We at Greenfield are excited to lead Drosera’s $3.25M seed round with participation of Anagram, Arrington Capital, Paper Ventures, UDHC and Pulsar. This funding will be instrumental in further developing and deploying Drosera’s innovative decentralized incident detection and response solution to ensure the safety of onchain value.

The original publication can be found at Greenfield Publications.

We at Greenfield are excited to lead Drosera’s $3.25M seed round with participation of Anagram, Arrington Capital, Paper Ventures, UDHC and Pulsar. This funding will be instrumental in further developing and deploying Drosera’s innovative decentralized incident detection and response solution to ensure the safety of onchain value. The team has an exceptional track record in relevant fields such as cybersecurity/malware analysis at the US Army Cyber Command, DeFi and MEV at Franklin Templeton, BitGo, Obol and Composable.

Attacks and failures in DeFi

DeFi grew increasingly complex from 2020 onwards. The risk of economic attacks has been historically underestimated, leading to many cases of exploitation using a combination of economically interdependent protocols. Categories like flash loan attacks (Euler | $197M), price oracle manipulation (Mango markets | $117M), bridge related attacks (Wormhole Hack | resulted in $320M of WeETH not being backed) have emerged. Liquid staking tokens (LSTs), liquid restaking tokens (LRTs) and yield-bearing stablecoins (through, e.g., treasuries) have further increased complexity with staking (custom lockup and redemption), restaking (to stake the same asset multiple times), and dependence on (opaque) offchain yield.

The risks of LSTs and LRTs are heightened due to complex factors that can lead to de-pegging. LRTs inherit the de-pegging risks of LSTs and add their own. This was evident in mid-2022 when stETH, typically pegged 1:1 to ETH, deviated significantly in price due to market fears following the Terra/Luna collapse, leading to cascading liquidations in DeFi lending. Shifting focus from LSTs/LRTs to stable coins, recently, Usual Money’s USD0++, a staked version of the USD0 stablecoin, updated its redemption policy without prior notice, causing a sell-off that dropped its price to $0.93 and impacted protocols using USD0++. Mispriced economic value in staking can further affect network security in proof-of-stake systems. Another example is Circle’s USDC de-pegging in 2023, driven by macroeconomic factors like inflation and interest rates. USDC fell to $0.88 after it was revealed that $9.7B of its reserves were at Silicon Valley Bank, which was facing a bank run. This led to a loss of over $6B in supply as investors feared a crash.

A joint report from the European Banking Authority (EBA) and the European Securities and Markets Authority (ESMA) has summarised known risks of DeFi and recommended the introduction of disaster recovery and incident response mechanisms (2.4/95).

Drosera

Drosera builds the immune system for Ethereum and its surrounding EVM ecosystem. It offers a unique solution by enabling the self-service creation of “traps” to detect and respond to potential threats and failures, as outlined above.

Traps can be fine-tuned, activated or deactivated without a redeployment of a smart contract. The traps are defined by protocol developers or trappers (auditors and economic auditors) using Solidity code, targeting EVM-based ecosystems, incorporating both objective, verifiable facts, using zero-knowledge proofs, and subjective assessments, e.g. anomaly detection or proprietary models. The resulting incident response task for a trap is taken care of by adequately incentivized operators (and block builders). Incentivization and market forces ensure a required top-of-block execution to avert exploitation or failure. It is paramount to decentralize its operation over designing incident response in a centralized manner leading to single point of failure and corruption risk.

The network has already made considerable progress, with more than 25 protocols, including Ion Protocol, EtherFi, and Gravita, committed to its Testnet. Additionally, it has established partnerships with various node operators like Infstones, Everstake, Cosmostation, a41, and Blockscape, and joined forces with security specialist GoPlus.

We are excited about the experienced team and its relentless drive to redefine onchain security. In DeFi, economic audits and bug bounties are simply not enough. Drosera provides the crucial building block of holistic real-time threat detection and incentivized response.