DeFi Weekly Selection 丨 bZx Event Reflection: What Does Flash Loan Mean?

In this issue:

  1. One week's DeFi data: Valentine's Day Defi hedging totals $ 1.75 billion, and ETH hedging continues to decline
  2. Rethinking the bZx attack, who should be responsible for the loss?
  3. How is the magic Flash Loan developing?
  4. Commentary on bZx events
  5. DeFi project progress in one week
  6. to sum up

According to the Defi data from dapptotal statistics, on the Valentine's Day, the total value of the Defi ecological lock-up reached a peak of $ 1.75 billion, and with the callback of the ETH and EOS prices, the current Defi ecological lock-up funds have fallen to $ 1.53 billion However, it still increased by 3.53% compared with last week. Among them, Maker locked up USD 623.3 million, accounting for 40.04%, and EOSREX locked up USD 294.8 million, accounting for 18.94%.

In addition, the data shows that the current ETH lock-up volume of the Defi ecosystem is about 3.91 million ETH, which is a decrease of about 100,000 ETH from last year, which further confirms our guess in the previous period. 3

In this week's Defi ecosystem, the most attracted attention is the bZx attack event . 2 days ago, the DeFi protocol bZx suffered a serious and complex attack. The attacker simultaneously completed multiple protocols (including Compound, dYdX, Uniswap, etc.) A Flash Loan leveraged arbitrage transaction and successfully obtained an ETH profit, while the remaining 51.34 WBTC profit was locked by the bZx project party.

Bright lightning hit the tree

(Picture from: tuchong.com)

Rethinking the bZx attack, who should be responsible for the loss?

This complex transaction, some call it an attack, and some people think that it is only a successful trading strategy, so it should be rewarded. In addition, bZx's official use of management keys to lock funds has also sparked a debate against DeFi itself.

First, let's look at this magical transaction through a visualization:

EQ19PTMWAAEay-k

(Picture from: Julien Bouteloup)

The general steps are:

  1. 0 cost to borrow 10,000 ETH from dYdX;
  2. Deposit 5500 ETH to Compound and borrow 112 WBTC;
  3. Sending 1300 ETH to Fulcrum / bZX to short WBTC, Fulcrum borrows an additional 4337.6 (5637.6-1300) ETH from the bZx lender and purchases 51.34 WBTC at Uniswap (via Kyber), causing the WBTC price to rise sharply temporarily;
  4. The attacker used this peak to sell 112 WBTC on Uniswap and received 6871.41 ETH in return;
  5. The final step is to repay the 10,000 ETH loan of dYdX. At this time, the remaining 3200 ETH and 6871.41 ETH of the attacker can be used to return the 10,000 ETH loan, which can also make a profit of 71.41 ETH.

Amazingly, these complex steps are completed within the same transaction, whether it is strategy or execution, it is amazing.

This is the process record of this transaction: http://ethtx.info/0xb5c8bd9430b6cc87a0e2fe110ece6bf527fa4f170a4bc8cd032f768fc5219838

After this incident, dYdX has no losses and no gains. The Compound pool receives a gain, the strategy executor (attacker) receives a small ETH gain, and the bZx iETH pool suffers severely. In order to reduce losses, bZx uses management secrets. The key locked the attacker's 51.34 WBTC.

While this attack demonstrated the magical charm of Flash Loan, it also exposed several problems:

  1. bZx uses the management key to freeze the attacker's 51.34 WBTC. This operation is extremely controversial. On the one hand, if this is not done, the project party will lose a lot of money. All DeFi projects have management keys. There is no doubt that the operation of bZx will be a taint to the DeFi ecosystem, and the discussion of managing keys in the form of DAO will also increase;
  2. Poor liquid pools will be used;
  3. In the early stage of DeFi, more and more new products and features (such as this lightning loan) will expose more new problems;

As of now, bZx has announced that it will adopt Chainlink's feeding solution.

How is the magic Flash Loan developing?

Above, we talked about the magic Flash Loan. It is this new feature that makes the bZx attack event possible. So which product is it and how is it developing now?

This will start from a month ago. At that time, the Aave protocol was officially launched on the Ethereum mainnet . So far, the market size of the agreement has exceeded 15 million US dollars. Many long-established DeFi products rely on Flash Loan, which is a new DeFi primitive that allows users to make unsecured loans in a single transaction. What is the situation now? What about it?

