Drop - Alliance Workgroup (temporary) Review
Key Terms
Ethereum-alignment and commitment to decentralize validation
Drop’s Ethereum alignment is incidental and second-order to some extent. There is no explicit threat to Ethereum decentralization by supporting a project building liquid staking on Neutron, but there is no immediate driver of it either.
That being said, Cosmos has long been a harbinger of technical solutions and research that have percolated into Ethereum. Drop is in a good position to provide a first-look at experiments in validator set curation, for instance.
Finally, many services that Ethereum users and decentralized applications rely on, such as Axelar, are built on IBC. To the extent that Drop is able to decentralize the validator set for these services, it will also contribute to decentralizing Ethereum’s broader ecosystem of supporting services.
Use-cases for stETH adoption and integration
Use-cases are mostly related to using wstETH on new domains with domain-specific applications, or combining with Drop to execute more complex strategies.
The most important use-case for stETH users is the ability to use wstETH collateral on new domains, such as Neutron. Pairing with another liquid staking token is a no-brainer in terms of collateral efficiency on these venues. LP and yield farming opportunities with wstETH on Neutron will open up new use-cases for stETH holders beyond Ethereum.
Opportunities for node operators
Lido operators that are active in the IBC ecosystem may apply to Drop and be onboarded to its validator set, creating strong alignment between both protocols to the extent that they grow in tandem.
Security Review
Please see “Security Culture” section here for further detail
What are the processes for putting code into production?
What is the release flow from the security perspective?
- First, all code is peer reviewed by other core team developers
- Then it’s thoroughly tested (see proposal security section): unit, end-to-end, mainnet forks testing
- Then it’s audited by a reputable auditor, and bugfixes are implemented
- Then it’s tested again, and the deployment is rehearsed on a mainnet fork where the integrity of the protocol with the new code is verified
- Then it’s either deployed (early on) or submitted to a DAO vote (once the Drop DAO is available)
How does the team decide the code is ready for mainnet?
- Code is covered with tests
- Code successfully passed an audit and all the fixes were implemented
- Code successfully worked on testnet for a reasonable time
- There is an advanced monitoring implemented that checks for both liveness and security invariants of the protocol
- Protocol has functionality that allows to mitigate the security incidents (i.e. pauses)
- The deployment plan is detailed and covered with potential “what can go wrong” scenarios and action plans on what to do in every case
Does the protocol have public audits? What parties conducted the audits?
Drop protocol has been audited by Oak Security, the final audit report has been scheduled for publication on the week of Jun 2.
Second and third audits/formal verification by Otter Sec and Informal Systems are starting by the end of June, and scheduled to be completed by the time of the main net launch in early July.
Drop commits to proceeding with the main net launch only after a successful testnet launch, and completed / published smart contract audit report.
What’s the issue summary (total issues / total fixed / crits and highs / crits and highs fixed)
54/39 fixed
5 critical / 5 fixed
14 major / 10 fixed
How is the deployment verified against the audit?
The audit report contains the commit hash of the code version that was audited. One can build contracts and verify whether the deployed version corresponds to the one that was audited. (there’s no other way to do it better in Cosmos at the moment).
Drop team will provide documentation for this verification procedure once the audit report is published.
What are the processes for managing security through TVL growth?
Is there a bug bounty? if yes — which and where
Not currently, but we are planning to set one up with ImmuneFi for ~1M max payout.
Are there limits / thresholds on the project / TVL? Who controls those?
Technically there are limits on how many assets can be under the protocol management and they’re controlled by the protocol administrator which is initially ecosystem 5/7 multisig and eventually Drop DAO.
Are there any user funds on a multisig?
No, all the user funds are handled by smart contracts or interchain accounts owned by smart contracts.
Is the code upgradable? How and who controls upgradability?
The code will be upgradeable, and will be controlled by an ecosystem 5/7 multisig until the Drop token and DAO launch later this year. At which point, the DAO will be the only controller for contract upgrades. A committee appointed by the DAO will likely retain the ability to pause specific contracts to respond rapidly to potential vulnerabilities without unnecessarily stopping unaffected protocol functions.
What is the likelihood that the project will endure?
Is the project incorporated? How the legal structure looks like?
Drop is incorporated as a combination of:
- The Drop Foundation, a Cayman ownerless non-profit mandated to sponsor the growth and secure development of the protocol
- Hadron Labs, a software development company contracted by the Drop Foundation for the development of Drop’s software
What’s the funding situation?
The Drop Foundation is in the process of closing an initial round of funding with CoinFund as a committed round lead, raising $4m at $40m valuation. The round was >3x oversubscribed so extra interest is being rolled over into a follow up round at a higher valuation.
What is the team size?
5 full time engineers including a CTO
1 full time CEO
1 full time Head of BD
Plus support from: Front-end, QA, DevOps, HR, Legal, Accounting/Finance, Marketing, and other functions at Hadron Labs
Additional engineers, devops, front-end, master of validators roles are being opened for Drop.
Is the code open source? What’s the license?
The code is open-sourced with an Apache 2 license: GitHub - hadronlabs-org/drop-contracts: Drop is an integrated cross-chain liquid staking protocol
Executive Summary
| Dimension | Conclusion |
|---|---|
| Security Evaluation | Good practice during testnet launch and multiple audits under the belt, with more on the way. Not the first protocol |
| Ethereum Decentralization | Second-order benefits |
| stETH Adoption | Use-cases on new domains, new pairings with efficient collateral |
| Benefits to Node Operators | Some synergies for existing node operators |
Recommendation: Accept
The temporary Alliance Workgroup recommends accepting Drop and endorsing it for the Lido Alliance.