Decentralized finance (DeFi) provides an alternative framework for the creation of non-custodial financial services, combining digital representations of value (tokens) with autonomous code execution (smart contracts). While DeFi is interoperable with a wide range of tokens, the fastest growing categories of tokens include stablecoins, tokenized assets, and wrapped assets.
These categories of assets are unique in that the onchain tokens are collateralized by reserves held either offchain or another blockchain network, creating a 1:1 backing. Such assets must prioritize security and transparency in order to ensure that the amount of tokens issued onchain reflects the value of the reserves held offchain or cross-chain.
In this blog post, we explore how integration of Chainlink Proof of Reserve into the minting function of stablecoins, wrapped tokens, and tokenized assets—referred to as “Secure Mint”—increases the security and transparency of the DeFi ecosystem as a whole, while also facilitating greater trust by token holders.
The Risk of Infinite Mint Attacks and Resulting Ecosystem Contagion
Under normal circumstances, stablecoins, tokenized assets, and wrapped assets are fully collateralized as the issuing entity only mints additional tokens if there is sufficient reserves to maintain collateralization. For example, if a stablecoin has $10 million in reserves, and 9 million tokens have already been minted, then the issuer should only mint 1 million additional tokens to maintain a 1:1 collateralization.
However, if a malicious entity (code bugs or backend issues/mistakes) is able to mint additional tokens in excess of the amount of actual reserves, then all issued tokens become undercollateralized. For example, if a malicious entity mints 100 billion additional units of a stablecoin, but there is only $1 million in reserves, then collateralization drops from 100% to nearly zero.
Example of an infinite mint attack on a cross-chain wrapped token.
A compromised connection between a token and its offchain/cross-chain reserves not only poses a direct risk to holders of that token, but also to any DeFi protocol or platform that directly integrates with said asset. Malicious actors often take advantage of an infinite mint attack by selling the newly minted, unbacked tokens on an exchange or using the tokens as collateral in a lending protocol, extracting value from liquidity providers and at times leading to protocol insolvencies.
For example, if a pooled lending protocol supports a token as collateral that experienced an infinite mint attack, then the malicious actor attacker could use their unbacked tokens as collateral to borrow all borrowable assets on the platform—creating unliquidatable toxic debt on the platform, resulting in losses for the protocol’s users. Such an insolvency could then affect other protocols integrated with the now insolvent lending platform, causing ripple effects across the wider DeFi ecosystem.
Industry examples of infinite mint attacks include:
- Restaking protocol Bedrock identified a security exploit involving uniBTC. Following the incident, Bedrock announced that it is integrating Chainlink Proof of Reserve to help secure its minting function and help mitigate future exploits.
- Cashio’s dollar-pegged stablecoin lost its peg after an infinite mint glitch enabled attackers to mint tokens without posting a sufficient amount of collateral.
- Cover Protocol was exploited where over 40 quintillion coins were minted, inflating the token supply.
How a pooled lending market becomes insolvent due to an infinite mint attack on a supported collateral token.
Mitigating Infinite Mint Attacks with Chainlink Proof of Reserve’s Secure Mint Capability
Mitigating the infinite mint attack vector for stablecoins, tokenized assets, and wrapped assets means preventing the minting of unbacked tokens without sufficient offchain/cross-chain reserves in the first place. However, due to the blockchain oracle problem, a token’s smart contract does not natively have access to reserve collateralization information residing offchain/cross-chain and therefore cannot perform necessary verifications during the minting process.
Enter Chainlink.
Chainlink Proof of Reserve (PoR) provides smart contracts with the data required to calculate the true collateralization of any onchain token backed by offchain or cross-chain reserves. Operated by Decentralized Oracle Networks (DONs), Chainlink PoR connects to custodians, auditor/accounting firms, blockchain networks, and/or other third parties to verify offchain/cross-chain reserves, which are then published onchain in a consumable format by smart contracts.
By integrating Chainlink PoR, asset issuers can introduce additional verification logic into their token’s smart contract to programmatically require that there is a sufficient amount of unutilized offchain/cross-chain reserves available to maintain 1:1 collateralization when minting an additional amount of tokens. As a result, infinite mint attacks are mitigated as attempting to mint an amount of tokens beyond available reserves would result in the transaction reverted and no tokens being minted.
Chainlink Proof of Reserve’s Secure Mint capability enables asset issuers to programmatically require reserves to be greater than or equal to the supply being minted. By providing cryptographic guarantees that new tokens minted are backed by reserves, PoR Secure Mint takes tokenized asset and stablecoin security to the next level, helping to prevent infinite mint attacks.
An example of how Wenia integrated Chainlink PoR to secure the minting function of the COPW stablecoin.
Chainlink PoR’s support for Secure Mint functionality has been adopted across the Web3 and DeFi ecosystem, including Wenia—a digital asset company from the Bancolombia Group, one of the largest financial conglomerates in Latin America—who integrated Chainlink PoR to secure the minting function of their Colombian Peso stablecoin COPW. Similarly, 21Shares is using Chainlink PoR to secure the minting function for its 21BTC wrapped Bitcoin token, as well as Matrixdock for its tokenized Short-Term Treasury Bill token STBT.
Additional integrations of Chainlink PoR to increase protocol security includes:
- Aave uses the BTC.b PoR feed as a circuit breaker check for the BTC.b Avalanche V3 pool, protecting against excessive bad debt in case of infinite minting or insufficient BTC collateral.
- Swingby’s WBTC SkyBridge — Bridge validators perform an additional WBTC PoR Feed check offchain before executing the WBTC bridging on destination chains.
- Ava Labs BTC.b Bridge The Ava Labs BTC.b Bridge uses the BTC.b PoR feed as a part of its transparency dashboard to ensure sufficient BTC reserves are locked on the bridge, backing BTC.b tokens on Avalanche.
- Benqi uses BTC.b PoR to monitor reserves on the Avalanche Bridge as a final safeguard for its BTC.b pool.
- DLC.Link dlcBTC — DLC.Link bridge has an additional final check of the dlcBTC PoR Feed before the “attestation network” sign and submit minting instructions to the desired chain.
As the onchain economy expands, the number of stablecoins, tokenized assets, and wrapped tokens will only continue to accelerate, exposing a growing number of users to the risks of infinite mint attacks. By integrating Chainlink PoR, asset issuers can provide an enhanced level of security that not only protects their users but also the wider DeFi ecosystem.
Some of the many benefits of using Chainlink PoR for Secure Mint include:
- Increased security—Secure Mint adds an additional layer of security at the smart contact level for token issuers. By implementing a PoR feed check against the totalSupply in the token smart contract, the token’s smart contract can automatically revert a minting transaction if the combined value of the token’s totalSupply and the new amount being minted is above the reserves amount as reported by the PoR feed.
- Enhanced transparency—Secure Mint facilitates greater ecosystem transparency and confidence for token holders by providing a reliable source of data on the asset’s offchain/cross-chain collateralization, reported onchain in real-time by Chainlink.
- Reduced ecosystem risk—Secure Mint adds another layer of security to the DeFi ecosystem, by mitigating the risks of infinite mint attacks on tokens supported as collateral. Protocols can also pause operations or disable borrowings if the token is detected to become under-collateralized or overminted to prevent incurring further bad debts.
All Comments