A brief introduction from Emilio Frangella:

Original link: https://medium.com/aave/flash-loans-one-month-in-73bde954a239

As shown below:

2

Flash Loan is currently the most common use case for arbitrage, followed by liquidation, and finally collateral exchange, and this is for a reason:

  1. Compared to clearing, DEX arbitrage events are usually more frequent;
  2. The collateral exchange was only recently established and it is still very experimental;

As developers try out the Flash Loan feature, new use cases and ideas emerge every day. Developers are particularly eager to build cross-DeFi protocol tools to test the boundaries of Ethereum composability. A recent example is Maker-Vault Swap, which requires Aave, UniSwap, and Maker to work together.

What are the costs and income?

Currently, Flash Loan has a fee of 0.35% , of which 70% will be allocated to depositors, and the remaining 30% will be split using the same 2/8 fee distribution model. In addition, there are additional fees for transactions on the Ethereum blockchain, and these fees depend on the network status and transaction complexity.

What is the income of the relevant parties for the Flash Loan transaction?

In the following table, we analyze the benefits received by depositors, agreements, and Flash Loan executors:

3

The above chart clearly shows the uneven distribution of returns in the use case.

In fact, most of the time, the revenue of the agreement and the depositor exceeds the actual Flash Loan user. Since we also need to subtract the transaction costs incurred by users from the arbitrage opportunities brought by Lightning Loan, the executor can only profit from large amounts of Lightning Loan opportunities. In most transactions, arbitrageurs have suffered losses.

reasons may be:

  1. Arbitrage usually involves relatively little capital and profits are usually small. The profit of arbitrage rarely exceeds 0.5%, and the handling fee of 0.35% makes the profit of the arbitrage scarce;
  2. Arbitrage usually involves gas bidding, and people use rising gas prices in the competition to get the spread, which results in high transaction costs;

Why isn't it a zero fee?

Some people have asked why the cancellation of transaction fees can stimulate the development of Flash Loan. This is actually the result of a trade-off. Most of these fees go to liquidity providers, which first makes it possible.

In addition, although Flash Loan leverages the ability of the Ethereum blockchain to perform atomic transactions. This means that if Flash Loan fails because the executor has not returned enough funds, the transaction will be cancelled. This seems to minimize the risk, but there is still a certain level of risk. It involves smart contracts and the bottom layer (the blockchain itself).

Flash Loan operates under a specific condition, forcing funds to be returned at the end of execution. Vulnerabilities may still exist in the contract's bytecode, or deeper in the EVM, allowing attackers to bypass this situation. Even if this possibility is extremely small, we need to pay attention to it.

The cost of Flash Loan is beneficial to the ecosystem, and this source of income gives Flash Loan a competitive advantage over other similar products. This will attract more liquidity, which will allow a larger amount of Flash Loan, which will bring more revenue to storage users, and so on.

What's next?

As the protocol becomes more decentralized, Flash Loan fees will become one of the voting parameters for adjusting the overall token economy. Since the Aave team still controls the management key internally, it is necessary to enable a temporary DAO and vote on updates.

Based on community feedback and discussions last month, it is clear that fees need to be adjusted appropriately. Therefore, Aave will issue a governance vote to reduce Flash Loan fees to 0.09%.

Commentary on bZx events

  1. "That's why I don't believe in DeFi. Most DeFi can be turned off by a central entity, so it's just a decentralized theater. However, unless we add more centralization, people will use hacks or exploits Incompetent. So how much better is this than what we are now? "-Litecoin founder Charlie Lee
  2. "The DeFi management key allows you to suspend or freeze contracts, which is too bad? Oh no, it differs from centralized exchanges in that the administrator key does not allow you to confiscate the balance of a single user."-Eric Wall
  3. "Unwelcome opinion, the $ 350,000 arbitrage exploitation is just the beginning of DeFi, and we will see worse things in the next few years."-Lucas, CEO of Economic Bandwidth
  4. "Lightning loan is basically a loan that does not require collateral. The bZx event is not a hacking event, but a smart strategy such as this. Executives should get such rewards. Due to this event, DeFi smart contracts will become more powerful. —— Fiona Kobayashi
  5. "DeFi is not only about smart contract risks, but also generally has liquidity and financial attack risks that may affect users of certain protocols. At this early stage, the best way to deal with risks is to assume that your funds may Lost. Sorry, but that's it. "—— DCinvestor.eth

DeFi project progress in one week

    1. Chainlink will launch meta-predictor for DeFi products ;
    2. Huobi Global announced the official launch of the Bitcoin DeFI project HBTC ;
    3. The DeFI lending agreement bZx was attacked and lost hundreds of thousands of dollars ;
    4. bZx announces access to Chainlink ;

to sum up

The development of Flash Loan shows more possibilities for DeFi, but also introduces new problems. Although the occurrence of the bZx event is unfortunate, it has well reminded the entire DeFi ecosystem and criticized The voice will also be the driving force for related projects.