ParaSpace
Search
⌃K

Withdrawal and Borrow TimeLock

Background and Motivation for Withdrawal and Borrow TimeLock

ParaSpace works tirelessly with its own engineering and security team along with external auditors to ensure our smart contracts and protocol are free of potential vulnerabilities. As an additional level of protection we have likewise implemented a Withdrawal and Borrow TimeLock system to protect against unauthorized removal of users' funds.

Core Problem to Solve with Withdrawal/Borrow TimeLock

ParaSpace works tirelessly to build further innovation in broader NFT-Fi/DeFi, and we likewise seek to push the space forward in not only economic design but security.
A hacker could ultimately discover an attack vector which allows them to immediately drain users' funds on the protocol in as little as a single block. We go to great lengths to cover any possible smart contract vulnerability, but even then the protocol wants an extra level of security to keep users' assets and the protocol as safe as possible.
To that end we have implemented a Borrow and Withdrawal TimeLock as detailed further below. And though it may introduce some friction to the User Experience, we believe that users are ultimately best served with protections against unauthorized borrow and withdrawals of their own assets.

Overview of ParaSpace's TimeLock Safety Mechanism

ParaSpace seeks to prevent unauthorized access to users' tokens as critical protection against exploit. Of course we must balance any limit on individual transactions against potential nuisance or inconvenience against legitimate borrow and withdrawal transactions.
To balance these interests and with an eye towards user safety, ParaSpace uses a data-driven approach to determine maximum thresholds for withdrawal and borrow within a single block on the Ethereum Mainnet and potentially within a six hour timeframe.

Transaction Limits - Protection against Flash-Loan Attacks to Enhance User Safety

A common attack vector for exploits of DeFi protocols is the so-called "Flash Loan" attack: a hacker uses flash loans from Aave or other protocols to gain access to substantial uncollateralized loans. Each flash loan must be repaid within the same block else the transaction is reverted. Thus an attacker depends on the ability to extract a substantial sum of tokens from a protocol within a single block.
Schematic of our TimeLock Contract Flow
ParaSpace uses a data-driven approach to limit an individual user's maximum withdrawal or borrow within a single block. If a user's withdrawal or borrow request exceeds this single-block limit, there are two additional thresholds and potential waiting periods such that the protocol can actively monitor suspicious activity but also allow for legitimate transactions.
There are thus three Borrow/Withdrawal amount tiers for individual users and transactions:
  1. 1.
    Single Block Limit, or Tier 1: This is the level at which the protocol will allow the user to borrow or withdraw up until the Tier 1 threshold. The protocol will create a smart contract wallet which holds and disburses the user's Borrow/Withdrawal requests in subsequent blocks. And this limit is expressly designed to prevent against large flash-loan attacks.
  2. 2.
    Medium limit or Tier 2: If the transaction request is above this threshold, the withdrawal or borrow will be subject to a 10 minute to 2 hour 10 minute delay. The protocol creates a smart contract wallet which will hold the funds in escrow and distribute to the user automatically within this timeframe. This threshold acts to protect against not only flash-loan attacks but potential oracle price manipulation or other vulnerabilities.
  3. 3.
    High limit or Tier 3: Borrow or withdrawal transactions above the Tier 2 threshold will be subject to a 12 hour 10 minute delays using a smart contract wallet which holds the requested funds in escrow for automatic distribution. As with Tier 2 threshold, this level provides additional protection against potential economic design vulnerability attacks.

Pool Limits - Additional Resilience against Large-Scale Economic Attacks

The single user/transaction limits will help protect against flash-loan and other types of attacks, but to protect against larger-scale multi-account vulnerabilities we will also set time limits for an entire token pools.
TimeLock strategy logic.
  • Pool Limit: To protect against multi-account attacks there will be a single pool limit which will trigger a delay for all Borrow/Withdraw requests for a given token.
    • Pool Threshold: Aggregate single-token borrow/withdrawals above a specific proportion of all pool liquidity will add a 10 minute delay to all withdrawal requests. These will be processed via the same smart contract wallet system which holds the requested tokens in escrow for automatic distribution.

Setting Pool and Transaction Limits - a Firmly Data-Driven Approach

The protocol seeks to maximize user safety but limit interference in normal activities and allow legitimate user transactions to continue unimpeded. To balance these risks we take a firmly data-driven approach on real user behavior. And indeed Tier 1 - 3 thresholds for both Transaction and Pool limits are set according to specific Percentiles of on-chain user Borrow/Withdrawal behavior on the transaction and Pool level.
Users can see our Dune dashboard for on-chain transaction and pool limits.
All amount is in $USD

Transaction Thresholds:

  • Tier 1: 95th Percentile of all single Borrow/Withdrawal amounts.
  • Tier 2: 97th Percentile of the same transactions.
  • Tier 3: 99th Percentile.
Pool Thresholds:
  • Initial Pool Thresholds will be 20% of all pool supply.

Transaction and Pool Limits - An Extra Layer of Protection

ParaSpace aims to be a major innovator in NFT-Fi and DeFi but also protocol security, and our TimeLock implementation is another important tool to ensure the safety of users' tokens and the broader decentralized protocol. Clearly these limits will seek to balance the risks of attacks on the protocol with normal user behaviors. And indeed we will continue to revise our data-driven approach to ensure we set a high bar for not only security but also user experience.

Timelock Parameters

Per Withdrawal Limits

  • If withdraw amount < minThreshold, then the timelock wait time is 1 block
  • If withdraw amount >= minThreshold and <midThreshold, then the timelock wait time is 2 hours
  • If withdraw amount > midThreshold, then the timelock wait time is 6 hours
Token
minThreshold
midThreshold
$APE
10,975
20,100
$cAPE
10,975
53,000
ETH / ETH Derivatives
51.5
155
USDC
105,000
400,000
USDT
105,000
200,500
DAI
40,000
100,000
WBTC
2.5
2.8
BLUR
71,500
118,750
FRAX
30,000
50,000
Token
minThreshold
midThreshold
Bored Ape Yacht Club
1
4
CryptoPunks
1
4
Mutant Ape Yacht Club
2
6
Otherdeed
5
20
Azuki
2
6
Bored Ape Kennel Club
4
12
Moonbirds
5
20
CloneX
5
20
Doodles
5
20
Meebits
5
20
Pudgy Penguins
4
12
Sewer Pass
5
20

Pool Limits

  • If total daily withdraw amount > poolPeriodLimit, then all withdrawal will have an added +10 mins timelock wait time
Token
poolPeriodLimit
$APE
30,000
$cAPE
1,000,000
$ETH / ETH Deriv
1,900
USDC
1,875,000
USDT
400,000
DAI
17,500
WBTC
3
BLUR
200,000
FRAX
15,000
Token
poolPeriodLimit
Bored Ape Yacht Club
100
CryptoPunks
2
Mutant Ape Yacht Club
200
Otherdeed
125
Azuki
9
Bored Ape Kennel Club
57
Moonbirds
3
CloneX
8
Doodles
2
Meebits
13
Pudgy Penguins
2
Sewer Pass
2