Cyber Security and DeFi

Brief introduction to cyber threats in DeFi

The DeFi (Decentralized Finance) sector has seen a surge in popularity in recent years, with a growing number of projects seeking to disrupt traditional financial systems. Despite their potential for providing financial access to underserved populations and promoting financial freedom, DeFi projects have become increasingly susceptible to security threats such as hacks, scams, and flash loan attacks. These security issues are largely due to the absence of central regulation, lack of security auditing, and the complexities associated with the underlying blockchain technology. In this article, we will discuss the current state of DeFi and the reasons behind the rise in security threats in the DeFi ecosystem.

In the summer of 2020, there was a significant increase in interest in the potential of decentralized finance (DeFi) as the total value locked in DeFi projects rapidly grew from $1 billion to $12 billion. Many projects were quickly launched during this time, prioritizing speed and ease of use over security. As a result, these projects were vulnerable to attacks which often exploited the economic functionality of the project. Decentralized capabilities such as voting, arbitrage, and flash loans were frequently used as attack methods by malicious actors.

This article aims to provide an overview and mapping of the types of security threats facing decentralized finance (DeFi) projects by cataloging the vulnerabilities previously exploited by attackers.

This article outlines work done in Kris Oosthoek’s 2021 paper “Flash Crash for Cash: Cyber Threats in Decentralized Finance” which presents a framework that structures the narrative around threat mitigation within DeFi. It is modeled using the concept of a stack because threats on one layer instigate risk to other layers.

Attack types According to Architecture Stack

Oosthoek summarizes attack types based on the architecture stack:

The DeFi Protocol Layer:

This constitutes the business layer of DeFi. DeFi protocols suffer from two major categories of attacks, Protocol attacks and Market attacks, which we focus on below.

The Smart Contracts Layer

Smart contracts are exploited through weaknesses in code written in Solidity and Vyper. A total of four protocols in the dataset were exploited due to vulnerabilities in code as shown in the figure. Smart contract vulnerabilities can be mitigated through safe coding practices such as the use of libraries, community-audited token implementations, and third-party auditing. The latter is often an inadequate measure as the most recent bZx exploit showed that two audit firms reviewed bZx’s code, but failed to find the vulnerability. Besides locating weak Solidity code, audits must also analyze the business and financial logic or review for “economic security”.

The Ethereum Virtual Machine (EVM) Layer

The EVM layer is the consensus layer of the Ethereum architecture. Attacks to the EVM layer exploit the dynamics of the Ethereum blockchain.

An example of one such attack is on the Maker Protocol, which congested the mempool with worthless transactions having low gas fees. Then, the attacker placed zero bids on Maker’s ETH auction and paid nominal gas fees to cause a delay that allowed them to front-run their malicious transactions. Fortunately, Maker responded to the attack by extending the duration of an auction to six hours.

Here are a few EVM layer attack examples:

• Reentrancy attacks: In this type of attack, a malicious contract can repeatedly call another contract, potentially draining funds from the target contract. Impact: Funds theft from vulnerable contracts. Mitigation: Use of checks-effects-interactions pattern, properly checking the reentrancy possibility, and use of decentralized exchange contracts.
• Short address attack: In this attack, a contract is deployed at an address with less than 20 bytes, allowing an attacker to overwrite it with their malicious contract. Impact: Hijacking of funds in vulnerable contracts. Mitigation: Contract developers can use libraries like “Safe Math” to prevent overflow and underflow errors, and also validate the input address length.
• Transaction-Ordering Dependence (TOD) attacks: In this attack, the attacker manipulates the order of transactions to manipulate the state of a contract and steal funds. Impact: Funds theft from vulnerable contracts. Mitigation: Use of strict token-transfer functions and properly coding the smart contract to prevent race conditions.
• Denial-of-Service (DoS) attacks: In this attack, the attacker sends a large number of requests to the Ethereum network, overloading it and causing a delay or failure of normal transactions. Impact: Unavailability of services and delay in transactions. Mitigation: Use of contract design patterns to reduce gas consumption, implementing block gas limits, and utilizing load balancers to distribute the load.

The Internet Layer:

The Internet is the infrastructure on which Ethereum is built. Routing threats such as DNS spoofing, but also threats such as phishing, key-stealing malware and social engineering attempts on users acquiring tampered hardware wallets, put users of DeFi projects and their funds at risk. Token-based project governance is promising although it requires control over majority holdings by the admin team to avoid collusion.

