In light of the recent 2nd bZx incident, it’s important to reflect on the situation in hindsight and implement precautions to future protocols so that this may never happen again.
On February 18, 2020 an attacker exploited the oracle dependency on Kyber’s decentralized exchange (DEX) price feed in the bZx smart contract. It allows the collateralization of an artificially overvalued sUSD to borrow a large number of ETH. The attacker ended up profiting from the attack.
We are close with the bZx Team having hosted DeFi Drinks during Osaka Blockchain Week and maintaining constant communication afterward. We believe in the team’s capabilities. They have a great chance to recover and emerge stronger as the only true decentralized finance protocol that uses a robust decentralized price feed.
A Quick Recap on What Happened
- A flash loan of 7,500 ETH was split to 2 parts
- First, 3,518 ETH was used to buy sUSD at ~$1
- Second, 900 ETH was used to buy sUSD on Kyber and Uniswap inflating the price over $2.
- Once sUSD went up in price, the attacker borrowed 6,796 ETH using the sUSD that’s originally worth 3,518 ETH as collateral on bZx.
- Pay back the flash loan and take home the profit of 2,378 ETH
The total profit from this sequence of events was $636,000 at the time. This was possible because bZx smart contract logic relies on Kyber (DEX) spot price as the reference to determine collateral needed to borrow ETH.
Exploits Related To Using DEX Price Feeds
DEX enables an on-chain market where smart contracts can facilitate trades between tokens — like any market, price discovery depends on a process called arbitrage which allows the prices of tokens traded across multiple markets to stay relatively equal. While this is also common practice in centralized exchanges, there’s one key difference for DEXs, on-chain trades can be atomic (events happen in the same transaction).
In centralized exchanges like Binance, arbitrages happen in microseconds to find a fair market price. For example, if someone tries to inflate the price of ETH/USDT by purchasing a lot of ETH with USDT, other users and bots will purchase ETH from other markets and sell against the price rise.
However, in decentralized exchanges where atomic swaps are possible, a malicious actor can pump the ETH price while simultaneously calling a smart contract function to dump it back down without losing anything except the exchange fee — all in one transaction.
Anyone with sufficient capital can manipulate and exploit DEX prices at anytime.
Issues with Using DEX Spot Prices on DeFi
- Risk-Free Attacks
Due to the atomic nature of decentralized exchanges, if the attack fails, the attacker doesn’t lose anything except a small exchange fee.
- DEX’s Insufficient Liquidity
Empowered by the recent innovation of flash loans, prices on DEX’s are easier to move with large capital.
- Code is Law
Technical products, especially open-source ones which have their code exposed, are governed by parameters and logic set by the developers. For example, as an attacker, you will know exactly how much price will move on DEX’s and calculate their attack accordingly.
Mitigating Risk Exposure to Oracle Exploits
With around $1 Billion in value locked up in DeFi protocols, we cannot risk exposure to any grey or black swan events. It’s a collective responsibility to keep the ecosystem healthy and most importantly keep the end-users safe.
Decentralized oracles such as Band Protocol, ChainLink, Tellor, Witnet and UMA all differ by design and play a role in covering different attack vectors. At a vanilla level, decentralized oracles eliminate the common single point of failure problem that having a centralized data feed creates. For example, purely relying on a price feed from CoinMarketCap makes a protocol just as susceptible to hacks.
Using Band Protocol’s decentralized community-curated oracle allows users to specify how data is sourced and aggregated from a consortium of data providers as opposed to consuming a spot price in its raw form.
However, in software development, bugs and services outages are inevitable. Relying on just one oracle is not the best idea either. We always encourage all our partners to work with at least a couple of Oracle services at the same time to minimize the risk of Oracle failure or hack.
Oracles can be used in tandem with each other to reduce risk exposure to multiple attack vectors.
Techniques for Mitigating Issues with Price Oracles
- Don’t Use DEX Spot Price
This one goes with out saying — let’s learn from the recent mistake, especially with flash loan that allows anyone to borrow capital at virtually no cost.
- Use Time-Weighted Price/Volume
Prices or transaction volume can be averaged over time, i.e. taking the median price from the past 10–20 blocks from DEX or 5–10 seconds from CEX to defend against the possibility of ‘flash exploits’. Some DEX such as Uniswap will offer aggregated price function soon. Band Protocol support customizable price aggregation through programmable Oracle Scripts.
- Detect Price Anomalies
Band Protocol can be implemented additionally as an external oracle to detect abnormal price movements. For example, Band can detect if a price on a DEX has moved more than 10% within a few blocks and its deviation to other referenced data point to then halt trading until monitored and controlled.
- Use Multiple Points of References
Band oracles can retrieve prices from both centralized and decentralized exchanges to draw a consensus. By doing so, the oracle is able to simultaneously query and aggregate the data for safe consumption.
- Use Multiple Oracles
Oracles are not mutually exclusive. Choosing to work with multiple oracles can prevent catastrophic events from happening. It doesn’t hurt to play safe when it comes to smart contract deployment.
We would be very happy to help any project or developer integrate our secure #blockchain agnostic decentralized oracle whether it’s engineering support or financially through our grants program.
About Band Protocol
Band Protocol is a decentralized oracle framework for Web3.0 applications. Band Protocol connects smart contracts with trusted off-chain information, provided through community-curated oracle data providers. Blockchains are enabled to connect to any web API with assured data integrity through dPoS economic incentives through one simple function call. Developers using Band Protocol will be able to easily build and manage off-chain oracles, reputation scores, identity management systems and much more.