GLIF: DeFi Innovation on Filecoin With Zero-Compromise Security
“Working with Consensys Diligence gave us more confidence in the security of approaches we were taking.” — Jonathan Schwartz, GLIF CEO
GLIF is stimulating a wave of DeFi (decentralized finance) innovation on Filecoin—the world’s largest decentralized storage network. Filecoin’s mission is to archive humanity’s most important knowledge and information. GLIF’s journey to becoming Filecoin’s premier DeFi protocol coincides with the release of the Filecoin Ethereum Virtual Machine (FEVM), a runtime environment for user-programmable smart contracts deployed on Filecoin.
Previously, the Filecoin network was limited to 11 prebuilt (hardcoded) system contracts and lacked support for applications implementing custom logic. This hindered the network’s utility and growth.. The FEVM opens up an entirely new set of features and functionality for decentralized storage and compute applications - for example, with support for general-purpose smart contracts, developers can now build advanced storage primitives, deploy decentralized compute networks that leverage the Filecoin tech stack, and create cross-chain apps to connect Filecoin to the wider Layer 1 (L1) and Layer 2 (L2) blockchain ecosystems.
Even better, the FEVM opens the door to new DeFi primitives similar to liquid staking on Ethereum and other PoS networks, enabling FIL holders to earn rewards by lending tokens to storage providers (SPs) on the Filecoin network. GLIF is Filecoin’s first non-custodial staking protocol and recently engaged Consensys Diligence for an audit.
What is “GLIF Pools”?
Although GLIF has officially built tools for Filecoin since 2019 (including the network’s first web wallet and multisig), its newest—and perhaps most important—contribution is GLIF Pools: a protocol for deploying interoperable capital markets to the Filecoin network. The Infinity Pool is the first capital market deployed on the protocol - a staking pool similar to Rocket Pool. Founder Jon Schwartz describes the relationship between GLIF Pools and the Infinity Pool in the following words:
“First, we built a unique DeFi protocol (GLIF Pools) that allows us to deploy different interoperable staking pools on Filecoin, and the second thing we built is the first staking pool on that protocol (Infinity Pool). We like to think of GLIF Pools - the underlying DeFi rails for deploying staking pools - as our Pixar and the Infinity pool - the first staking pool built on the protocol - as our Toy Story—it’s basically the first product that’s been built using this underlying tech.” — Jonathan Schwartz, GLIF CEO
Prior to the Infinity Pool, there was no decentralized, permissionless, and sustainable way for $FIL token holders to earn rewards on their FIL. On the other end, Storage Providers (aka “miners”) had no permissionless access to borrow FIL to use for pledging on the network. The Infinity Pool closes this gap with the use of smart contracts deployed on the FEVM.
A Storage Provider’s interaction with the Infinity Pool is mediated by an “Agent” smart contract—each Filecoin Storage Provider creates their own Agent smart contract, which enforces the rules of the protocol. As a result, the Storage Provider retains custody of their operation the entire time while borrowing, which is a significant improvement from any of the other borrowing options that exist.
Agents are required to provide collateral in the form of “Storage Provider equity” and meet certain criteria—which are publicly available—before borrowing from the Infinity Pool to reduce risk for depositors. Moreover, if an Agent defaults on their payments, the protocol is capable of programmatically liquidating assets to reimburse depositors. Users can also withdraw assets from the Infinity Pool at any time of their choosing.
GLIF x Consensys Diligence: Decentralization meets security
“The #1 priority of the Infinity Pool is the safety of user assets.” — GLIF documentation
GLIF’s approach to enabling non-custodial staking and borrowing on Filecoin provides valuable benefits. But decentralized, permissionless systems have historically proven difficult to secure, and GLIF is no exception.
To provide adequate security guarantees for users, GLIF’s project teams partnered with Consensys Diligence on a rigorous audit of smart contracts. The smart contract audit occurred in 2 parts. First, a 12 person week informal review to go over the security architecture and provide a preliminary code review. Second, a 5 person week formal review. In the formal review, 1 critical, 4 major, and 3 medium issues were found. The GLIF team fixed each issue, and together we helped further secure the protocol.
The Diligence team’s findings are detailed extensively in the public audit report (also available as a PDF). But we’ll highlight some of the findings in subsequent sections—not only to demonstrate the value of approaching auditors before launching a new DeFi protocol in a production environment, but also to highlight edge cases to watch out for when building highly complex DeFi applications like Infinity Pool:
Vulnerability #1: InfinityPool Contract Authorization Bypass Attack
The InfinityPool Contract Authorization Bypass Attack shows how flaws in a smart contract’s precondition checks and access control mechanisms can result in unsafe execution. Here, an attacker could bypass the subjectIsAgentCaller function modifier—which checks the caller’s identity before executing the corresponding function—and gain unauthorized access to functions like the protocol’s borrow function. Without implementing fixes recommended by Diligence’s team of auditors, this vulnerability could have been exploited to drain funds from the pool.
Vulnerability #2: Wrong Accounting for totalBorrowed in the InfinityPool.pay Function
While reentrancy bugs often receive more attention, we’ve often encountered more subtle vulnerabilities with near-equal levels of (adverse) impact on the security of DeFi protocols. Insecure arithmetic operations are a great example—many bad things can happen when a routine calculation, like decreasing a user’s debt in the system, is carried out wrongly.
In the case of Infinity Pool, Diligence auditors discovered one such accounting error that could distort a user’s debt profile and enable malicious actors to borrow more than they should from the system. The GLIF team promptly addressed this issue as outlined in the audit report, averting a potential zero-day exploit in the process.
The full audit report can be found on the audits page and details how our auditors helped GLIF bring DeFi innovation to the Filecoin ecosystem without compromising on security and user safety. To learn more about GLIF, you can visit the website or follow the team on X.
The Consensys Diligence advantage
At Consensys Diligence, we’re in the business of helping blockchain developers build more secure software. Fueling this mission is a crucial fact we learned a long time ago: security of decentralized applications must improve before web3 can reach Internet scale and onboard the next billion users. With this objective in mind, we have worked with some of DeFi’s biggest projects—from liquid staking protocols like RocketPool to lending markets like Aave—to audit mission-critical code and provide useful recommendations for improving smart contract security.
Are you building a new DeFi protocol and want to protect against bugs before launching publicly, or carrying out an upgrade that requires a rigorous reassessment? Complete the interest form, and a member of our team will be in touch shortly.
Visit the Consensys Diligence website to learn more about our services, read the blog for the latest insights in web3 security, and follow us on social media.