Flash Loans — How Exploiters Attacked Vulnerabilities In The System
How exploiters attacked vulnerabilities of new types of decentralized financial products (also called DeFi) to enrich themselves.
For the German version of this article, visit Vickys blog on her website 1st Level. “Flash Loans — Betrug mit Blitzkrediten”.
For the purpose of better understanding how such fraud can occur, basic terms are explained in advance.
What are Flash Loans and other services like Staking and Lending in the DeFi-Space?
Flash Loans are unsecured credit transactions that are repaid in one and the same transaction.
The process is based on the so-called lending model, where cryptocurrencies are lent out in exchange for an interest rate.
In a similar model, staking, the cryptocurrencies of the “lender” are usually held in a wallet (digital wallet) or locked for a certain period of time to support the processes or stability of a blockchain network.
In all models, lenders of cryptocurrencies are, in return, rewarded for their contribution. This is comparable to interest on a savings account which rarely exists anymore today.
Another advantage of these new products is that they are much more decentralized and therefore also cheaper and more profitable than the old credit and savings products of the banks, as they completely cut out the middleman in this context. Such digital processes are enabled by the use of so-called smart contracts, e.g. based on the Ethereum blockchain. Some processes related to DeFi can run completely automated. This is enabled by specifically programmed platforms that connects borrowers and lenders, such as Aave.
Further, borrowers of flash loans do not have to post collateral because, as mentioned earlier, the collateral is programmatically established by the smart contract. The contract is programmed so that the lender automatically receives back the amount x plus the agreed upon interest according to predefined parameters. This contract can also be traced on the blockchain.
By the way, misleading in the description of flash loans is the term “unsecured”. This strongly implies that the use of a flash loan is linked to uncertainty, which is fundamentally not the case. On the contrary, collateralization of the loan is not even necessary, because all terms and conditions are governed by a predefined contract (“smart contract”). If the borrower fails to repay the amount borrowed, the contract is automatically unwound and the lender is credited with the amount. This process is also known as an “atomic swap”. The borrower cannot manipulate anything at this point. (Unless there is an error in the code). Why, despite this layer of security, fraud still occurs from time to time in connection with Flash Loans is explained later in this article.
First and for a better understanding, it is necessary to explain how a DeFi loan is issued on, for example AAVE:
AAVE offers its own token with the same name on its decentralized lending platform. (This is also tradable and stakeable, by the way).
In a pool, the platform’s smart contract used for this purpose collects various cryptocurrencies from potential lenders.
Borrowers can withdraw capital (cryptocurrencies) from this pool based on the specified conditions. The processes for this action must take place within a single Ethereum block. As mentioned above, the smart contract controls all processes and the transaction is processed automatically. The lender receives his borrowed capital back as soon as the respective conditions in the smart contract are fulfilled.
In the process of a Flash Loan, the borrower takes out a loan and pays it back within a few seconds in the same Ethereum block.
Areas of use for Flash Loans:
- When quickly and easily exchanging one cryptocurrency for another.
- In arbitrage transactions, i.e. when prices differ on different crypto exchanges, as borrowers can use them to make profits. Namely, borrowers can borrow cryptocurrencies through a flash loan and buy a cryptocurrency on an exchange with a lower price. Then, the same currency is sold on another exchange with a higher price. Afterwards, the borrower repays the flash loan and benefits from the profit. (At the same time, this process stabilizes the crypto market, as discrepancies in prices of cryptocurrencies on different exchanges can be evened out).
- The process can also be useful for self-liquidation as a flash loan can be taken out for the short-term increase of ones own collateral. For example, if users have borrowed the stablecoin DAI for ETH and the value of ETH drops, it may make sense to borrow DAI via a flash loan, pay off the loan, and get their own ETH back.
- Flash loans can contribute significantly to improve the security situation for crypto transactions. Repaying loans or collateral on other platforms can also be lucrative through low-cost flash loans, as borrowers can switch from expensive loans to low-cost loans as a result.
Risk of manipulation:
Unfortunately, however, Flash Loans can also be abused to attack DeFi protocols in order to steal cryptocurrencies.
This is possible because there is no central control function in these decentralized financial platforms as there is in banks, which otherwise usually intervene quickly in the event of criminal activity.
Secondly, because smart contracts not programmed according to best practices use only one centralized price Oracle and price data is not pulled from multiple exchanges as recommended.
Many DeFi platforms are working diligently to address these vulnerabilities but large-scale fraud has still occurred in the past. For example on the DeFi platform Beanstalk in April 2022.
Developers should certainly obtain their price feeds from Chainlink or similar oracles with the same trust status, which allow obtaining price data from multiple trusted data sources.
