The Breakdown - Is It Exploitation Season for DeFi?
Episode Date: February 18, 2020Part of what makes DeFi interesting to people is how it takes advantage of open source protocols to enable types of transactions never before available. The problem, however, is that financial structu...res mean new financial vulnerabilities. In the last few days, two attacks on bZx have used a similar strategy of manipulating the price of synthetic assets in the context of a new instrument called “flashloans.” On this episode of @nlw breaks down exactly How the attacks were carried out How the community is responding What the larger ramifications for DeFi might be
Transcript
Discussion (0)
Welcome back to The Breakdown, an everyday analysis breaking down the most important stories in Bitcoin, crypto, and beyond, with your host, NLW.
The Breakdown is distributed by CoinDesk.
Welcome back to The Breakdown.
It is Tuesday, February 18th, and today we are going to talk about Defy, and in particular, this set of attacks or exploitation or whatever you want to call them that have been defining the conversation in,
not just defy, but crypto as a whole for the last two or three days.
I think that in many ways, defy has come to be the perhaps second greatest focus across this industry
after perhaps Bitcoin and just the role of Bitcoin in the world at large.
Defy has surged in attention.
It has obviously come to define the Ethereum community.
And with recent milestones like a billion dollars being locked in defy,
it is starting to get notice from people who are outside,
the crypto community and who are in the mainstream financial world. And that's why these attacks,
these exploitations, which really in some ways represent the first sustained affront to the defy
system that isn't just theoretical, but is clear and in practice, are so important, right? This is, I think,
a pivotal moment in the history and evolution of the defy space, and which should have ramifications
for how the space evolves. First, we're going to talk about what actually
happened, and then second, we're going to look at the way that different parts of the community
are responding to it.
All right, so there are two attacks we're going to be talking about today.
And actually, before we dive into them, let's talk about the nomenclature that we're using
for a second, because in various reporting and tweets and whatever, these attacks have been
called variously hacks, they've been called exploits, they've been called smart people seeing
an arbitrage opportunity, and that's what makes this interesting.
because both of these actions weren't traditional hacks that exploit some security vulnerability,
but instead they were well-designed, complex sets of transactions,
designed to trigger a specific response in one piece of a DeFi daisy chain, effectively,
that had major ramifications for everything else within the system.
So they are exploits.
They are taking advantage of some issue within the DeFi system.
However, they're not hacks.
for the sake of not having to second guess this all the time, I'm going to use the term attack.
I think it's fair, given that it had a specific malicious intent to extract money out of the system
in a way that was not what the system was designed to do.
And certainly members of the defy community are not going to be cheering on.
So attack is what it is for us.
But I do think it's important to keep track of what these actually are and make sure that we're
not just using terms like hack when that's really not what it is.
So both of these attacks happened to the Project B-ZX.
The first attack happened on Friday right as ETH Denver was getting kicked off
and would ultimately net the attacker something like $360,000 worth of ETH.
Okay, so here's how that first attack worked.
First, the attacker took out a flash loan, which, by the way, don't worry, is a term
that we will be talking about much more in just a minute.
But anyways, they took out a flash loan for $10,000 ETH worth about $3 million from
the platform, DYDX, the trading platform. They sent half of that to compound and half to BZX.
The compound half were used to borrow 112 wrapped BTC, WBTC, with the other half they shorted
112 WBTC. Now going back to the compound half that borrowed, they sent this to Uniswap to lower the
price, which then allowed them to profit from the short and ultimately pay back that 10,000-Eth loan.
But the crazy thing about this, and this is where the exploit comes in, is that all of this
happened in a single transaction, and that is a predication of the structure of flash loans.
So you may at this point be wondering, well, what the hell is a flash loan and why is this thing
even available?
Trust nodes summarized it this way.
They said, basically, you can borrow an asset without putting down any collateral, so for free,
but only if you pay it back in the same transaction.
You basically code a smart contract that tells the Ethereum network you're going to send the borrowed ETH to one exchange
to buy at a lower price and sell at a higher price on another exchange.
And since the exchanges are open source and the network knows everything,
they figure out whether what you say is true or not and so you can flash borrow.
The flash loan thing sounds incredible because it is an actual loan without requiring credit,
but a loan for a few seconds with the lender certain they'll be paid back
because of the contract conditions as the transaction just doesn't happen reverts if the loan is not paid back.
