Use Case

Many protocols use ether as a collateral asset. If the protocol is exploited, the attacker can drain all the ether from the protocol. Having assertions in place that prevent draining can be helpful to prevent or at the very least slow down the rate at which a protocol is drained.

Explanation

Check that the ether balance of a contract does not decrease by more than X% in a single transaction. Each individual protocol should define their own percentage based on user patterns and expected behavior.

Note: This does not prevent draining from happening, as a somewhat capable attacker would just drain X-1% of the ether in a single transaction. It’s better than nothing and if mitigation is in place it could pause the protocol on a draining attempt.

Code Example

// SPDX-License-Identifier: MIT
pragma solidity 0.8.28;

import {Assertion} from "../../lib/credible-std/src/Assertion.sol";

interface IExampleContract {}

contract EtherDrainAssertion is Assertion {
    IExampleContract public example = IExampleContract(address(0xbeef));

    function fnSelectors() external pure override returns (bytes4[] memory assertions) {
        assertions = new bytes4[](1); // Define the number of triggers
        assertions[0] = this.assertionEtherDrain.selector; // Define the trigger
    }

    // Don't allow more than x% of the total ether balance to be drained in a single transaction
    // revert if the assertion fails
    function assertionEtherDrain() external {
        ph.forkPreState();
        uint256 preBalance = address(example).balance;
        ph.forkPostState();
        uint256 postBalance = address(example).balance;
        if (preBalance > postBalance) {
            uint256 drainAmount = preBalance - postBalance;
            uint256 tenPercentOfPreBalance = preBalance / 10; // Change according to the percentage you want to allow
            require(drainAmount <= tenPercentOfPreBalance, "Drain amount is greater than 10% of the pre-balance");
        }
    }
}
ERC20 DrainFarcaster Message Validity