FLASH LOAN ATTACKS
TABLE OF CONTENT
FLASH LOAN ATTACKS
WHAT ARE FLASH LOANS?
Imagine traditional loaning where the lender loans out money to someone in need (the borrower) and then the borrower eventually pays out the money at the agreed time with a said amount of interest. But unlike traditional loaning, Flash loans are based on smart contracts enabled by blockchains in a case where the borrower must pay back the loan before the transaction ends. Unusual right? There’s no limitation on the borrowing amount as long as you can repay back. Flash Loan is also accessible easily to anyone without complicated censorship. They are usually instantaneous and unsecured. Flash loans have been popularized in recent times because they have been used to exploit various DeFi protocols. This brings us to the next point.
THE DREADED FLASH LOANS ATTACKS
Flash loan attacks have become common because they are the cheapest and they only take seconds to occur even though they may involve several DeFi protocols. Usually, the attacker manipulates the borrowed flash loan amount by using a series of on-chain protocols to generate a lot of money into a stolen asset before paying it back. Some Flash loan attacks include a series of sophisticated steps in one attempt, while some others show a trend to repeat simple steps to gather profits. The role AMM (Automated Market Maker) plays is different from one another. In most Flash Loan attack events, AMM acts as an oracle providing prices to other DeFi protocols, so that attackers shift their target to the oracles and then they can manipulate the exchange or borrowing ratios of certain tokens that rely on the oracle.
EXAMPLES OF FLASH LOAN ATTACKS
- bZx Pump Attack
- bZx Oracle Attack
- Balancer Attack
- Harvest Attack
- Cheese Bank Attack
- Akropolis Attack
- Value.DeFi Attack
- OUSD Attack
- Warp Finance Attack
THE IMAGE BELOW SHOWS A LIST OF PREVIOUS ATTACKS, THE DATE IT OCCURRED, THE LOAN PROVIDER, THE DeFi PROTOCOL USED, AND THE PROCEED.
Source: Flashot: A Snapshot of Flash Loan Attack on DeFi Ecosystem
For the purpose of this article, I’ll be looking into two (2) of the previously stated attack and how they occurred:
- THE HARVEST ATTACK
On October 26th, 2020, an attacker exploited the Harvest Finance protocol. The Cryberthife stole $24M (other sources say $26.6M) of USDT and USDC tokens from the USDC vault and the USDT vault of Harvest Finance.
The attacker used 4 actions. The action comprises the function “exchange_underlying” which requires 4 parameters. The first two parameters identify the token to swap (1 for USDC and 2 for USDT), the third parameter specifies the quantity to swap, and the last parameter specifies the minimal quantity expected to receive from the swapping. The first action swapped 10,554,172 USDC to 10,537,272 USDT in Curve Y Pool, which raised the USDT/USDC exchange rate. The second action deposited 49,972,546 USDC into the USDC vault using the function deposit and due to the reduced evaluation of invested underlying assets, the attacker received about 51,543,825 fUSDC back. The attacker’s third action was to exchange 10,564,726 USDT for 10573194 USDC, with this, USDT/USDC rate was manipulated. The last thing the attacker did was to withdraw a total of 50,319,524 USDT (equivalent to 51543825 fUSDC) from the USDC vault.
Let’s assume the market prices of USDC and USDT are both equal to 1 USD, the adjusted profit of the above attack vector would be 338,448 in USD. This type of attack is called “oracle manipulation’’. The exploiter tampered with the USDT/USDC rate in Curve Y Pool by swapping a large amount between USDC and USDT back and forth, this resulted in Harvest Finance protocol wrongly evaluating the value of its underlying asset, leaving large arbitrage space for the exploiter.
- bZx PUMP ATTACK
At the start, the attacker borrowed a total of 10,000 ETH from dYdX’s flash loan pool and divided the asset into three parts. The first part, a total of 5,500 ETH, was deposited to Compound’s lending pool as collateral in order to borrow 112 wBTC. On the other hand, the attacker got cDAI to be used to redeem the collateral later. After this, the attacker deposited the second part of the flash loan, which amounted to a total of 1,300 ETH, to bZx’s vault as collateral in order to short the ETH to be in favor of wBTC at a 5x leverage by calling bZx’s smart contract. The internal process of the margin trade was handled automatically by bZx protocol. To carry out the order, bZx’s smart contract borrowed about 4,698.02 ETH from its iETH Vault and swapped about 5,637.62 ETH to 51.346 wBTC at the DEX Uniswap through a router 25 called Kyber. Since Uniswap is an automated market maker (AMM) the price deviation from the initial price will increase sharply with the trading volume in a swap transaction, this gives the attacker a chance to manipulate the market.
Seeing Uniswap was low on WBTC liquidity, the price of the asset went up. The attacker pumped the average price of wBTC at Uniswap by three times and got some derivative-like tokens. To take advantage of the price spread between Uniswap and other markets, the attacker immediately swapped the 112 wBTC that was borrowed from Compound back to 6871.413 ETH at a ratio of 61.35, which is about 1.67 times 36.83. The attacker merged 6,871.413 ETH with the remaining third part, 3,200 ETH, and repaid 10,000 ETH directly. Meanwhile, he owned 274,843.68 cETH, which can be used to redeem the collateralized ETH in Compound after paying back the borrowed 112 wBTC plus interest. He also had 1,300 ETH deposited in bZx’s vault as a margin and a position of 51.346 wBTC in the margin trade. He could close the position by burning sETHwBTC5x in his address as long as it was not liquidated. In the end,75 transactions were executed in several subsequent blocks to pay back 112 wBTC and redeem ETH. 57 of them were actively sent by the attacker. Finally, the attacker was able to steal 1244.106 ETH which was about $ 330K at the then-market price.
HOW TO PREVENT THESE FLASH LOANS ATTACKS?
- High-frequency pricing update: increasing the frequency of the number of times the liquidity pool queries an oracle for a fresh price can help prevent the attack. The idea is that with more updates, the price of a token within the pool would get updated faster and invalidate the price manipulation.
- Using Flash loan attack detection tools: From my research, OpenZeppelin has recently launched a program called OpenZeppelin Defender that enables the owners to know about smart contract exploits and other unusual activity, which would allow them to respond swiftly and neutralize attacks.
- Time-weighted Average pricing: The common thing has been to use the mean to calculate the price in the liquidity pool. TWAP advises using the averaging of prices across multiple blocks. With this, the flash loan attacks will work as the entire sequence of attacking transactions to be processed within that block but the TWAP cannot be manipulated without manipulating the entire Blockchain.
In sum, it can be deduced that Flash loans have been popularized in recent times because they have been used to influence multifarious DeFi protocols. Also, Flashloan attacks are becoming more popularized due to the easily accessible nature of Flashloans. Worthy of note, more precautions have to be taken by the Flashloan providers to ensure that borrowers pay as soon as a transaction is completed.
Cao, Y., Zou, C., & Cheng, X. (2021). Flashot: A Snapshot of Flash Loan Attack on DeFi Ecosystem. arXiv. https://doi.org/10.48550/arXiv.2102.00626.
Chen, Z., Beillahi, S. M., & Long, F. (2022). FlashSyn: Flash Loan Attack Synthesis via Counter Example Driven Approximation. arXiv. https://doi.org/10.48550/arXiv.2206.10708.
“Flash Loans 101: Features, Types, and How To Prevent Flash Loan Attacks”. Umbrella Network. https://medium.com/umbrella-network/flash-loans-101-features-types-and-how-to-prevent-flash-loan-attacks-6ea5f9386fa.