Now, flash loans came about as a way to help the market for defy over-collateralized loans function
better. So going over to CoinDesk, this is how they describe flash loans. They say,
the vast majority of defy lending facilities rely on over-collateralized loans. Borrowers can
usually only borrow around 75% of the value of their collateral. Although that incentivizes
users to pay back loans, it also requires lenders to have very high liquidity, sometimes in a
diverse range of assets in order to quickly liquidate loans. Flash loans are instruments that
allow traders to liquidate the loans on the lender's behalf. It works by having the trader take out a loan
from the lender, this time not posting any collateral, then paying back the borrower's debt and
collecting the deposit. Using the deposit, they can pay back the original loan and pocket the remaining
funds. Again, the idea here is that this all happens instantaneously and with completely open source
elements so that the smart contract system can actually see what the price is on the other exchanges
that are being used in this arbitrage opportunity so that no one is going to be taken to the
cleaner. That's the idea. The problem lies in and where these exploits came from is that Defi has
so many different elements of the stack that are required to make it work, that if you can attack
one aspect of it, such as the price oracles, you can have a much bigger impact on the whole.
system. And that's exactly what we saw with this first attack, where the attacker was able to take
advantage of the single price oracle driving the system to basically manipulate the price of
wrapped Bitcoin in such a way that it was going to be favorable for them. Now, for a relatively
small attack, right? The attacker only got away with $360,000 worth of ether in this first
attack. There was a much more pronounced reaction. And I think that that's because Defi is so at the
heart of what the Ethereum community is trying to do right now, which means those outside of it who
are not fans of Ethereum use any attack like this or any just failure like this as a way to suggest
that the entire project has failed or is doomed to fail. And those in it get fiercely defensive.
So that's kind of what we saw over this weekend is people really talking pretty existentially one
way or another about this attack. And in particular, the thing that kept coming up that I saw
over and over again was the idea of just how decentralized is defyy. I thought actually Maya Zahavi
summed it up really well. She said, the attack surfaced some known and underplayed risks. One, a flash
loan means that there is no real cost of financing an attack. Two, it showed how centralized
oracle manipulation is. And three, it showed that we still need circuit breakers built into
protocols, which is just another version of centralization. Again, this is where the conversation
was over the course the weekend. However, then it happened again. The CoinDesk headline today reads
D-Fi Project BZX exploited for second time in a week, loses 630K in ether. So this attack happened
late Monday night, early Tuesday morning, depending on where you were, and it was based on a similar
premise, although it was a little bit different in its execution. Larry from the block summed it up,
and I thought he did a really good job with this. So one, take out a flash loan of 7,500 Eith.
2. Trade 3,517-Eth on synthetics for $940,000 worth of S-U-S-D,
Synthetics-USD, at price close to $1.
3. Use 900-Eath to market-buS-D on Khyber and Uniswap to push the price to more than $2.
5. B.Z.S.D. by using the S-U-S-D as collateral.
much more than he was supposed to because price of SUSD appeared higher.
Six used the borrowed eth and the remaining ETH balance to repay the flash loan and net 2,379
ETH in profit.
So if the exploit previously was the price of Wrapped BTC, in this case it was the price of
synthetic USD, which basically allowed the attacker to pump the price of synthetic USD from
one to more than $2. So basically the exploit here was being able to market by this synthetic
USD, this synthetic version of a US dollar over and over and over again. Someone else, another
analyst estimated that it was 20 rounds of purchasing basically to drive up that price so that when
the oracles looked to see how much the collateral was worth, it was worth much more than it should
have been because of that exploit on the price. Now, the net of all this is that the attacker walked away
with something like $630,000 in ether, but you can see how much more complicated this is than just
calling it a hack or something, right? This is just taking advantage in some ways of the low liquidity
of a lot of these synthetic assets to be able to drive up the price in a way that these
automated systems based on price oracles can't accommodate. That's what I wanted to
into from here is what the actual reaction has been and where it leaves defy.
Picking up from where we just were, when CoinDesk's tweet said bad actors have made off with
$630,000 worth of ether, Cryptobabi wrote, are these really bad actors or just smart people taking
advantage of bad system design? Me thinks the latter. Now the conversation in the thread was all over
the place. One response said, there's an ethical hacker approach to these problems, they chose the
unethical. I'm sure they're smart. Someone responds to that.
person though and says this wasn't a hack though, it's arbitrage taking advantage of thin liquidity
of the defy space. Now this point was also brought up in a thread by Amin Surer who wrote,
the recent attacks on BZX have little to do with BZX or Flash loans. The culprit here are the
decentralized exchanges which have poor liquidity and are prone to manipulation. Given exchange
depth, the amounts available for Flash loans and use of Dex price oracles, these results are
inevitable. Using price oracles that bring in outside information can help. But the real fix is to
use dexes that actually have depth. And that's not likely to happen anytime soon, even after
ETH 2.0, because the underlying consensus protocols limits Dex's speeds. That said, BZX and other
DFI building blocks need to test their exposure to manipulable dexes more thoroughly before
opening up again. Now, this question of pausing operations was another one that was a big part of the
conversation. So Taylor Monaghan wrote, stop giving teams, products, and platforms the benefit of the
out. BZX is repeatedly
up, repeatedly, at least six
times. How the hell were they able to lose
another 650K? I give
zero f***s about writing bad code. All code
has bugs. What comes next is what matters.
