DeFi’s Double-Edged Sword

Quantstamp Announcements
March 4, 2020

Composability allows for DeFi projects to leverage one another to create powerful new functionality. However this composability also introduces more risk. 

A vulnerability in one DeFi application can have an impact on all the other projects that use it. Even if one of these money legos does not have an obvious vulnerability in its design, it may be mis-used. These issues have existed for a while, but have been made easier to exploit through the introduction of flash loans.

While flash loans themselves do not introduce new vulnerabilities, they level the playing field for attacks which previously required large amounts of capital. 

The bZx Attacks

Recently, there were two attacks involving the bZx protocol facilitated by flash loans.

In the first attack, a bug in bZx’s margin logic allowed the attacker to use leveraged ETH to artificially push up the price of WBTC on Uniswap. The attacker then used WBTC previously borrowed at market value from Compound to profit from the inflated price on Uniswap. 

In the second attack, bZx relied on Uniswap(through KyberSwap) as a price oracle for valuing collateral within the bZx system. After pushing up the value of sUSD, this allowed the attacker to take out a loan that was valued way more than the market value of sUSD collateral. The attacker profited by keeping the loan and abandoning the bZx position. 

For more reading on these vulnerabilities we recommend reading Peckshields’ walkthroughs of the first and second attacks.

Flash Loans Reduce the Barrier of Entry for Financial Attacks

Before the introduction of flash loans, these financial attacks still existed, but they required access to large financial reserves to be profitable. Now, anyone with the technical capability can pull off attacks such as market manipulation which usually require large amounts of funds.

In December of 2019, a similar type of financial attack was performed on the Synthetix exchange by a hacker who manipulated the price of MKR while holding directional trades on Synthetix. This attack required about $340,000 ($62,600 in MKR, $163,125 in long MKR, $115,275 in short MKR). If the attacker had used smaller amounts, he wouldn’t have been able to move the price much relative to the liquidity in the Uniswap pool, and he wouldn’t have made much money. In comparison to that attack which required hundreds of thousands of dollars, the bZx hacks which used flash loans required just $8 in transaction fees in the first case, and $110 in the second case.

These attacks and even flash loans have parallels in traditional finance. Just like there are flash loan attacks in DeFi, traditional finance also has similar tactics. When I was working at Tower Research, each trading desk was allocated a pool of capital, but if we saw a particularly juicy opportunity, we could borrow tens of millions of dollars to take advantage of it. 

For the bZx attacks, from a trading perspective they can be viewed as arbitrage opportunities between the rate of assets on one platform, and the rate after causing massive slippage on a DEX. The attacker is using flash loans to close that arbitrage. 

The other aspect of flash loans which is underappreciated is it makes it easier to profit from these attacks because it reduces the amount of illicit funds which need to be obfuscated. 

A financial attack like this is basically illegal, so to pull it off, an attacker needs to obfuscate the origin of their funds. As exchanges now almost all uniformly implement KYC, this can be quite difficult for any attack requiring a large amount of capital.

Now, with flash loans, attackers have instant access to a large pool of capital which is returned at the end of the attack, so the only funds they need to obfuscate is the gains from the exploit. This vastly simplifies the logistics for executing and profiting from an attack. 

Previously when we advised clients on possible financial attack vectors, it was mostly theoretical, but flash loans now make them much more likely and accessible.

Security Can’t be an Afterthought

Move slow, and test things. For all smart contracts but especially for DeFi applications, security best practices need to be taken, including audits, testing, monitoring, and having emergency procedures ready. Progressive rollouts are also a good idea so that security issues can be spotted when the cost of an attack is still relatively small.

Besides auditing the code for bugs and implementation issues, financial attacks such as oracle manipulation also need to be analyzed. This is especially true as DeFi grows and these money legos handle more assets. 

Financial Attacks Should Be Part of Smart Contract Audits

People say that the bZx attacks are primarily financial attacks outside the scope of smart contract audits, but I disagree. Even considering the second attack which did not take advantage of a missing sanity check, oracle attacks and economic vulnerabilities should absolutely be considered as part of smart contract audits. 
With

DeFi especially, the composability of these apps means that financial attack vectors need to be carefully considered. 

Growing Pains

While these attacks have highlighted weaknesses in some of the current DeFi systems, they also show us what needs to change for DeFi to grow stronger. We believe the industry will learn from these attacks and develop a better security culture as a result. 

We also want to thank the work of altruistic actors such as Samczsun. His discoveries, research, and collaborations with DeFi projects have helped teams proactively address security issues and have helped the industry improve its security practices. 

This article originally appeared in The Defiant, DeFi's top daily newsletter.

--

For more Quantstamp news or anything QSP crypto or QSP coin related, check out Quantstamp Reddit and QSP Twitter.


Quantstamp Announcements
March 4, 2020

Composability allows for DeFi projects to leverage one another to create powerful new functionality. However this composability also introduces more risk. 

A vulnerability in one DeFi application can have an impact on all the other projects that use it. Even if one of these money legos does not have an obvious vulnerability in its design, it may be mis-used. These issues have existed for a while, but have been made easier to exploit through the introduction of flash loans.

While flash loans themselves do not introduce new vulnerabilities, they level the playing field for attacks which previously required large amounts of capital. 

