DeFi has taken the world by storm with its limitless possibilities and applications. This report looks at several common DeFi attack vectors and mitigation measures, including price oracle manipulation, replay attack, and rug manipulation.
Main theses
- Decentralized finance (DeFi) has caused a stir in the world due to its limitless possibilities and applications. According to DeFi Pulse, the industry as of June is 1600 g. surpassed $ billion Total Reserved Value (TVL).
- DeFi protocols have become an attractive target for hackers because the open and immutable nature of smart contracts makes hacks difficult to prevent. As of June 1600 d. in the last 8 months due to hacks and exploits, assets were stolen for more than $200 million A growing number of attacks could slow down widespread DeFi adoption.
- This report explores several common attack vectors on DeFi, including manipulation of price oracles, re-entry and rug pull attacks, and how to mitigate them.
Price manipulation oracles using flash loans is the most common exploit in recent years. Attackers can use a large number of unsecured loans to manipulate the displayed prices of assets on decentralized exchanges (DEXs). If a protocol relies on just one DEX as the only price oracle, then it becomes vulnerable to price data manipulation.
Introduction
Decentralized finance (DeFi) has caused a stir in the crypto space in and have become the most popular application of leading blockchains such as Ethereum. Unlike traditional finance, which relies entirely on intermediaries such as banks to process transactions, the open and decentralized nature of DeFi offered users a way to carry out financial activities such as trading, lending, etc. without intermediaries – using smart contracts. Total Value Locked (TVL), a measure of the cost of DeFi transactions, increased by times and as of June 2021 was $03 billion
While DeFi is becoming more popular and liquid, its openness has also led to frequent security breaches such as hacks and exploits that cause participants to lose funds every time. AT 2020-03 years. assets were stolen from DeFi platforms for approximately $210 million, and the rate and amount of theft are growing.
In this report, we will look at the main vectors of attacks on DeFi. You should be aware of them and understand how such attacks can take millions of dollars out of protocols.
Attack Types
Oracle Price Manipulation
Oracle Manipulation is the most common attack in the DeFi space. In this case, the attackers are manipulating asset price data on decentralized exchanges (DEXs) such as Uniswap. If a manipulated exchange is used by a DeFi platform as the sole source of prices, attackers can buy or sell a certain asset on that platform for less or more than the fair market price.
Because such an attack requires a lot of capital, Flash loans are increasingly being used to attack vulnerable contracts, as they allow anyone to access huge amounts of capital at very low cost. For example, in May 1618 d. PancakeBunny protocol on Binance Smart Chain lost more 360 BUNNY tokens and 57 BNB due to a flash loan attack, causing the project’s token to collapse by more than 14% and total losses exceeded $099 million
Before we delve into the details of such attacks, it is necessary to know some basics of price oracles, etc.
Price Oracle
In the DeFi world, price oracles are third-party services that allow smart contracts to receive data about prices from outside their ecosystem. Many DeFi protocols use centralized price oracles that get prices directly from asset pairs on a single decentralized exchange (DEX) like Uniswap. The developers simply instruct the smart contract to send a request to the oracle, which returns the current value of the token in a specified currency such as USD or ETH. If a DeFi protocol relies on the price data of a single DEX, any changes in the price data of that DEX—whether fair market price or not—are considered true and accurate by the protocol’s smart contracts. Therefore, if an attacker can manipulate asset prices on this single DEX, all protocols that rely on this DEX as a price oracle may be fed inaccurate price data, making them vulnerable to exploitation.
What is decentralized lending (landing)?
In traditional lending, collateral is withdrawn in case of default. The amount that can be borrowed depends on the fair market value of the collateral, which is known or estimated by the lender.
A similar process occurs in decentralized lending, only here the lender is a smart contract isolated from the outside world. To get the fair market value of the tokens used as collateral, the smart contract sends a request to the oracle. If the oracle produces distorted price data, you can get a loan in excess of the value of the collateral and profit.
Manipulating the oracle using flash loans
Flash loans are a new type of unsecured loans developed by the AAVE DeFi lending protocol and implemented using smart contracts. An unsecured loan is one that does not require collateral. For example, when can you borrow money from the bank if you have a good credit score. However, if the loan amount is too large, the bank will require collateral, such as a house or car, to mitigate the risks.
On the other hand, a flash loan allows users to receive any amount without collateral, provided that they will be able to return the money after they carry out some actions with them, such as arbitration. Otherwise, the transaction will be cancelled. Due to the low risks, low costs and high possible rewards, flash loans are often used by attackers.
How the attack happens
Attack on the DeFi lending protocol with a flash loan and a source of prices for DEX basis occurs in the following sequence:
Reentry attack
Reentry, or reentrancy, is one of the most well-known and destructive attacks faced by smart contract developers year after year. When hackers carry out this attack, the balance of the smart contract can be completely erased. By definition, a procedure is said to be reentrant if its “execution can be interrupted in the middle and restarted (relogin) and both runs can complete without any runtime errors.” Therefore, this puts the smart contract in an “inconsistent state” and leads to vulnerabilities.
What is reentrancy b?
