Author: Haotian
In the asset tracing analysis report of the Bybit theft disclosed by the @SlowMist_Team @evilcos security team yesterday, it was mentioned that a sum of 15,000 cmETH was fortunately prevented from being withdrawn by @mETHProtocol, saving a loss of $42m. Many friends must be curious about what's going on here?
mETH Protocol is a liquid staking protocol launched on the Ethereum mainnet by the Mantle layer2 chain, in order to allow users to generate native yields when depositing ETH on layer2. It is one of the largest liquid staking assets, only behind stETH, wBETH, and rETH.
Mantle uses mETH as a core hook to absorb liquidity from various layer2 chains, and has become an interoperable liquidity scheduling center for layer2, so the strategic value of mETH to the Mantle chain is immense.
cmETH is a re-staked asset of mETH, which means that users can re-stake their circulating mETH assets to exchange for cmETH assets. Compared to mETH, cmETH bears an additional re-staking leverage risk, but can participate in mining activities of various layer2 campaigns to obtain its brand new protocol governance token $COOK.
In short, cmETH is an equity certificate asset circulating on the layer2 network, and will interact with various layer2 protocols.
It is precisely because of this complex business interaction logic that the cmETH protocol has incorporated 3 key security mechanisms in its design:
1. Address blacklist mechanism, which can quickly list marked hacker addresses into the blacklist to restrict their transfer or interaction of cmETH assets;
2. Temporary contract suspension, where the team has the authority to urgently suspend withdrawal operations in case of emergencies, to prevent suspicious asset circulation;
3. Delayed withdrawal mechanism, using a FIFO (first-in-first-out) queue mechanism, with a built-in maximum withdrawal delay of up to 7 days (this event was 8 hours), which is a cooling-response time for the team to identify abnormal withdrawal behavior on the chain.
Although it seems to have sacrificed a certain degree of decentralization for security, let's not forget that cmETH is a re-staked (leveraged) asset on top of mETH, and its main business scenario is to serve as an equity certificate for mining in various DeFi protocols, so its security is crucial to the overall system liquidity security of cross-chain and cross-protocol.
At this stage, as an important component of the Mantle ecosystem, it is understandable that some additional security mechanisms are considered and designed to cope with hacker attacks and emergencies.
It's just that the cmETH design didn't play out in the complex combination ecosystem of on-chain DEXes, but instead made a big contribution to intercepting assets for Bybit first.
