Making DeFi Safer: Timelock on Tezos Explained
Blockchain security is built on the openness of all data. Tezos devs now plan to introduce Timelock, a primitive enabling users to conceal transactions until a certain time. Quite paradoxically, it is likely to increase the security of the network.
In this feature based on the article by Nomadic Labs, we explain how Timelock works and what it can protect from.
Bots Profit on User Transactions
First, let’s recall the typical transaction mechanism:
- A user sends the transaction to the network.
- The transaction goes to the mempool, which is like a blockchain’s dressing room.
- A baker fills a block with transactions with the one with the highest fee going first.
- The baker adds the block to the blockchain, and the network executes the transactions in the pre-set order.
- If two transactions in the block refer to the same smart contract, the network will first execute the transaction with a higher fee.
Dishonest bakers can profit from that mechanism. Say, Alice the baker has created a bot that searches Quipuswap smart contract calls in the mempool. It finds Bob’s transaction that buys 10k kUSD for tez. Alice creates a transaction to buy the same amount of kUSD with a higher fee and puts both calls in the block.
The network executes Alice’s order, so she gets 10k kUSD for $1 per token. The Quipuswap contract recalculates the balance of coins and sets up the new exchange rate of $1.01. The network then executes Bob’s request. The contract recalculates again and increases the rate to $1.02. Then Alice sends her kUSD at the new price and gets a 2% profit.
In Ethereum, bots like those continuously harass DEX users and are known as flashbots. Back in 2020, for example, a flashbot got $12k from a Uniswap contract right before the bedazzled user’s eyes.
Timelock as a Children’s Game
Imagine a flashbot playing rock-paper-scissors with the user. No matter what the human decides to cast, the bot manages to react faster and cast the figure that beats the user, or, in other words, create a transaction before the block is published.
The simplest way to deal with the bot is to make your move unseen until the very last moment. In the actual game of rock-paper-scissors, you can achieve that with a timer, a box with three buttons for each gesture, and a screen. With the user’s hand concealed within the box, the bot will see that the user has made a move but has no idea what that move was, yet it has to make its own move anyway. When the time elapses, their moves appear simultaneously.
Timelock is like that box with buttons. The user broadcasts the transaction into the mempool encrypted, so the flashbot can’t read it and make a move to profit from it. The user then publishes the decryption key and opens the transaction’s contents. The disclosure occurs moments before the block is signed so the bot simply doesn’t have enough time to create its malevolent transaction.
This mechanism, however, is not without vulnerabilities: the user can spam the network with Timelock transactions and disclose only those that prove to be profitable. To avoid that, the developers plan to implement the option of manually picking the keys and obliging users to make insurance deposits.
When creating a Timelock transaction, the user chooses the time when the transaction must be executed. This selection impacts the reliability of the cypher: a transaction scheduled for the next block can be deciphered in a matter of 30 seconds while the one scheduled for 3,000 blocks ahead will take 24 hours.
For each Timelock transaction, the user has to make an insurance deposit. When the deciphering key is published, the network returns a part of the deposit and burns the rest. If the user doesn’t give the key, other users can decipher the transaction on their own, publish the key, and get the same part of the deposit.
This makes Timelock spam quite hurtful for dishonest users and profitable for everyone else on the network but them.
Subscribe and never miss updates from the world of Tezos: