Don't blame "Lightning Loan", bZx is attacked by it

Within a week, the bZx DeFi loan agreement was attacked twice. The attacker wore a white wolf with arbitrage, and the arbitrage exceeded ten million seconds. This incident is highly concerned because it is not a simple "hacker" attack against a single vulnerability, but a combination of various product characteristics to make a fist with a full understanding of DeFi. This attack may expose the hidden dangers of DeFi's systemic financial risks, and it is a warning sign for the development of the industry. The author first concludes:

1. The essence of bZx's attack is its own product design loopholes, and the feeding price is completely dependent on third parties, without considering the mechanism of the access party, and without undergoing extreme stress tests; 2. For other DeFi products, we must also carefully consider the impact and risk of other protocols that may be accessed on the protocol itself, to prevent systemic risks caused by protocol invocation; For ecological development, it seems unhealthy to develop brilliant technology products and build unlimited leverage. DeFi's original intention should be open inclusive finance.

Review: the attacker killed bZx with a knife

The first attack took place on February 15th. The attacker borrowed 10,000 ETH as the initial capital through "Lightning Loan" at zero cost, and used multiple DeFi protocols to call each other to realize a very unreasonable transaction.

The first step: borrow 10,000 ETH from dYdX through the "Lightning Loan" 0 collateral; the second step: mortgage 5500 ETH in Compound to lend 112 WBTC loan; the third step: send 1300 ETH in bZx To fulcrum, opened a 5x leveraged short position in an ETH / BTC trading pair; Step 4: Sell 5637 ETH (US $ 1.5 million) through Kyber Reserve to Uniswap WBTC pool, and get 51.34 BTC (US $ 510,000); Step 5 : The 112 BTC loaned by Compound is sold in the Uniswap WBTC pool to obtain 112,800 ETH, and 6800 ETH is obtained. Step 6: Return 3200 ETH + 6,800 ETH (selling 112 BTC for profit) = 10,000 ETH to dydx.

The author also made a table to restore asset changes and final results:

Final form

It is reported that the attacker obtained a total profit of 1193 ETH, which is currently valued at $ 298,000. The on-chain data shows that the attacker has transferred the funds obtained to Compound. In theory, Compound could use the administrator key to confiscate funds, but according to a vote initiated by Chris Blec, only 12.3% supported the confiscation of funds, and opponents accounted for 69.5%. Hydro founder Li Tianfang said, "Using manager permissions is very harmful to trust. Compound has not suffered losses due to the attack. It is unlikely to sacrifice its trust to help competitors find money." Whether it is popular or not can be frozen if the Compound community unanimously resists it, "said Cao Yin, managing director of the Digital Renaissance Foundation.

Today (February 18), bZx has again found suspicious transactions using "Lightning Loan", and there is no evidence that it is the same attacker. Although bZx closed the Fulcrum trading platform for maintenance after the first attack, the attacker made a new move and used Synthetix for trading. Currently, bZx has temporarily closed the exploited contract. Ethhub founder Eric Conner estimated that this time the attacker made 2,388 ETH, or about $ 644,000.

Interestingly, although bZx officially stated that this loss has nothing to do with the "oracle". But after the first attack, bZx announced that it will add ChainLink, an integrated oracle platform, as one of its price sources. "At present, ChainLink can find a better balance between truly reflecting the price and the decentralization of the oracle, and avoid the problem of price distortion caused by insufficient liquidity of the feeding mechanism of decentralized exchanges such as Uniswap," said Cao Yin.

Clarification: bZx's first attack was a product vulnerability, and the second was price manipulation

For the first attack of bZx, early netizens interpreted it as price manipulation. But the real situation is "using the contract loopholes of bZx, borrowing a large amount of money, and then manipulating the price on Kyber and Uniswap connected to bZx, the arbitrage was successful." Pan Chao, the head of the MakerDao Chinese community, said. But the second attack on bZx in recent days is indeed a way of price manipulation.

