DeFi under scrutiny! DeFi under scrutiny after flash loan trades expose system’s vulnerabilities. An arbitrage attack against bZx’s decentralized finance lending protocol is what caused the scrutiny. The arbitrage attack netted the bad actor or group an estimated $350,000 worth of ETH.
In the following days, bZx suffered an Oracle-based attack in which they lost nearly $650,000 in ETH. bZx is a lending and Margin trading protocol on Ethereum, and uses Fulcrum. The method utilized for the alleged heist was not an unauthorized intrusion across these projects and others – rather, a complex arbitration opportunity.
The trader essentially followed the rules of the said contract and loan system – all they did was exploit a logic bug in the smart contract. They took advantage of the low liquidity markets.
Both incidents involve a case of flash loans – a new type of Decentralized Finance (DeFI) that allows users to conduct sophisticated sequences of financial activities in a single transaction. Flash loans permit users to create a loan produced once it has been paid back, in one transaction.
Flash Loans are marketed as “risk-free” because they leverage the Ethereum Blockchain to execute transactions. If the executor does not return enough funds, the transaction is reversed. Investigations into the event suggests that the attackers used an Aave flash loan to borrow 10,000 ETH from the dYdX protocol. They then started the DeFi attack.
DeFi is still in its infancy. Developers must use thorough smart contract auditing processes and expect hiccups. bZx and its team is going through growing pains now – they’ve since taken precautionary measures to defend against new assaults while DeFi stakeholders are now on high alert.
What do you think? Let us know what you think on our Facebook page!
