Over the past year, Ethereum has seen substantial growth thanks to the rise of DeFi.
One of the biggest reasons for this success is the notion of composability - or the ability to combine multiple products with one another for unique services.
Up until this week, it was difficult to see any glaring issues with composability. However, within the past 7 days, the industry saw two clever attacks in which composability was used to exploit significant arbitrage opportunities to the tune of roughly $1M.
The most interesting part of these exploits (described below) is that there was no breach of code. Rather, the attackers submitted mega-transactions that included a crazy amount of actions to earn profit by leveraging different DeFi tools.
Beneath both of these attacks were a common vector of Flash Loans - or the ability to borrow capital for an extremely small window of time - or in this case, for one block.
In this week’s article, we’ll dive into how Flash Loans are intended to be used, along with analyzing how these attacks used them to “flash-f*ck” DeFi.
-Lucas and Cooper
Flash Loan Use-Cases
As a relatively new concept to the DeFi ecosystem, Flash Loans were created as a way to expedite transactions by batching multiple actions into a single block.
When executed properly, Flash Loans allow users to rebalance a position quickly and effectively - ultimately saving time and costs while providing a safeguard from liquidation penalties.
Smart contracts essentially allow users to borrow capital and repay them in a single transaction by routing different collateral through DeFi protocols.
Flash loans do not require collateral to initiate, meaning they can be used for a wide variety of DeFi uses including but not limited to:
Debt Refinancing - Interest Rate + Currency Swaps
Flash loans are most commonly used by Aave and dYdX, with each varying slightly in their fee size:
In the midst of the EthDenver hackathon, news came out of a potential exploit in bZx and its underlying lending platform, Fulcrum. While it was initially thought to be a direct attack on the smart contract, it became apparent that all protocols involved in the exploit worked as intended - ultimately meaning this “attack” was just a highly sophisticated arbitrage exploit that leveraged flash loans.
Here’s what happened:
Originated a $2.7M flash loan from dYdX
Deposited 5,500 ETH into Compound, borrowing 112 wBTC
Shorted wBTC on bZx
Sold 112 wBTC to trigger short
Paid back Compound loan
Attacker nets ~$353,000
All of this occurred in one single transaction for a fee of less than $10. While the use cases for flash loans have been rather ambiguous within the DeFi community, the recent attack on bZx realized the potential of flash loans within complex arbitrage opportunities in a nascent, and rather illiquid asset class.
A live look at the complexity of the first bZx hack. Graphic via Twitter
Building on the earlier sentiment of this not being a “hack”, a claim was submitted on Nexus Mutual - a decentralized insurance platform - asking to be compensated for the loss.
Seeing as there appeared to be no “technical breach”, Nexus token holders collectively agreed that “No” the claim should not be compensated.
Since then, new information showed that bZx smart contracts were actually exploited - leading to those with covers being compensated to the tune of ~$87,000.
In response to the attack, bZx shared a post-mortem describing the event in detail here.
While one attack on bZx was enough to induce a riot within the DeFi community, once word got out on how it was done, it should come as no surprise that another exploit occurred on the lending platform less than 48 hours after.
Here’s a look at the second exploit:
Attacker took out a flash loan of 7,500 ETH
Traded 3,517 ETH on Synthetix for $940k sUSD
Used 900 ETH to purchase sUSD on Kyber, pushing up the price of sUSD to over $2 on Uniswap
Borrow 6,769 ETH on bZx with sUSD as collateral (the new price allows them to take out significantly more than intended)
Use the borrowed ETH (6,796) and the remaining ETH balance (3,083) to replay the 7,500 ETH flash loan
Attacker nets ~$650,000
The aftermath of the attack resulted in the bZx ETH pool to lose roughly $1.8M while the sUSD pool gained $1.1M, leaving $640,000 to the attacker.
Visualizing bZx Exploit #2. Source via Bloxy
Why This is Good for DeFi
These two exploits show that flash loans may be a problem for DeFi in the coming future. The ability to easily take out a loan of any amount, so long as you pay it back within the same transaction, allows users to capitalize on complex arbitrage and governance exploits.
The above bZx exploit is a prime example of the potential for flash loans within arbitrage opportunities. In terms of governance, it is clear that flash loans could be used to manipulate governance protocols like MakerDAO. By leveraging a flash loan for MKR, users could vote on any proposal with a disproportionate amount of MKR and sway the proposal for their own benefit (rather than the protocol at large).
While this may seem like the end-all be-all for decentralized finance, it actually battle-hardens these protocols to become antifragile. Ultimately, this short-term pitfall is necessary for the long-term growth of DeFi.
Flash loans will force projects to create more defensible mechanisms against these types of attacks. While higher liquidity is the obvious solution for arbitrage exploits, it will be interesting to see how other protocol teams create defenses against these in the future. Uniswap and ChainLink are both aiming to create more robust oracle solutions, effectively mitigating loopholes by using different price oracles to ensure there is no one point of failure by manipulation.
Hayden Adams 🦄@haydenzadamsUniswap V2 includes greatly improved price oracle functionality. Stay tuned for how we achieved this. In the mean time, for a mathematical background and theory on why Uniswap can be a good oracle, this new article by @gauntletnetwork is mandatory reading https://t.co/OR2gzrWbWu
For governance manipulation, it becomes fairly easy to prevent flash loan manipulation by requiring all tokenized votes to be locked for an extended period of time (> 1 block). MakerDAO has already begun initiatives to implement this type of mechanism in order to successfully prevent the protocol from these sorts of attacks.
Despite the recent attacks, it’s worth noting that the community is rallying in spades, effectively searching for different ways to prevent similar exploits in the future.
Emin Gün Sirer@el33th4xorGiven exchange depth, the amounts available for flash loans, and use of DEX price oracles, these results are inevitable.
If one thing is for certain, the recent economic weapons have pushed DeFi protocols to further collaborate - ultimately making composability even stronger in the future.
Over the next few weeks, we’ll be keeping a close eye for any more updates.
Until then, stay safe and don’t get flash f*cked.