DeFi (decentralized finance) is the wild west of Web3. In 2021 alone, DeFi users lost a staggering $10.5 billion to theft, fraud, and other nefarious schemes like rug pulls. Even with a bear market and what feels like an open season for hackers, the growing popularity of Web3 is courting a new wave of decentralized finance users. To help combat DeFi-related crime, a blockchain company called Chainalysis has a new tool called Storyline that attempts to remove the complexity of smart contracts when tracking transactions.
Chainalysis has been in the cryptocurrency investigations business since its founding over eight years ago. “There was a big hack of Mt. Gox back in 2014,” said Jacob Illum, Chief Scientist at Chainalysis, in an interview with The New Stack, “and it was really difficult to follow where the funds went. At that point, the founders of the company came together and decided that there needed to be some kind of tool that could help investigate these [transactions] in a graphical way.”
Making Smart Contracts Easier to Read
One would assume that the purpose of a smart contract is to make things simpler. What actually happens is that the more advanced Web3 becomes and the more transactions that take place on it, the more the web of smart contracts is entangled. Illum said, “If you don’t understand what’s actually going on inside of these increasingly complex smart contract calls, it looks like it’s almost impossible to track the funds.”
He added, “Back in 2014, everything was basically point-to-point value transfer. Now, there’s a lot of infrastructure with smart contracts. Inside of those smart contract clause calls there are many sub contracts being called, and it’s basically a whole set of computer programs interacting inside of that smart contract.”
With all these new layers of difficulty, how does one get to what’s important? Illum says that’s where Storyline and its “demystifying” features come in. “It’s really about going into all the core details of interactions that are going inside a smart contract and basically trying to pick the meat from the bone.”
But exactly what is the process for filtering information from the smart contract it resides on? Remember, a smart contract will show every action that a user made with it, in addition to what’s happening on the backend. Balance checking, deposits, coin transfers, and anything else that takes place within your wallet. Imagine trying to sort through all of those different interactions when searching for the one interaction that resulted in your money being stolen. Not only is it inefficient, without the help of adequate technology, it could likely be impossible.
Illum says that’s where the “demystifying” features of Storyline come in. “What our tool does is parse through all of that complexity, and then make the assessment of ‘what is actually relevant in here?’ What is it that the user needs to see?”
Get a Clearer Look at Transactions
The Storyline software may not be an insta-fix for DeFi theft, but it does peel back a very important layer: user intent. “We showcase and identify the intent, show the user the name of the intent or basically give them a description of what the intention of this transaction was supposed to be, and [in] the end the resulting outcome of that intent,” Illum explained.
“Here’s a good example,” he continued. “You might be wanting to swap one token for another token, which is a common use case inside of blockchain using a decentralized exchange. But there are many ways of going about it. You can go directly to a liquidity pool to do it, or you can go through the router of the given liquidity pool you’re interested in. You can decide to go through an aggregator that’s going to survey all the different liquidity pools and find the one that’s best for you, or maybe even split your request up across multiple liquidity pool to get you the best rate. At the end of the day, your intent was really to get this token swapped to this token, but there were a lot of decisions happening in the background that really you had no say in. It was not you, you relied on the service that you used to do that. Storyline would assess and identify that you went to this aggregator with the intent of swapping this token to this, and the rest is just complexity.”
Again, this isn’t a miracle cure for victims of cyber criminals. But it’s a step in the right direction to simplifying smart contracts and transactions for investigators, so that catching these hackers would be much easier — and maybe some users would be able to see their money again.
“We’re still early stages,” said Illum, “[and] there’s a lot to be done from a consumer protection side. We still see these DeFi exploits. But, you know, smart contracts are software. Software has bugs, and that’s unavoidable. Some of the real challenges that we’re facing right now, I think, is how do we offer consumer protection, knowing that there’s going to be bugs in software, without people losing their life savings?”
There doesn’t seem to be a concrete answer yet, but at least someone is asking the right questions.