The Most Common Security Threats Facing DeFi

1. Smart contract vulnerabilities: DeFi applications are built on top of smart contracts, which are self-executing contracts with the terms of the agreement written directly into code. Smart contract vulnerabilities can be exploited by hackers to steal funds or manipulate the system.
2. Phishing scams: Phishing scams are a common threat in the crypto space, where hackers impersonate legitimate DeFi projects or individuals to trick users into revealing their private keys or sending funds to the wrong address.
3. Flash loan attacks: Flash loan attacks occur when a hacker borrows a large amount of funds for a very short period of time and uses them to manipulate the market or steal funds from other users.
4. Oracle attacks: Oracles are used in DeFi to provide real-world data to smart contracts. Oracle attacks occur when a hacker is able to manipulate the data provided by an oracle in order to exploit a vulnerability in a smart contract.
5. Market manipulation: As with any financial market, there is a risk of market manipulation in DeFi, where traders with large amounts of capital may use their power to influence prices and take advantage of other traders.

It’s important to keep in mind that security threats are a dynamic and ever-changing landscape, and new threats may emerge as the technology and the DeFi ecosystem evolves. It’s always a good idea to stay informed about the latest security risks and to take steps to protect your funds and personal information.

Recent Attacks

Market Attacks

Oosthoek found that Market attacks make up 50% of attacks. They are achieved by exploiting weaknesses in the code used by DeFi protocols. Also that flash loan funded attacks have been particularly prevalent, representing 90% of market attacks. These attacks involve swapping large amounts of tokens on decentralized exchanges, causing drastic changes in asset prices for protocols that rely on these exchanges. This creates artificial arbitrage opportunities that allow malicious actors to gain significant profit. Flash loans were often used in these attacks to trigger substantial liquidity changes and facilitate large loans.

• In February 2020, bZx, a platform for margin trading and lending, was targeted in two consecutive attacks. In these attacks, flash loans were used to manipulate the prices of wBTC and sUSD. This was made possible through the use of a single price oracle as a means to carry out the attack.
• Similarly, Akropolis also fell victim to a flash loan-funded attack, where an unchecked token whitelist for price oracle input handling was exploited, allowing the attacker to drain the platform’s 2 million DAI holdings via a vulnerability in the deposit handling process.
• Cover Protocol Hack (2021): A group of hackers exploited a vulnerability in the Cover Protocol smart contract to mint an unlimited amount of its native token, resulting in the theft of over $8 million worth of cryptocurrencies.
• Other market attacks include the manipulation of the rebase mechanism of SoftYearn. After manipulating the rebase, the attacker sold their tokens for the previous price knowing that Uniswap’s token price did not account for the rebase.

Protocol Attacks

Protocol attacks target individual protocols with the goal of gaining partial or full control over the protocol’s governance. A total of six protocols had vulnerabilities, out of which two were exploited by adversaries, and the rest were discovered by security researchers.

• The September 2020 attack on bZx enabled malicious actors to create and transfer tokens to themselves in order to artificially inflate their token balance.
• In addition to this, Opyn, a protocol for trading Ethereum-based options, was also attacked. The attack was made possible by a vulnerability in its contract that allowed for double-spending of tokens due to a faulty loop function.
• Additionally, security researchers uncovered vulnerabilities in the governance of Maker, AirSwap, and Nexus Mutual. Maker and AirSwap had weak implementations of digital signature algorithms while the vulnerability in Nexus Mutual were of other nature.

Concluding remarks:

The Decentralized Finance (DeFi) ecosystem has grown rapidly in recent years, providing new financial opportunities for many people. However, with this growth has come an increase in security threats. DeFi projects are vulnerable to attacks such as smart contract exploits, phishing, and EVM layer attacks. These attacks can result in significant financial losses for DeFi users, making it important for them to stay informed about the latest security risks and take steps to protect their funds and personal information. To mitigate these risks, DeFi projects should implement best practices in smart contract development, user education, and platform security. Additionally, DeFi users should be vigilant and take steps to protect their personal information, such as using strong passwords and enabling two-factor authentication. It is also recommended to keep a close eye on the latest security news and to follow security experts on social media to stay informed about emerging risks.