Flash loan attacks and how DEOR protects against them
Let’s take a look at flash loan attacks and how DEOR protects against them
Flash loan attacks have been one of the worst attacks DeFi platforms could experience and many platforms have lost a significant amount of assets from these attacks.
What is a flash loan?
A flash loan is a loan that’s given to an individual or entity that is completely uncollateralized, meaning there is no backing for this loan. A flash loan consists of three major steps. In step one, the loan is taken, in step two that loan is used and in step three, the loan is paid back. If this all happens within the same transaction, it’s called a flash loan.
Even though the loan has to be paid off within the same transaction that the money was lent out, the second step of a flash loan is the dangerous part. A flash loan could just be a normal part of a financial settling process that’s completely benign, but if it’s used with malicious intent and the objective is to drain assets as a result of manipulation then it’s a flash loan attack.
Let’s take a look at one of the most famous examples: the two flashing attacks that happened on bZx.
In the first attack, around 10 million dollars worth of ETH was lent out on the DeFi platform dydx and that money was split in half. Half of the ETH was used as collateral to gain more wrapped BTC on Compound and then the other half of the money was used to pump the price of wrapped BTC on kyber network. kyber network uses Uniswap to fulfill the orders and because the liquidity on Uniswap was not very high, the price pumped very quickly. The person who had leveraged their ETH on Compound, as well as the wrapped BTC that they got from the kyber network, was able to dump the wrapped BTC for a much higher price and made a profit of over 1000 ETH which was drained out of bZx.
The second attack was a little bit more complex. A coin with much less liquidity was targeted this time, specifically sUSD, which is synthetic US dollar, a stable coin. The attacker flash borrowed 7500 ETH from bZx, took a portion of that money and pumped the price of sUSD on kyber network, whose oracle is used on bZx. Since kyber didn’t have that much sUSD, it did not require too much to manipulate the price, and the price doubled. A stable coin that should have gone for one dollar (which was actually going for one dollar in other places) jumped to two dollars on kyber, simply because kyber didn’t have that much liquidity. The attacker then used the remaining portion of the money as a collateral to gain a large amount of sUSD on the open market, which still valued sUSD at one dollar. With this large amount of sUSD that had been acquired, the attacker did a collateralized borrow of ETH against sUSD on bZx.
If sUSD was still valued at one dollar, they would have just gotten the ETH equivalent of their assets, but because bZx relies on the price oracle of kyber (which was reporting a price of two dollars for sUSD) suddenly the sUSD that the attacker bought at one dollar was worth twice as much, so the attacker repaid the loan and made over 2300 ETH, all of which was drained from the bZx protocol.
An article on Hacking, Distributed shows us each step in the transactions in detail:
Other protocols like yearn finance, Balancer, Harvest.finance etc. also suffered from similar flash loan attacks. The problem is that these attacks leverage the differences between various protocols and these protocols don’t communicate with each other. They are very isolated and they all rely on separate oracles on sampled populations, so they don’t reflect the real world data. This is really the crux of the issue. As long as DeFi continues to work in silos and the oracles reflect those individual silos, attackers will be able to manipulate the oracles from which the smart contracts rely on.
Flash loan attacks are not a disease of DeFi, they’re a symptom of a much more serious issue: The centralized oracle issue.
How does DEOR help?
To really understand how DEOR makes a change here and also provides an extra layer of security against these sort of attacks, it is important to understand how DEOR works.
DEOR is a data aggregation oracle. When a smart contract requires information, it pulls data from multiple independent oracles and in the end, DEOR provides an aggregated result to a smart contract. When data is aggregated from multiple independent sources, you no longer have the problem of silos, which are local platforms or localized pools that can be manipulated. With DEOR, even if one single pool is manipulated, other oracles from other pools still reflect true data and this way the negative impact of a single manipulated oracle is diluted.
Even if multiple oracles were to be affected due to some black swan event, DEOR’s voting mechanism can also dynamically adjust the weights and reputation of oracles within the aggregator. This provides a very rapid way of determining which oracles are behaving properly and which aren’t.
The reputation system for DEOR records and publishes user ratings of oracle providers and nodes, allowing users to evaluate oracle performance holistically. The following metrics will initially be used the reputation system:
- Total number of assigned requests: The total number of past requests that an oracle has agreed to, both fulfilled and unfulfilled.
- Total number of completed requests: The total number of past requests that an oracle has fulfilled.
- Total number of accepted requests: The total number of requests deemed acceptable by calculating contracts compared with peer responses.
The reputation score also affects the rewards for true voting oracles. New oracles will get a reputation level of 5. It will be relatively easy for an oracle to reach level 4, but it will get harder and harder to reach higher reputation levels. Details on how the reputation score limits are calculated for each reputation level is explained in our whitepaper.
In case of a large massive blockchain devastating event, where multiple oracle systems are targeted, DEOR provides an extra layer of protection, because in addition to its aggregation, DEOR also uses a randomizer function, which randomly assigns oracles to an aggregation. This way, not every aggregation instance uses the exact same oracles and not all oracles are in every aggregation. The randomizer function will be explained in detail in a future article.
In summary, flash loan attacks have drained significant funds from DeFi protocols and if left unchecked they form a major liability to the growth of DeFi.
DEOR solves this problem by introducing data aggregation from multiple independent sources, a randomizer function and a dynamic reputation system where DEOR holders can vote on the reputation of oracles and determine which oracles are suitable and have valid data.
