Flash loan attacks has been raging in crypto DeFi recently, especially on the Binance Smart Chain with the most recent attacks on Belt finance and PancakeBunny.
Both, belt and bunny are established projects with billions in total locked value. At one point bunny had more than 5 billion in total locked value, while belt just over 2 billions. Both of them in the top 5 projects on BSC.
When this type of projects are being attacked it can cause a lot of doubt about the industry in general. I personally was using both of the projects at the time they were attacked, and while in the case of bunny it resulted only in reduction of the APY, in the case of belt it resulted in lost of funds as well.
Having in mind the seriousness of this type of attacks lets take a look what are actually they and how they were performed.
Before going into the attacks, lets first take a look at flash loans.
Flash loans are allowed in crypto defi protocols and are designed to be used.
According to the Aave documentation flash loans can be defined as:
Flash loans are a feature designed for developers, due to the technical knowledge required to execute one. Flash Loans allow you to borrow any available amount of assets without putting up any collateral, as long as the liquidity is returned to the protocol within one block transaction. To do a Flash Loan, you will need to build a contract that requests a Flash Loan. The contract will then need to execute the instructed steps and pay back the loan + interest and fees all within the same transaction.
A non collateral loan executed in one block, one transaction. Obviously the person doing it needs to have some technical skills and to write a contract to execute the flash loan.
What this means is that there is basically no cost for flash loans. They are cheap. Because of the cheap aspects of it, they are used to perform attacks. For example, to perform a 51% attack on a PoW network you need a lot of infrastructure, miners. To perform a 51% on PoS chains you need a lot of stake. For a flash loan attack, you don’t need almost nothing. Only a small interest.
Flash loans are used for good as well, like arbitraging between DEXs.
The belt.finance specialize in stablecoins farming, although there are other options as well. The attack target was their 4Belt pool (USDT/USDC/BUSD/DAI). A pool with four stables in it.
In short this were the steps for the flash loan attack:
- Flash loan of 390M BUSD from multiple PancakeSwap pools (almost all available BUSD on Pancake)
- Deposit 200M in belBUSD towards the Venus strategy. Before the deposit beltBUSD had around 200M, 60M BUSD in Venus, Alpaca and Ellipsis each, and 20M in ForTube. After the deposit Venus had 260M, and the total beltBUSD 400M BUSD. This made the Venus strategy dominant.
- Swap 190M BUSD to 169.5M USDT (21.5M difference) on Ellipsis, raising the value of the Ellipsis 3Pool for 3%.
This increased the 60M Ellipsis share on Belt to 61.8M, or the whole beltBUSD 401.8M (0.5%)
- Withdraw the 200M BUSD deposit with a gain of 0.5%, or 201M, resulting in 1M profit
- Swap back the USDT for BUSD on Ellipsis and lower the value for 3%
- Repeating this multiple times as much as gas limit maximum allowed resulting in total profit of 6.2M BUSD
This is quite an advance exploit 😊.
The hacker used a loan of almost 400M to manipulate the value of different vaults and to make a difference of 0.5% that on a 200M is 1M, and then repeating this multiple time as much as possible in one block.
This attack is not as devastating for the project, because it lowered the value of the pool for around a 5% and used almost all available BUSD on Cake. Its not a 100% loss of funds. Belt has committed to compensate users for the attack as well.
But what this shows is the complexity of the DeFi apps and whenever they integrate other projects into them, they need to double check for backdoors logic and make sure there are no loopholes to exploit like the above.
The attack basically made a difference between deposit and withdrawal value. The hacker used an unprotected gate to artificially increase the value of the pool after deposit, then withdraw at higher value, and then return the value of the pool, resulting in a loss of funds for those pools.
You can read more for this attack from the official announcement from Blet.
The bunny flash loan attack was much more devastating than the belt attack. A total of 200M of funds were extracted from the protocol.
In a way this attack used a similar method as for the Belt attack. Although quite complicated at the base of it, the hacker manipulated the value of a pool to make the exploit.
The target for the attack was the WBNB-BUNNY pool. The attacker used a flash loan to deposit a large amount in this pool, and then withdraw. While the deposit was made the attacker asked for the bunny rewards. Because of the manipulation of the value of the pool the bunny contract issued a huge amount of BUNNY tokens to the attacker, almost 7M. These tokens were then swapped and used to pay back the loan.
BUNNY uses a performance based inflation. For each BNB that the protocol made 5 BUNNY tokens (reduced to 3 recently) are minted and added to LPs. What this means if you manage to find a way to deceive the protocol that it has earned a lot of BNB, it will give you a lot of BUNNY tokens. And this is exactly what happened.
The attack was possible because of the price calculation for BUNNY. It uses the value of the liquidity LP tokens to calculate it. Since the flash attack deposited a lot of BNB in the pool it lead to a very high price relative to BNB.
This is a very rough description of the bunny attack, you can read more here.
PancakeBunny also dedicated it self to compensate users, although because of the scale of the attack, this will be challenging at it will probably take more time.
What can be concluded from the latest two examples of flash loan attacks is that they are used to manipulate a certain parameter of the protocol, usually a value of a pool, that increase the price of a certain assets and then take advantage of that. In the case of Belt, it increased the value of the pool by increasing the value of a third party protocol that Belt was using.
In the case of Bunny the damage was much bigger, and was a result from a minting large amount of token because it was relying on a price calculation that was dependent of a value of a the BNB-BUNNY pool.
This just shows that if there is a slightest chance for a protocol to be manipulated it will be. Flash loans are almost free, the attacker doesn’t need to have a collateral for them or to put any of his assets on the line. Because of this they will be used whenever there is a possibility to extract value.
Having the top protocols attacked and exploited in this way just shows that these are still early days for defi. A lot of things haven’t been properly battle tested. In a way we are all beta testers for the industry. Then yet again its all risk vs rewards ratio. The yields are high for a reason. Have in mind that when doing your regular farming activity 😊.
All the best
Posted Using LeoFinance Beta