How Tezos timelocks help protect DeFi transactions

Keeping your financial information private is critical because bad actors can exploit breaches in privacy and use that information to their advantage.

For example, if someone overhears you planning to buy a lot of stock, they can buy the same stock for themselves cheaply before your order raises the price, in an attack known as front-running or a sandwich attack.

How can we avoid this kind of attack in DeFi, where information about upcoming financial transactions is public by default? One answer is Tezos timelocks, which encrypt transactions until it’s too late for anyone to anticipate and attack them.

Extractable value (EV/MEV) attacks #

In DeFi, we call these kinds of information-driven attacks extractable value (EV) attacks or maximal extractable value (MEV) attacks because they steal value from someone else’s transaction. EVs happen in two main ways:

• Bots watch the network and see someone submit a large DeFi transaction. If a bot is fast enough and offers a high transaction fee, it can get its own transaction in before the original transaction is finalized.
• When block producers see a large transaction, they add their own transaction earlier in the block than the large transaction so it runs first. This is called a block producer extractable value (BPEV) attack because the block producers are taking advantage of the transactions that they are adding to blocks.

Some DeFi users try to prevent EV attacks by paying high transaction fees to get their transactions finalized faster. They also set low slippage tolerance so their orders get canceled if prices change too much.

However, both of these methods waste gas on fees and aren’t guaranteed to prevent attacks. They also reduce trust in the system because transactions become more of a guess or a proposal than a commitment to do something.

Tezos provides a much more reliable way of preventing EV attacks by hiding transactions in an encrypted vault called a timelock.

Preventing EV attacks with timelocks #

Timelocks allow users to commit to transactions without revealing what they committed to do in advance. Users send encrypted transactions to a dapp that runs them in the order that they were submitted.

After the transactions are included in the blockchain and put in order in the dapp’s queue, users provide the decrypted versions along with evidence that they match the original encrypted transactions.

If they don’t provide the decrypted version, other users can eventually decrypt it and see what the original user committed to do. This way, the transactions are put in order before anyone can see what they are going to do.

Timelocks let you make a transaction without anyone knowing what you are doing in advance.

Timelocks have a specific duration based on how long it takes a single computer to decrypt the transaction. That duration is typically only a few minutes or less because that’s enough time to finalize a transaction and prevent EV attacks.

This duration is based on the time it takes for a single computer to decrypt the commitments because the decryption algorithm can’t be parallelized. That means that computers can’t easily work together to decrypt it and that adversaries cannot break it even with significant computing power. That feature makes timelock encryption secure but short-lived.

How DeFi apps can use timelocks #

Suppose a DeFi dapp wants to prevent EV attacks when users submit transactions. It accepts transactions that are encrypted with timelocks and fulfills them in sequential order, based on when it received them. This is the basic flow:

1. A user sends a timelock-encrypted transaction to the dapp.
2. The dapp adds the transaction to its queue before anyone can see what the transaction is. To everyone else, including bakers, bots, and the dapp itself, the transaction looks like this: “My account commits to buy [encrypted] amount of [encrypted] token.” (Really, the entire transaction can be encrypted, including the account and whether it’s an order to buy, sell, or do some other action, but this is just an example.)
3. No one else can decrypt the transaction quickly, so they can’t take advantage of it in an EV attack.
4. The user submits the decrypted transaction and the proof that the decryption is accurate to the dapp.
5. The dapp fulfills the decrypted transactions in its queue in the order that they were submitted.

That’s the happy path: the user submits an encrypted transaction and the dapp fulfills it before anyone else can get in front of it. But what happens if the user doesn’t provide the decrypted transaction, such as if prices change and the transaction doesn’t look profitable anymore?

Timelocks are designed to be broken #

To prevent users from stalling for market changes or not following through on their commitments, a DeFi dapp immediately starts trying to break the encryption on timelocked transactions. If it breaks the encryption before the user voluntarily decrypts it, the dapp collects a penalty charge from the user’s transaction for making it waste processing power on decrypting it. Then it fulfills the penalized transaction as usual.

In practice, DeFi users nearly always submit their decrypted transactions before anyone else decrypts them. They don’t want to pay the penalty and they know how long it will take the dapp to break the encryption.

Having to encrypt and decrypt transactions is a small price to pay for the assurance that users can make buy and sell orders fairly, without bots jumping ahead to take advantage of their information. Users also save money because they don’t have to pay high fees for fast processing or multiple fees for transactions that fail due to low slippage tolerance.

Unlike other methods of encryption, timelocks are designed to be short-lived, allowing dapps to decrypt and run transactions relatively quickly. In contrast, without timelocks, users might never decrypt their transactions if they don’t look as good financially now as they did when they submitted them.

Timelocks are secure financial commitments #

In this way, Tezos timelocks ensure that DeFi orders are real commitments to make transactions while hiding information about them until it’s too late for users and bots to take advantage of them. They are a way to build the same security and trust we expect in traditional financial applications into decentralized finance.

Learn more #

• For more information about using timelocks to prevent BPEV attacks, see Timelock: a solution to miner/block producer extractable value
• If you’re a dapp developer and want to try implementing timelocks yourself, Benjamin Fuentes provides an example in How to Use Timelocks in Ligo.
• The Taquito SDK has a timelock feature that is currently in beta.
• For more conceptual information about how timelocks work, see Timelocks on opentezos.com.
• For technical documentation on timelocks, see Time-lock in the Octez documentation.