Fool me once, shame on you.
Fool me twice, shame on me. Fool me six
times and lull. No, it's cool.
Defy hype. So her point here
is that this has been a consistent theme
and problem with this particular company
and that she believes that this company
should not be trusted and that if anyone
had any doubt of that, the fact
they basically were subject to the same exact type of attack just a couple days after,
without really trying to address the attack surface of the first attack,
should be more than enough evidence for anyone else.
I think this is a salient point because even if one is excited about a space,
you don't want incompetent companies ruining it for everyone else.
And I don't know as much as Taylor does about BZX.
I haven't been watching them until this weekend.
However, if what she says is true and there is a consistent,
pattern here. That's not who you want as your standard bearer in the same way that Bitcoin
exchanges don't want to all be defined by Mount Gox or someone else, right? You want the best who are
serious about this sort of challenge and the reality that this is a whole new arena of challenges
that are going to be faced by Defi to be the ones who are out there learning and reacting and
responding. That's just the case. And I think that gets me to my major thought about this,
which is that we have had this interesting conversation in the defy space and the Ethereum space more broadly
over the last few weeks, months, whatever, about how ready for primetime defy is, and in particular
whether Ethereum and Defy need more marketing. The thing that's interesting to me about Defy right
now is that it is a community of enfranchised early adopters who understand in some ways,
at least to their own money, the risks of being involved. These aren't,
people who are being convinced that they need to put their money in this system rather than the
stock market. It's not pensioners who have serious life implications for losing something if
everything goes belly up. It is, like I said, enfranchised early adopters. That means that when
these things happen, we can have these intense, real debates, but without the potential for people
being existentially hurt. I don't think that we want to give that up yet. I don't think that the
Ethereum community and the defy community should want to give that up yet. If this happened in the
context of having millions more people involved, you can bet that it would be much more significant.
You also would see much more vicious attacks, right? The more that this space grows, the more
of these types of attacks are going to happen. And the reality is that we don't know what the
attacks of the future are going to look like. We're not going to be able to predict them all because
people are very smart and they're going to figure out all of the wrinkles in this new system.
That's okay. There are plenty of people out there, including folks who aren't just defy partisans,
who think that there could be some major upsides, right? Alex Kruger, Kruger Macro, who's a pretty
skeptical guy by nature, says, Flash loans offer instantaneous collateral-free liquidity.
This is legendary. Just like a liquid derivatives market brought discipline to Bitcoin,
flash loans bring discipline to defy. A few will profit at the
expense of the careless, and in the process, make the market more efficient and resilient.
Need to crack a few eggs to make an omelet. Now, of course, there is another reason to be glad that this
is still an early adopter market that's relatively small, which is summed up by Preston Byrne,
who writes, defy is already regulated. The government just doesn't think it's a big enough deal
to enforce against, yet. Now, ultimately, this space is still in its infancy, but I do tend to agree
with Larry Sirmak from the block who wrote,
it's defy exploitation season.
The first exploit showed a lot of people
that something like that is even possible.
Now it's go time.
I think we're going to see a lot more of this type of attack coming.
And it may not be exactly the same.
It may be a little bit different.
But when you see people who are able to instantaneously walk away
with $300,000, $600,000,
it's going to have a lot of eyes look over at this space
and ways that we may not like.
So here's the bad news and the good news about this.
The bad news is that I do think that we're going to see a lot more of this type of attack.
The other bad news is that this is going to provide a lot of narrative ammunition for those
who don't think Defi is valuable or who think it creates so much systemic risk that any
upside is mitigated.
The good news is that there was never a chance that Defi was going to make it to the mainstream
without a period of pain, right?
without an exploitation season where these systems were really stress tested and pressure tested
in a serious way, not just theoretically, but by people who want to take advantage of them to make
money. That's happening now, and I think it's going to happen more. The good news about this
is that if defy does make it through to the other side, and particularly if it does so in a way
where the deed, the decentralized and decentralized finance remains and is sustained,
then I think the whole space is stronger for having gone through it.
So that is my take on this.
I think that these attacks are the first of what are likely to be many more that we see attempted.
I think that the fact that they are happening in the context of this enfranchised early adopter
market is a good thing.
And I think that it should create or remind us that it's best.
valuable perhaps to have some amount of inherent conservatism when it comes to playing with real money.
Defi is playing with live ammunition, and we need to treat it that way.
Let me know what you think. Hit me up on Twitter at NLW. I'm really interested. I think this is a
fascinating moment, and I will catch you tomorrow for another episode of the breakdown.
Peace.