Users should therefore be sure to check beforehand whether the platform works with only one Oracle or with several.
How is such fraud possible in concrete terms?
The vulnerability of Flash Loans is, most likely, primarily in the detection of correct prices of the cryptocurrencies used. By manipulating prices, hackers were able to successfully launch multiple attacks even after the DeFi platform detected the initial attack. Many flash loans use stablecoins such as DAI and USDC. In the attack on the DeFi platform, the attackers successfully manipulated the price of these stablecoins on the platforms they used.
Often, DeFi project developers use only one price oracle as a reference rate for their protocols. As a result, attackers only need to manipulate a single price oracle to influence prices.
(Price oracles are third-party services that allow smart contracts to obtain external price data outside of their ecosystem).
In essence, when attacking a price oracle, exploiters create artificial arbitrage opportunities by lending, exchanging, depositing, and re-lending large numbers of tokens at lightning speed.
An example of a flash loan-funded attack on a DeFi lending and borrowing protocol using a DEX*-based price feed follows this flow:
- The exploiter borrows a large amount of token A from a protocol on which flash loans are possible.
- He exchanges token A for token B on a DEX (This lowers the price of token A on the DEX and increases the price of token B).
- The exploiter deposits the purchased token B as collateral with a DeFi protocol that uses the above DEX as the only price feed and uses the manipulated price to borrow a larger amount of token A than would originally be possible.
- The exploiter uses a portion of the borrowed A-tokens to repay the original flash loan in full and keeps the remaining tokens to make a profit from the protocol’s manipulated price feed.
- As the prices of tokens A and B on the DEX revert to the true market-wide price, the DeFi protocol is left with an under-collateralized position. (The debt is worth more than the collateral), directly harming innocent users).
- A DEX is a decentralized exchange platform for digital assets.
Many DeFi protocols obtain their price data from centralized price oracles, which are easy targets for such attacks. If DeFi projects would use decentralized oracle solutions, the risk could be significantly reduced.
In principle, by the way, it would be possible for any person with enough capital to carry out such an attack without using a flash loan. Unfortunately, with the invention of flash loans, anyone could now, theoretically, become a whale (whale = person or entity that owns a lot of crypto assets) for a few seconds and thus execute an attack, which is what makes it so risky.
Since some of the DeFi projects have very low liquidity, this situation also favors manipulating the prices, thereby exploiting arbitrage opportunities.
Exploiters can also exploit vulnerabilities in the code of smart contracts or in the app of a decentralized financial project (dApp) that allow them to borrow more money than they put up as collateral.
Further potential risks:
- Insufficient liquidity in the DeFi protocol or DEX can lead to problems with mass selling, e.g. panic selling when the market fluctuates strongly and many investors need or want to sell their cryptocurrencies.
- This, in turn, can mean implications for global financial stability (macroeconomic impact).
- Stablecoins are largely based on the US dollar (there is no EU stablecoin yet!) and thus promote dependence on the US.
- Inadequate regulation or oversight in certain countries possibly enabling criminal activity such as money laundering or terrorist financing.
- Tax ambiguity.
- Internal risks: developers and admins of the protocols could misuse their knowledge and programming expertise.
Want to learn more about decentralized finance? Visit the Decentralized Finance website: https://dezentralizedfinance.com/ or bitkom: https://www.bitkom.org/Bitkom/Publikationen/Decentralized-Finance-A-new-Fintech-Revolution
In a “zero trust” model, the principle of “never trust, always verify” is recommended. This means independently analyzing the execution logic of the smart contract (contract protocol) and checking for correct execution.
This requires coding skills and is therefore not feasible for everyone.
However, there are developer communities that sift through and analyze open source protocols (e.g.https://www.quora.com/How-does-Ethereum-makes-sure-their-is-no-malware-smart-contract-running-in-the-Blockchain-network).
The following companies specialize in smart contract audits, which increase the security and trustworthiness of a Web 3.0 project initially and on an ongoing basis:
- Trail of Bits (https://www.trailofbits.com)
- OpenZeppelin (https://www.openzeppelin.com)
- Obelisk Auditing (https://obeliskauditing.com)
Other possible security measures:
Importantly, Certora invented, continues to develop, and provides a tool that enables the specification of the smart contract and does not focus directly on audits.
Comparable to an architect who adheres to specific ISO standards, except that with Certora you can write your own ISO standards and ensure that they are adhered to in the resulting Smart Contract.
Tiberium provides the front end or infrastructure on which the nodes are run, if applicable. Tiberium checks the nodes for vulnerabilities, but this only addresses part of the security needed in the DeFi domain.
Author’s note: For better readability, the collective term “cryptocurrency” is used for the terms “coins” and “tokens”.