Golden Observation | Flash loan attack has become the norm in DeFi.How can we avoid it?

Entering November, there have been 6 flash loan attacks in the DeFi field.

On November 17, the Origin Protocol stablecoin OUSD was attacked by flash loans, and the price has dropped to $0.13. The attack caused Origin Protocol to lose a total of $2.25 million in DAI and $1 million in ETH. Since then, OUSD liquidity in Uniswap has dropped from $350,000 on the 16th to $120,000. Aave founder Stani Kulechov said, “If you are a protocol developer, start reviewing the code now to avoid similar flash loan vulnerabilities.” Origin Dollar had not responded to questions for comment by press time.

Golden Morning News | January 6 Overnight Important Updates: 21:00-7:00 Keywords: Turkey, Telecom, Grin, Segregated Witness

1. Turkish regulator plans to speed up its bitcoin and cryptocurrency oversight efforts.

2. Hunan Telecom: It has never launched and authorized any third-party company to launch products such as "5G mining card" and "Simcoin".

3. Grin will undergo a hard fork around January 15th and release Grin Wallet 3.0.0.

4. Segregated Witness SegWit accounted for 66% of Bitcoin transactions.

5. BTC is now at $7,359, up 0.27% in the past 24 hours, with a market value of $133.297 billion. [2020/1/6]

On Nov. 17, Cheese Bank, an Ethereum-based DeFi platform, recently suffered a $3.3 million loss due to a hack. It is reported that hackers use the flash loan vulnerability to instantly borrow, exchange, deposit and borrow a large number of tokens again. Thus, they can artificially manipulate the price of a specific token on a single exchange (e.g. Uniswap, Curve). Value DeFi and Akropolis have recently suffered similar DeFi hacks, blockchain security firm PeckShield said in a blog post on Monday.

Analysis | Golden disk: ETH daily bottom divergence is forming: Comprehensive analysis of the golden disk: ETH has been trading sideways for 3 days below $200, and the K-line combination shows that the resistance cross star continues to be closed here, and from the MACD, the divergence is forming. If there is no further dive in the market, the probability of forming a bottom divergence is high, and the market volatility has intensified recently. Investors are requested to remain rational and do a good job of risk control. [2018/9/11]

On November 15, the Value DeFi protocol was hacked on Saturday and $7.4 million in DAI was stolen, and $2 million was subsequently returned. It is reported that the attacker performed a flash loan attack, borrowing 80,000 ETH from the Aave protocol. Flash loans allow users to borrow funds instantly, as long as they repay within one transaction block, meaning users can take advantage of unsecured loans. As part of the exploit, the attackers refunded $2 million to Value DeFi and kept $5.4 million for themselves, according to available network data.

Live report of Golden Finance and Economics Ye Zuyan, Co-Founder and COO of Chain Finance and Economics: Recognize one’s own positioning and develop service capabilities: Golden Finance’s live report, at the 2018 FINWISE Tokyo Fun Wisdom Summit, carried out the "Role Positioning of Blockchain Media in the Digital Era" as the Ye Zuyan, the co-founder and COO of Lianxiang Finance, pointed out in the roundtable forum on the topic: Emphasizing blockchain service capabilities is an area where Lianxiang Finance is good at and has successful experience. In the future, it will deepen its strengths and serve readers and customers. [2018/5/22]

On November 12, the DeFi lending protocol Akropolis was attacked by cyber hackers. Akropolis founder and CEO Ana Andrianova said the attackers used flash loans on derivatives platform dYdX to carry out a reentrancy attack, causing a loss of $2 million.

On November 1st, yearn.finance (YFI) disclosed a new flash loan security vulnerability. The vulnerability was reported by security researcher Wen-Ding Li through Yearn’s security vulnerability disclosure process on October 29th. This bug was removed. According to the disclosure, the flash loan attack may bring security risks to the TUSD vault funds. At present, this problem has been fixed, and the TUSD vault has been stopped from deploying funds. Funds are currently safe and users do not need to take any action.

What is a flash loan? Why flash loan attacks have become the norm in the DeFi field?

Chengdu Lian'an introduced Jinse Finance: "Flash loan refers to a loan method realized by using the rollback feature of blockchain transactions. Users can borrow a huge amount of money at very low interest without collateral. Users You only need to repay the loaned money and interest in the same "transaction". Lightning loan is a new loan model that does not exist in traditional finance. It allows perpetrators to leverage huge Because it is a new thing, many projects do not fully consider this risk when designing. Flash loan itself is not a loophole. Flash loan attack refers to an attack that uses a combination of flash loan and other vulnerabilities, mostly for arbitrage , price manipulation and other attacks.”

As Marc Zeller of DeFi protocol Aave puts it, flash loans are just a tool: they allow you to act like a whale during a transaction. Any attack performed via flash loans can also be performed without flash loans by well-funded holders. What a flash loan can do is temporarily make anyone in the world a well-capitalized holder, because there are no permits required to obtain a flash loan, and there are no pre-collateral requirements.

It is precisely because of this that the project party should consider such extreme situations when designing business logic. If you don't understand this, you can find a professional audit agency to audit.

Wan Hui, founding partner of Primitive Ventures, said: "All the operations of the lightning loan attack are on the chain. Excellent learning process.”

Tags：

DOGE