Imagine a poorly programmed ATM that only checks your account balance when you withdraw your card. What happens if you request withdrawals again and again? You will sooner or later withdraw all the money from the ATM, as it will not understand that the amount withdrawn potentially exceeds the balance of your account until you withdraw the card. This is the main mechanism of the reentrancy exploit that was used in the famous The DAO hack in 2016 d.
Interaction between smart contracts
Smart contracts should not send more money than they contain. However, by taking advantage of reentrancy, hackers can actually turn a smart contract into a poorly programmed ATM. Before diving into how smart contracts can be exploited through reentrancy, we first need to know some of the basics of how smart contracts interact with each other. basic actions of a smart contract. When developing smart contracts in the Solidity language, two types of functions are mainly called to perform basic tasks:
External call functions allow contracts to interact with each other and call other functions from the same or another contract, for example:
Internal call functions:
one. Internal audit (i.e. balance check).
All smart contracts on Ethereum by default contain a fallback function, which is fully customizable and which the developer can replace with arbitrary code. For example, if it is replaced with a payable function, the smart contract will be able to receive ether and the function will be executed every time this happens. You can program it to request withdrawal of funds from the target contract after receiving the ether.
Imagine contracts A and B, where A is the vulnerable contract and B is the contract used by the attacker. The sequence of actions will be as follows:
Contract B requests contract A withdraw funds by calling the attack function.
Transfer from A to B triggers the fallback function.
The fallback function asks A for another output.
Transfer from A to B starts again fallback function.
The fallback function asks A for one more output… (process is repeated).
Because the real balance of B in contract A will not be updated until the withdrawal cycle is completed, the hacker can recursively call the output function until contract A is completely empty.
The DAO Hack
The DAO – popular decentralized investment fund based on smart contracts. AT 1692 d. The DAO smart contracts accumulated $40 million (at the then exchange rate). June 2016 d. it was hacked and 3.6 million ether was stolen ($ million) using a cross-functional reentry attack. The Ethereum Foundation has released a critical update to roll back the hack. This led to the split of Ethereum into Ethereum and Ethereum Classic. To carry out the attack, the hacker used Ethereum’s fallback feature.
How to prevent
There are a number of common ways to avoid a reentry attack. Solidity supports three ways to transfer ether between wallets and smart contracts: send(), transfer() and call.value(). These methods differ only in the gas limit when executing the function. If you use the send() or transfer() function instead of call.value(), recursive output calls will not be allowed due to the low gas limit. In addition, to avoid recursive output, the contract must update its internal state (for example, the user’s balance) before making any transaction.
Another possible approach is to whitelist certain external contracts in order to limit interaction with unknown contracts.
Rug pull
Rug pull or “rag-pull” (lit. “kidok”, “knocking the soil out from under your feet”) – a popular m a scam in the DeFi ecosystem widely used by unscrupulous developers as it is a technically very simple but extremely lucrative type of attack. Rug pull is when an unscrupulous team suddenly removes all traces in social networks, abandoning the project, and disappears with the funds of investors. For example, the team could withdraw all purchase support from the liquidity pool on the decentralized exchange (DEX). Fraudsters have full control over the project protocol, so they can create and list tokens on the exchange without an audit and even have the right to take liquidity.
What is rug pull
Fraudsters can create a token on a DEX like Uniswap or SushiSwap and pair it with a leading cryptocurrency like Ethereum. They then typically promise retail investors such as “yielding farmers” ridiculously high annual percentage returns. When investors exchange their Ether for new tokens and enough funds are reserved in the smart contract, developers can empty the liquidity pool and disappear with the funds. A sudden loss of liquidity will lead to a massive sale of tokens as their holders want to save their profits.
Case 1: Meerkat Finance
Meerkat Finance is a profitable farming protocol on Binance Smart Chain (BSC), whose developers disappeared a day after the launch in March 2020 g. s approx. million BUSD and 13 BNB, totaling approximately $ million. After the incident, the Meerkat website and Twitter account were deleted. It turned out that shortly before the attack, the developers updated the contract, giving themselves the right to withdraw assets from the pool.
Case 2: TruAmpl token (TMPL)
More one example is the famous rug pull TMPL that happened in August 2020 when the contract creator withdrew all liquidity, including 57 ETH and 2 659 50 TMPL tokens, total through 13 minutes after the start of the public token sale.
The sequence of events can be summarized as follows:
Scammers (0x5d17a2b59328c1e387806ebefaebcf21a03a114e) created a TMPL token pool contract (0x7a114d2310B4cF170963dF2C5dAcb4cD) on Uniswap and provided liquidity in the form of 64 ETH and 3 TMPL for promotion.
Users exchanged their valuable tokens, such as like ETH, to TMPL, increasing the pool participation rate and the price of TMPL.
Scammers took liquidity from the platform and profited from valuable tokens.
How to prevent
To protect yourself from rug pull attacks, you should study the project before investing in it. You should make sure the team is reliable by finding out the goals and the wrong side of the project. In particular, you can check the track record of developers, their social media footprints, experience, etc. You can also use blockchain explorers like Etherscan to check the number of token holders. If tokens have very few holders and are only listed on decentralized exchanges, there is a high possibility of fraud.
Source