Flash loans have been garnering a lot of attention lately. And not in a good way.
On November 17, it was announced on Origin Protocol’s Twitter page that they had been hacked. The origin of the exploit would turn out to share striking similarities with the driving force behind four other attacks. The victims were Akropolis, Harvest, Value, and Cheese Bank.
These attacks were, to put it lightly, phenomenal. With each attack, there is a penniless assailant instantaneously borrowing hundreds of thousands of dollars worth of ETH. In doing so, they would integrate it into a chain of vulnerable on-chain protocols. What follows is an extraction of stolen assets and then using it to pay back their ETH loans.
All of this would happen in an instant. That is to say, the occurrence took place within a single Ethereum transaction. Unsurprisingly, such events would go on to draw more attention to the topic of flash loans.
The rise of DeFi
‘Decentralized finance’ (aka. DeFi) takes cryptocurrency’s promise of making money and payments universally accessible a step further. It envisions a global, open alternative to every financial service and have it be accessible to anyone worldwide. Savings, loans, trading, insurance, you name it; anyone can use it.
Defi has gained significant value this past year. To be exact, the total value locked (TVL) in DeFi nowadays exceeds $14 billion. At the same time, various DeFi platforms are becoming victims of flash loan attacks. On top of that, there are so many new DeFi projects that are making their debut. So much so that it is quite difficult to properly keep track of them all. For that matter, there are plenty of DeFi supporters who claim these platforms provide greater privacy. However, several examples prove that almost everything can be seen on-chain linking Ethereum addresses to identities. Similarly, linking those addresses companies.
The issue with DEXes
Blockchains, as well as smart contracts, make the promise of building trading ecosystems that are fair and transparent. Unfortunately, the day that promise is met has not yet come to pass. There is documentation of the widespread and continuous rise in deployment of arbitrage bots in blockchain systems. Specifically, in ‘decentralized exchanges’ (aka. DEXes).
Similar to high-frequency traders on Wall Street, these bots capitalize on DEX inabilities. Moreover, they exploit high transaction fees and the optimization of network latency to frontrun. In other words, they anticipate and ultimately exploit the DEX trades of ordinary users.
When you first look at it, DEXes come across as having an ideal design. They initially appear to offer users with both effective price discovery and fair trading. What’s more, doing so while eliminating the drawbacks that are common with centralized exchanges.
Trades under atomic execution by a smart contract and are visible on the Ethereum blockchain. This effectively provides the appearance of utmost transparency. Funds are impossible to steal by the exchange operator. This primarily due to their custody and exchange logic going through processing by the smart contract. At the same time, smart contracts guarantee this logic.
Nothing is perfect, though. Despite the benefits, many DEXes also come with one noteworthy weakness. That being on-chain trades with smart contract mediation are slow.
Crypto Arbitrage Bot
The crypto arbitrage bot is just one of many options available to investors to help maximize their performance. Cryptocurrency arbitrage bots operate on a specific set of rules. Ones that, by design, carry out automated trades with no need for interference from human users. All in all, they are a handy, not to mention powerful, tool in round-the-clock trading.
Traders have the ability to create strategies with the power to achieve profits consistently. With this, they can free themselves from the pain of directing a platform to perform identical processes over and over. However, a cryptocurrency arbitrage bot is different in that it makes hundreds or thousands of intricate decisions. And it can do so in the same timespan that the average human makes about one or two.
This type of trading is purely algorithm-based. What this means is that there are zero emotional issues present that could potentially disrupt it. All the bots do is execute their pre-set strategies as per requirement and they continuously do so.
What is a flash loan?
Now, what exactly is a flash loan? The coining of the concept’s name was by Marble Protocol back in 2018. At the time, Marble was marketing itself as a “smart contract bank.” Its product was a DeFi innovation that was quite simple, yet brilliant: zero-risk loans by way of a smart contract.
Before moving forward, let’s go over what an ‘unsecured loan’ is. This is a loan where there is no need for you to put forward any collateral. Basically, you cannot agree to give the lender an asset if you do not repay the loan.
With that in mind, it’s not uncommon for some to refer to a flash loan as an unsecured loan. The reason behind this is that you don’t provide collateral. Additionally, you don’t need to pass something like a credit check. All you need to do is ask the lender if you can borrow $50,000 in ETH and they will give it to you.
