[1IP-57] 1inch Security Grant Proposal

Simple Summary.

This proposal seeks funding from the 1inch DAO to improve the security position of the 1inch Network by purchasing 1inch Security, a DeFi compliance bundle soon to be available on the 1inch Dev Portal. 1inch Security consists of (1) security solutions from four market-leading providers – TRM Labs, Blockaid, Blowfish and Etherscan and (2) the services of a forensic investigator. 1inch Security will help identify and block malicious transactions, prevent loss of user funds, and protect the 1inch Network's reputation and products.

Abstract.

1inch security solution consists of two equally necessary components: (1) automated security tools and (2) a blockchain forensic investigator who can quickly react to emerging threats, investigate incidents, monitor reports from the automated tools, and take a holistic approach to security for the Network.

A. Automated Security

1. TRM Labs:

• Address Screening

2. Blockaid:

• dApp Scanning

• Transaction simulation and validation

• Address validation

• Malicious token detection

3. Blowfish:

• Transaction scanning and simulation

• Message scanning

• Domain scanning and blocklist

4. Etherscan:

• Data from the leading Ethereum Block Explorer catered for labeling and fast reactive security actions.

1inch Security intentionally includes overlapping services. Because each provider uses its own sources and methods to analyze blockchain data, using two providers to simulate and validate transactions, for example, solves for any lags or false results from a single provider and gives additional comfort to users.

B. Blockchain Forensics Investigator

Because automated tools cannot always react in real time to emerging threats, intervention from a live person can mean the difference between massive and minimal losses due to hacks and scams. Engaging a blockchain forensic investigator who can blacklist problematic addresses immediately upon discovery, as well as investigate potential false positives using various existing forensic tools (Breadcrumbs, Chainanalysis, OSINT etc.), strengthens the automated compliance layer.

Thus, 1inch security silution includes the services of an experienced blockchain analyst.

Total Grant Value: $400,000 USDC.

Motivation.

The goal of this proposal is to protect users of 1inch Network products and services from malicious actors, and to prevent the use of 1inch Network products and services for illicit purposes.

As a leading DeFi project, 1inch Network sets an example for others. By investing in best-of-class security solutions, 1inch Network solidifies its reputation and brand in the market and beyond.

Specification.

A. Security solutions providers.

1inch Security includes a full suite of leading security tools chosen by 1inch Limited to provide effective defense against illicit activity, scams and hacks.

1. Address Screening [TRM Labs].

This tool screens each user address at the address connect or address transfer entry point. Every interaction with 1inch dApp or 1inch Wallet App tools is monitored and screened. For Legacy Mode swaps, all user addresses that connect to the 1inch dApp are screened. For Fusion Mode and Limit Order swaps, the maker and taker for each settlement, as well as all user wallet addresses that connect to the 1inch dApp, are screened.

2. dApp Scanning [Blockaid and Blowfish].

These tools use a dApp's URL to analyze whether it is safe to use or not, identifies attack types used by a malicious dApp and which chains it operates on, as well as its other Web3 interactions. The Blowfish tool can also automatically block a harmful dApp before a user visits it.

3. Transaction simulation and validation [Blockaid and Blowfish].

Prior to signing a transaction, these tools return a full simulation, including how the transaction will change the blockchain state, the execution flow of the stack, a recommended action based on whether the transaction is safe to sign or not, and reasons why the transaction was flagged.

4. Message scanning [Blowfish].

Prior to showing a message signing interface to the user, this tool evaluates the message itself for markers of malicious intent.

5. Address validation [Blockaid].

This tool assesses an address for risk based on a list of addresses classified as malicious by the provider.

6. Malicious token detection [Blockaid].

This tool scans token addresses, providing an additional layer of security against malicious airdropped tokens.

7. Address labeling [Etherscan].

This tool scans token addresses, providing an additional layer of security against malicious airdropped tokens.

B. Blockchain Forensics Investigator.

The forensic investigator works to improve response time and accuracy in the 1inch Network. First, the investigator monitors the DeFi space for news of any emerging threats, leverages online and community resources to identify bad actors, and requests manual blacklisting of bad actors in the 1inch Network in real time.

Second, the investigator investigates potential false positives identified by automated tools to determine whether blacklisting is justified by the evidence. Automated tools can and do flag innocent users by mistake. The investigator's efforts decrease the chances that an innocent user is locked out of the Network.

Fund Transfer Specification.

If this proposal passes, the 1inch Network DAO will transfer $400,000 USDC to pay for 12 months of services.

The funds will be transferred from the 1inch DAO primary Treasury Wallet to the following [3 of 5] multi-sig wallet: [0x2CE28D66C10EddA4E251c0b170517281a6363C35] of 1inch Labs to further API offering for compliance needs.

Rationale.

Without 1inch Security, users of the 1inch Network will be more vulnerable to malicious actors and the 1inch Network's reputation and brand value may suffer. In addition to protecting users, 1inch Security can identify addresses and transactions connected to illicit activities on blockchain networks. As countries continue to build regulatory frameworks around the use of cryptocurrencies, 1inch Network can show itself to be a leader in compliance and security through its use of 1inch Security.

About TRM Labs.

Founded in 2018, TRM Labs is one of the best known names in blockchain intelligence and analysis. TRM's wallet screening API allows customers to analyze data related to an on-chain transaction for AML or sanctions risks.

About Blockaid.

Co-founded by Ido Ben-Natan and Raz Niv, who served together in Israeli Cyber Intelligence, Blockaid came out of stealth in October 2023 with $33M in funding from Ribbit, Variant, Cyberstarts, Sequoia and Greylock. In September 2023, Blockaid-enabled wallets were prevented from signing transactions with hackers that took over Vitalik Buterin's Twitter account.

About Blowfish.

Headquartered in Switzerland, Blowfish led recipients of global anti-money laundering seed funding in 2022 with $11.8 million from Paradigm and other investors. A team of blockchain industry veterans focuses on transaction security by scanning millions of transactions per week for malware and scams.

About Etherscan.

Etherscan is the leading block explorer and search, API & analytics platform for Ethereum. Built and launched in 2015, Etherscan is one of the earliest and longest-running independent projects built for Ethereum and its community, with the mission of providing equitable access to blockchain data.

Considerations.

1inch Security was configured with the specific tools and providers listed above after considering multiple options. The above tools from TRM Labs, Blockaid, Blowfish and Etherscan were chosen as the optimal bundle of services for the purpose of protecting 1inch Network users, at the most competitive price available.

Offering a compliance bundle of automated tools alone was also considered. Based on experiences with automated tooling, however, the services of a forensic investigator were determined to be a critical component of an effective compliance layer. There is no substitute for a human being on the ground who can make judgment calls, follow leads, and keep an eye on all the moving and shifting parts of DeFi compliance.