The bZx Attacks

Recently, there were two attacks involving the bZx protocol facilitated by flash loans.

In the first attack, a bug in bZx’s margin logic allowed the attacker to use leveraged ETH to artificially push up the price of WBTC on Uniswap. The attacker then used WBTC previously borrowed at market value from Compound to profit from the inflated price on Uniswap. 

In the second attack, bZx relied on Uniswap(through KyberSwap) as a price oracle for valuing collateral within the bZx system. After pushing up the value of sUSD, this allowed the attacker to take out a loan that was valued way more than the market value of sUSD collateral. The attacker profited by keeping the loan and abandoning the bZx position. 

For more reading on these vulnerabilities we recommend reading Peckshields’ walkthroughs of the first and second attacks.

Flash Loans Reduce the Barrier of Entry for Financial Attacks

Before the introduction of flash loans, these financial attacks still existed, but they required access to large financial reserves to be profitable. Now, anyone with the technical capability can pull off attacks such as market manipulation which usually require large amounts of funds.

In December of 2019, a similar type of financial attack was performed on the Synthetix exchange by a hacker who manipulated the price of MKR while holding directional trades on Synthetix. This attack required about $340,000 ($62,600 in MKR, $163,125 in long MKR, $115,275 in short MKR). If the attacker had used smaller amounts, he wouldn’t have been able to move the price much relative to the liquidity in the Uniswap pool, and he wouldn’t have made much money. In comparison to that attack which required hundreds of thousands of dollars, the bZx hacks which used flash loans required just $8 in transaction fees in the first case, and $110 in the second case.

These attacks and even flash loans have parallels in traditional finance. Just like there are flash loan attacks in DeFi, traditional finance also has similar tactics. When I was working at Tower Research, each trading desk was allocated a pool of capital, but if we saw a particularly juicy opportunity, we could borrow tens of millions of dollars to take advantage of it. 

For the bZx attacks, from a trading perspective they can be viewed as arbitrage opportunities between the rate of assets on one platform, and the rate after causing massive slippage on a DEX. The attacker is using flash loans to close that arbitrage. 

The other aspect of flash loans which is underappreciated is it makes it easier to profit from these attacks because it reduces the amount of illicit funds which need to be obfuscated. 

A financial attack like this is basically illegal, so to pull it off, an attacker needs to obfuscate the origin of their funds. As exchanges now almost all uniformly implement KYC, this can be quite difficult for any attack requiring a large amount of capital.

Now, with flash loans, attackers have instant access to a large pool of capital which is returned at the end of the attack, so the only funds they need to obfuscate is the gains from the exploit. This vastly simplifies the logistics for executing and profiting from an attack. 

Previously when we advised clients on possible financial attack vectors, it was mostly theoretical, but flash loans now make them much more likely and accessible.

Security Can’t be an Afterthought

Move slow, and test things. For all smart contracts but especially for DeFi applications, security best practices need to be taken, including audits, testing, monitoring, and having emergency procedures ready. Progressive rollouts are also a good idea so that security issues can be spotted when the cost of an attack is still relatively small.

Besides auditing the code for bugs and implementation issues, financial attacks such as oracle manipulation also need to be analyzed. This is especially true as DeFi grows and these money legos handle more assets. 

Financial Attacks Should Be Part of Smart Contract Audits

People say that the bZx attacks are primarily financial attacks outside the scope of smart contract audits, but I disagree. Even considering the second attack which did not take advantage of a missing sanity check, oracle attacks and economic vulnerabilities should absolutely be considered as part of smart contract audits. 
With

DeFi especially, the composability of these apps means that financial attack vectors need to be carefully considered. 

Growing Pains

While these attacks have highlighted weaknesses in some of the current DeFi systems, they also show us what needs to change for DeFi to grow stronger. We believe the industry will learn from these attacks and develop a better security culture as a result. 

We also want to thank the work of altruistic actors such as Samczsun. His discoveries, research, and collaborations with DeFi projects have helped teams proactively address security issues and have helped the industry improve its security practices. 

This article originally appeared in The Defiant, DeFi's top daily newsletter.

--

For more Quantstamp news or anything QSP crypto or QSP coin related, check out Quantstamp Reddit and QSP Twitter.


Assess your DeFi project for Vulnerabilities
Get a DeFi Audit
November 11, 2020

Quantstamp Community Update - October 2020

‍Audit of Ethereum 2.0 client Teku, blockchain insurance, Open DeFi, virtual events, and more media coverage... here’s what happened at Quantstamp in October.‍

November 5, 2020

Why Bitcoin is Capturing Enterprise Attention

MicroStrategy made headlines this summer as the first publicly-traded company to buy Bitcoin as part of its capital allocation strategy. Since then, other companies have followed suit. Learn how current economic conditions and the unique properties of Bitcoin have driven these decisions.

October 28, 2020

Formally Verifying Hedera Hashgraph's Stablecoin Framework

Quantstamp created and formally verified a specification for Hedera Hashgraph stablecoins. This simplifies the process of creating safe stablecoins and also makes easier for partners to safely integrate them.

October 27, 2020

Quantstamp Completes Audit of 2nd ETH 2.0 Implementation

Quantstamp has now completed its audit of Teku, the Ethereum 2.0 client developed by ConsenSys. Quantstamp also audited Prysm by Prysmatic Labs.