There is, however, a catch. You need to repay a flash loan in the same transaction. When you think about it, that arrangement is not very intuitive. In actuality, that is only because we are accustomed to a conventional transaction format. Traditionally, funds move from one user to another. Think of it like how you pay for goods or services or when you deposit tokens into an exchange.
To summarize, your flash loan is atomic. Should you fail to pay back the loan, then the whole thing will revert back to the way it was. It will be as though the loan never took place.
Cryptocurrency – and by extension DeFi – is a field that thrives on being incredibly experimental. With a lot of money on the line, it’s only a matter of time before the inevitable discovery of exploitable vulnerabilities. In the case of Ethereum, there is no bigger example of this than the infamous DAO hack of 2016. A large number of protocols have since fallen victim to 51% attacks for financial gain.
According to a PeckShield report on the Cheese Bank attack:
“In the string of attacks, we have seen malicious actors use flashloans to instantaneously borrow, swap, deposit and again borrow large numbers of tokens so they can artificially manipulate the price of a specific token on a single exchange (e.g., Uniswap, Curve).”
With this foot in the door, the attacker can abuse the exchange’s “anomalous pricing.”
Why do they happen?
Overall, there are two key reasons as to why attackers find flash loans to be especially attractive:
- Most attacks usually require a large amount of up-front capital (ex. oracle manipulation attacks). If you are earning a positive ROI on $10 million worth of ETH, it is most likely not arbitrage. In fact, you are probably up to no good.
- Flash loans drastically downplay taint for attackers. Suppose you have an idea of how to go about manipulating an oracle with $10 million of ether. Even if you own that much, you might not want to risk it with your own capital. Your ETH will get tainted, exchanges will in turn reject your deposits, and laundering will be difficult. Clearly, it is too risky. However, if you take out a flash loan for $10 million, then it doesn’t matter; it is basically all upside. The collateral pool of the dYdX platform will not technically be tainted because that’s where your loan comes from. Furthermore, the taint on dYdX will eventually evaporate.
As hard as it is to accept, exchange blacklisting is part of today’s blockchain security model. It is overall very centralized. But it’s an important reality that informs the calculus behind these attacks.
Centralized Oracles vs. Decentralized Oracles
Speaking of oracles, it is important to understand the difference between centralized oracles and decentralized oracles. From there, we can see how bots take advantage of the former to conduct flash loan manipulations on DeFi protocols.
Centralized oracles function as a single entity. One that provides data coming from an external source to a smart contract that operates with a security feature set. These particular oracles are under the control of one entity and are the sole provider of information for smart contracts. The way it works is similar to the traditional financial system. To be specific, where a single entity holds all of the responsibilities. Because of this, it suffers from a bottleneck problem. In other words, a single point of failure..
These oracles possess an incredibly simple architecture. Moreover, there is considerably less investment when it comes to infrastructure and maintenance. Despite the protection they provide against game theory attacks, they are vulnerable to corruption and various attacks.
Decentralized oracles, meanwhile, do not depend on a single source of truth. Therefore, these types of oracles reinforce the authenticity of the information going to smart contracts. What sets it apart from centralized oracles is that they rely on numerous external sources. What’s more, their core intent is to achieve trustlessness. It fully utilizes the ShellingCoin mechanism, where all the independent sources report the data. And they do so without ever coordinating with each other.
This mechanism is not without its vulnerabilities, though. It is susceptible to an array of complications, some of which include collusion between parties, signaling, and even bribing.
So, what does this all mean?
It’s difficult, as well as too soon, to tell if flash attacks will fade out in the near future. With how relentless and common they are, it would appear that this mindset is too optimistic. The bottom line is that things are definitely going to change, for better or for worse.
From the perspective of protocols, flash attacks equate to the threat model soon changing. When falling victim to a flash attack following the hacks from recent years, it can come across as embarrassing. Your reputation is on the line in the world of crypto.
Now, at equilibrium, the extraction of the flash attacks should be done by miners. In an ironic twist, this will serve as an obstacle in the way of flash attacks. This is because it will render the attackers unable to monetize the discovery of these burdens and vulnerabilities. In this sense, what is even the point of an attack if there are no benefits?
Maybe in time, miners will solicit attack codes via private channels. What’s more, perhaps they will pay the potential attacker a finder’s fee. Technically speaking, this could be done in a trustless manner with the use of zero-knowledge proofs.
At this point in time, though? This all resides in science fiction territory. It’s obvious that miners are not doing this right now. For the time being, flash loans are looking to be a common occurrence; perhaps the new normal.