Bug Hunting Isn’t Enough; DeFi Code Should be Financial-Attack Proof: Quantstamp's Richard Ma
bZX exploits showed financial attack vectors should be included in smart contract audits and tests, Ma said.
|Feb 27, 2020||2|
Hello Defiers! Last week DeFi suffered its biggest test yet: Two exploits worth almost $1 million, which leveraged some of the ecosystem’s most distinctive features, composability and flash loans. As tensions from the very immediate aftermath of those days ease, it’s time to think about some of the deeper lessons the space can take from these exploits. One of the best people to do this is Richard Ma, CEO of security firm Quantstamp, which has helped deploy blockchain solutions managing $1 billion worth of assets.
Ma, who started Quantstamp after investing in The DAO and suffering the effects of vulnerable code first hand, believes vulnerabilities like the ones exploited last week can be minimized with smart contracts audits. Contrary to what some have argued, they were not strictly financial attacks. These types of attacks aren’t new though. Ma was a high-frequency trader before founding Quantstamp, and he makes parallels with traditional finance, as well as with other crypto attacks. The difference, he says, is that projects now need to be sturdy enough to account for the fact that, thanks to flash loans, now negligible capital is needed to manipulate markets, versus hundreds of thousands of dollars before. Read his column below, it’s a good one!
Both paid and free subscribers receive full guest posts, but paid subscribers get them hours early. Paid subscribers also get complete access to The Defiant content and archive. Join the club! Subscribe now at $10/month, $100/year, or 70 Dai on this link.
DeFi’s Double-Edged Sword
By Richard Ma, Quantstamp co-founder and CEO
Composability allows for DeFi projects to leverage one another to create powerful new functionality. However this composability also introduces more risk.
A vulnerability in one DeFi application can have an impact on all the other projects that use it. Even if one of these money legos does not have an obvious vulnerability in its design, it may be mis-used.
These issues have existed for a while, but have been made easier to exploit through the introduction of flash loans. While flash loans themselves do not introduce new vulnerabilities, they level the playing field for attacks which previously required large amounts of capital.
The bZx Attacks
Recently, there were two attacks involving the bZx protocol facilitated by flash loans.
In the first attack, a bug in bZx’s margin logic allowed the attacker to use leveraged ETH to artificially push up the price of WBTC on Uniswap. The attacker then used WBTC previously borrowed at market value from Compound to profit from the inflated price on Uniswap.
In the second attack, bZx relied on Uniswap (through KyberSwap) as a price oracle for valuing collateral within the bZx system. After pushing up the value of sUSD, this allowed the attacker to take out a loan that was valued at way more than the market value of sUSD collateral. The attacker profited by keeping the loan and abandoning the bZx position.
Flash Loans Reduce the Barrier of Entry for Financial Attacks
Before the introduction of flash loans, these financial attacks still existed, but they required access to large financial reserves to be profitable. Now, anyone with the technical capability can pull off attacks such as market manipulation which usually require large amounts of funds.
In December of 2019, a similar type of financial attack was performed on the Synthetix exchange by a hacker who manipulated the price of MKR while holding directional trades on Synthetix. This attack required about $340,000 ($62,600 in MKR, $163,125 in long MKR, $115,275 in short MKR). If the attacker had used smaller amounts, he wouldn’t have been able to move the price much relative to the liquidity in the Uniswap pool, and he wouldn’t have made much money. In comparison to that attack, which required hundreds of thousands of dollars, the bZx hacks which used flash loans required just $8 in transaction fees in the first case, and $110 in the second case.
These attacks and even flash loans have parallels in traditional finance. Just like there are flash loan attacks in DeFi, traditional finance also has similar tactics. When I was working at Tower Research, each trading desk was allocated a pool of capital, but if we saw a particularly juicy opportunity, we could borrow tens of millions of dollars to take advantage of it.
For the bZx attacks, from a trading perspective they can be viewed as arbitrage opportunities between the rate of assets on one platform, and the rate after causing massive slippage on a DEX. The attacker is using flash loans to close that arbitrage.
The other aspect of flash loans which I think is underappreciated is they make it easier to profit from these attacks by reducing the amount of illicit funds which need to be obfuscated.
A financial attack like this is basically illegal, so to pull it off, an attacker needs to obfuscate the origin of their funds. As exchanges now almost all uniformly implement KYC, this can be quite difficult for any attack requiring a large amount of capital.
Now, with flash loans, attackers have instant access to a large pool of capital which is returned at the end of the attack, so the only funds they need to obfuscate is the gains from the exploit. This vastly simplifies the logistics for executing and profiting from an attack.
Previously when we advised clients on possible financial attack vectors, it was mostly theoretical, but flash loans now make them much more likely and accessible.
Security Can’t be an Afterthought
Move slow, and test things. For all smart contracts but especially for DeFi applications, security best practices need to be taken, including audits, testing, monitoring, and having emergency procedures ready. Progressive rollouts are also a good idea so that security issues can be spotted when the cost of an attack is still relatively small.
Besides auditing the code for bugs and implementation issues, financial attacks such as oracle manipulation also need to be analyzed. This is especially true as DeFi grows and these money legos handle more assets.
Financial Attacks Should Be Part of Smart Contract Audits
People say that the bZx attacks are primarily financial attacks outside the scope of smart contract audits, but I disagree. Even considering the second attack which did not take advantage of a missing sanity check, oracle attacks and economic vulnerabilities should absolutely be considered as part of smart contract audits.
With DeFi especially, the composability of these apps means that financial attack vectors need to be carefully considered.
While these attacks have highlighted weaknesses in some of the current DeFi systems, they also show us what needs to change for DeFi to grow stronger. We believe the industry will learn from these attacks and develop a better security culture as a result.
We also want to thank the work of altruistic actors such as Samczsun. His discoveries, research, and collaborations with DeFi projects have helped teams proactively address security issues and have helped the industry improve its security practices.
The Defiant is a daily newsletter focusing on decentralized finance, a new financial system that’s being built on top of open blockchains. The space is evolving at breakneck speed and revolutionizing tech and money. Sign up to learn more and keep up on the latest, most interesting developments. Subscribers get full access at $10/month or $100/year, while free signups get only part of the content.
Click here to pay with DAI.There’s a limited amount of OG Memberships at 70 Dai per annual subscription ($100/yr normal price).
About the author: I’m Camila Russo, a financial journalist writing a book on Ethereum with Harper Collins. (Pre-order The Infinite Machine here). I was previously at Bloomberg News in New York, Madrid and Buenos Aires covering markets. I’ve extensively covered crypto and finance, and now I’m diving into DeFi, the intersection of the two.