So bZx just got flash attacked *again*, just after they announced the postmortem on the previous one. Unlike that attack, this one was pure oracle manipulation—didn't even require a logic bug. Details are still hazy, but there are three interesting takeaways for me (THREAD)
1) Flash loans are mostly useful for attacks.
Flash loans were originally sold as "anyone can use these for arbitrage! So cool!" But most arbitrage is not capital constrained—most arbs are small—and flash lending adds extra gas overhead which the serious arbitrageurs won't use.
Flash loans were originally sold as "anyone can use these for arbitrage! So cool!" But most arbitrage is not capital constrained—most arbs are small—and flash lending adds extra gas overhead which the serious arbitrageurs won't use.
So who is actually capital constrained? We just learned—mostly attackers / oracle manipulators. And of course! Who else would be able to put $25M to work and bring it home in a single transaction? (Hint: it's probably not a $25M arbitrage...)
2) Most of this stuff is poorly tested. The mental models we have for attacks are naive. Many audits come back with "a sufficiently resourced attacker could do X", and it's ignored because, yeah, what *couldn't* a sufficiently resourced attacker do?
(And it's a fair point!)
(And it's a fair point!)
Now flash loans will be like re-entrancy. It'll be so embarrassing to get attacked by them that everyone will double and triple check their threat model. We'll come up with new best practices around this.
3) The more complexity in your protocol, the more surface area for attack. Kyber, bZx, all these protocols that interweave with each other become as weak as the weakest among them.
All developers understand the danger of too many dependencies. DeFi is just now learning the same.
All developers understand the danger of too many dependencies. DeFi is just now learning the same.
I'm curious if flash lending might get removed from some protocols. I think people will realize that it mostly enables mischief, and the large DeFi protocols may consolidate against it. But even still, there will always be flash lending pools out there that will do it for a fee.
It's still early. There are going to be lots of attacks, things will blow up, way worse than what happened to bZx. Failure is a necessary step in learning. But at least all of this learning is happening out in the open, with other builders able to benefit from it. FIN
An additional lens to think about flash loans: now a smart teenager in some random country can pore over any DeFi contract and if they find a single-transaction attack, it's theirs for the taking.
It turns capital into a commodity. It's like Shodan for DeFi.
This may end badly.
It turns capital into a commodity. It's like Shodan for DeFi.
This may end badly.
Final thought: flash loans are great for attackers because they minimize taint spillover. If I bring several million worth of my own ETH to manipulate an oracle, all of that ETH is now tainted along with my attack proceeds. It's really hard to get the rest of my money out.
In a flash loan, only the proceeds are tainted. If I can't cash it out, oh well, it's only upside. Even if I have the capital to perform the attack myself, the security model of exchanges means I might not want to risk it.
With flash loans, that risk is gone.
With flash loans, that risk is gone.
Loading suggestions...