi, security is paramount. The RMN plays a crucial role in mitigating these risks and enhancing the overall security of the DeFi ecosystem.

• Defense in Depth. RMN adds a crucial layer of security to DeFi protocols by creating multiple barriers for attackers, making it impossible for them to exploit CCIP.
• Rapid Response. RMN’s quick response time to suspicious activity through automatic anomaly detection and CCIP shutdown mechanisms either nullifies or minimizes the impact of potential attacks.
• Flexibility. The adaptable design of RMN allows it to evolve alongside the changing threat landscape and be customized for specific DeFi applications, ensuring its effectiveness in protecting the DeFi ecosystem.

Conclusion

The Chainlink RMN is a unique blend of off-chain monitoring and on-chain execution, which provides robust protection against hacks and exploits. By detecting anomalies, initiating rapid responses, and even halting CCIP transactions in real-time, the RMN offers proactive security essential in the fast-paced DeFi world.

While the RMN represents a significant step forward, the quest for perfect security is ongoing. However, with its innovative approach and commitment to continuous improvement, the RMN is well-positioned to remain at the forefront of blockchain security, ensuring the promise of decentralized finance can be realized safely and securely.

‍