Chainalysis recently reported that over $3.8B was lost in crypto hacks in 2022 – the majority of which was stolen from DeFi protocols. As crypto tech stacks become increasingly complex, more attack vectors open up for potential exploits – and controlling for these loopholes becomes more complicated. Chaos Labs was founded to help mitigate these vulnerabilities by operating as a risk management protocol for any crypto project that manages user’s funds.
Chaos Labs leverages complex simulation models so teams can quickly and easily predict and adapt to market behavior. Further, the company allows teams to regularly check for risk instead of having infrequent or non-robust audits. This is particularly necessary for companies operating in crypto-economic markets, which are often volatile and have many potential risk channels.
Within Chaos Labs’ risk suite, there are multiple risk-analysis products:
- Optimize risk and capital efficiency: Simulation models are one of the most powerful tools Chaos Labs offers – essentially, they let teams see how the protocol would behave under certain market situations. Further, after attack vectors are identified, strategies are recommended on how to best mitigate risk.
- Streamlined risk assessments: These assessments are like audits but focus on the economic security of a protocol. Chaos will stress test the performance of protocols under volatile market conditions, black swan events with an emphasis on examining composability / interoperability and how users will interact with the protocol.
- Spend optimization: This product also uses a simulation engine to align incentives and subsequently attempt to maximize ROI, which is especially helpful when navigating volatile markets.
Chaos Labs has already implemented and began to test these products real-time in crypto markets. For Aave specifically, Chaos Labs is able to analyze risk parameters and their reaction to market scenarios by running thousands of on-chain and off-chain simulations. Using Monte Carlo simulations, price trajectory models, and simulated agents (that play the roles of lenders, borrowers, and liquidators), Chaos Labs is able to preemptively discover risk and predict how the protocol will react to certain market fluctuations. Chaos Labs also analyzes how the protocol performs in the simulations with different inputs for Aave V3 risk parameters. Read more about the technical methodology here.
Within the simulations, Chaos Labs inputs various combinations for the asset risk parameters to test the protocol. Currently, Chaos supports two types of simulators: Chaos EVM Simulations (which execute a Python-based EVM) and “On-chain” Simulations (which execute on Rust Ethereum Virtual Machine).
- Chaos EVM Simulations: periodically extracts mainnet data, including account portfolios/balances, agent elasticity, protocol liquidity, and risk parameters (250x latency)
- Chaos On-Chain Simulations: using forks, users can analyze and interface with protocols in a simulation environment to stress-test a protocol and examine its behavior
Within the simulation model and the Chaos Labs product suite, key product features includes:
- Parameter recommendations: this feature dynamically tracks how shifts in parameter settings impact aspects of the entire protocol
- Protocol risk dashboard: customers can visualize protocol trends at both a high level and a granular level and track potential risk vectors
- New asset support: adding assets to a protocol can be risky, so this feature helps protocols better understand the associated risk
- Economic analysis: customers are able to test potential exploits in a simulation environment built by Chaos Labs
Source: Chaos Labs
A few of the core values Chaos Labs runs its company by are below:
- “The best simulation environment is as close to production as possible:” Chaos Labs runs EVM-compatible environments for each simulation in order to best evaluate what will occur in different settings. In addition, simulations are executed on a fork so code can be immediately pushed on-chain.
- “Trust, but verify:” Chaos Labs’ transparency allows community members and protocol users to evaluate the simulations and testing environment and recommend different types of implementation as they see fit.
- “Community engagement:” As Chaos Labs grows, the team wants to ensure that the community is actively engaged in proposals from a technological standpoint.
Partnerships
Many DeFi companies have already partnered with Chaos Labs, including Uniswap, Aave, dYdX, Chainlink, Osmosis, BENQI, and more.
Many prominent DeFi protocols have already partnered with Chaos Labs. Source: Chaos Labs
Background + team
Chaos Labs is led by Omer Goldberg, who has been active in the crypto space since 2012. Previously at Instagram as a Tech Lead running the mobile experience on Commerce Ads, Omer left in early 2021 to begin researching and building in DeFi.
Omer recognized that there was a huge gap in DeFi regarding infrastructure: protocols were soaring in popularity and gaining substantial TVLs, but the infrastructure side of things hadn’t caught up yet. Specifically, he commented that “the industry was still highly dependent on smart-contract audits and code peer review.” Further, audits are specifically geared towards just the code of the protocol but don’t often account for the way the protocol will be consumed and its execution environment. In a space that’s had a tremendous amount of exploitation (especially recently), it’s incredibly important to be rigorous in the auditing process (and creative as well).
Omer also cites the fact that because crypto is so interoperable and composable – and that this is exciting from a technological standpoint – the exploitation and risk vectors are massive. In his words: “Developers must realize – while you gain functionality by leveraging third-party applications, you also inherit all of their security vulnerabilities and flaws. The nature of permissionless, composable software makes this even worse – suddenly, we introduce new use cases for how a protocol can be utilized, which wasn’t necessarily what the author had intended.” These trends spurred the idea for Chaos Labs, which grew out of the intention to protect crypto protocols and users.
Chaos Labs Team (Oct 2022) in Tel Aviv. Source: Chaos Labs
The Chaos Labs team includes top engineers from ex-FAANG companies and ex-Israeli Cyber Intelligence – all bringing expertise in security, blockchain, and “chaos” engineering.
As previously mentioned, Chaos Labs recently launched the Aave recommendation portal, which allows for analysis into simulations run to optimize Aave parameters to evaluate risk. Importantly, the portal has full community transparency which allows users to develop trust in the protocol and subsequently drives more individuals to use it. Many individuals believe crypto can be highly risky but many may not know exactly where those risks emanate from. By transparently allowing users to interact with these types of risk products, a better dynamic is established between the user and the protocol.
Chaos Labs will use the funding to build out their suite of risk and security products and continue to partner with DeFi protocols that can significantly benefit from this type of technology.