Let's explain in detail the relationship between several agreements. bZx is a margin trading protocol, users can mortgage one currency as margin, and lend another currency under a certain leverage. But what is the floating exchange rate of these two currencies? bZx needs to call oracles or decentralized exchanges to feed prices. In the first attack, bZx used Kyber as an on-chain oracle to check the ratio of collateral to borrowing.

As a decentralized token transaction protocol, Kyber has many reserves to provide liquidity. The reserve bank provides token exchange for exchangers. It can be an individual with rich tokens, or a professional market maker, project team, DEX, etc. And in order to gain competitiveness, Kyber is designed to provide the best exchange rate for exchangers. Uniswap is one of Kyber's reserves.

In the first round of attacks, the attacker initiated a margin transaction on bZx, mortgaged 1,300 ETH, and used 5 leverage to exchange 51.3 WBTC, which raised the relative price of WBTC / ETH on Uniswap. The 112 WBTC borrowed from Compound was converted into ETH at this price, and profit was obtained.

It is undeniable that the pool-type DEX does have insufficient trading depth and insufficient liquidity. Imagine that the attacker only raised the price of WBTC with 1,300 ETH, which is unlikely to happen in mainstream centralized exchanges.

Investigating its root cause, bZx was "deceived" to make a very unreasonable transaction on uniswap, only to blame it for relying too much on a third party. "This type of attack solution only targets bZx-based DeFi products that rely entirely on third-party AMM (automatic marker maker), and does not exist in types of products such as dydx, DDEX, and compound," said Li Tianfang .

Therefore, the main reason for bZx's attack was that "it had design errors, did not consider the feeding mechanism of the Kyber aggregation exchange, and did not pass extreme stress tests, so it was used." Cao Yin said. Judging from the results, this attack did not affect other protocols, and the loss was borne by bZx.

Q: "Lightning loan" and protocol call, who is the devil weapon?

The attack brought "Lightning Loans" to the public's sight, which is the key to attackers' cost-free arbitrage. "Lightning loan" is a way to initiate multiple transactions on different DeFi lending platforms within a block, that is, to transfer loans between different assets and debts. "Lightning loan" is also a way of borrowing without collateral. The premise is that the issue and repayment of the loan must be completed in the same block of Ethereum. According to the current block production speed of Ethereum, it is 13 seconds. If it is not ETH borrowed empty-handed, but an over-collateralized borrowing model, will this still happen? Several guests interviewed by the author have different views.

Cao Yin said that "Lightning Loan" is not a problem in itself, but the use of "Lightning Loan" should be restricted, and everyone should not be allowed to call this agreement at will, especially in an unregulated, decentralized, code-as-law scenario such as DeFi. Here, it must be used with caution. He used a very vivid metaphor:

DeFi now is a monkey in terms of functional perfection. The "Lightning Loan" is equivalent to a gun. You gave the monkey a snatch. What good results will it have? Monkeys now need to learn to use fire, learn to farm, and learn to serve the real economy, rather than a pure financial instrument type DeFi protocol.

However, Li Tianfang believes that the "lightning loan" only lowered the threshold for attack. Even if there is no "lightning loan", an already rich Ethereum account can make the same attack. Of course, the existence of "lightning loan" makes such attacks easier, and contract designers need to consider the existence of this phenomenon.

Pan Chao also believes that the lightning loan itself is not a problem, but a coupling problem between the agreements. " The vulnerability of this attack is not a problem for an independent single protocol, but several protocols will be successfully attacked if they are linked . As a result, although there are no assets in the account, they can still be used to kill white wolves with an empty sword, or to kill someone with a knife. The loopholes in other protocols borrow money, and the losses are borne by other protocols. "Just as the bZx team" sophisticated "," From the perspective of the agreement, it is just that someone simply borrowed a sum of money, and from the perspective of the lender, This loan, like any other loan, pays interest as usual. "

"This also gives the DeFi practitioners a warning that when designing products, they must carefully consider the impact and risk of other protocols they may access on their own agreements," said Pan Chao. The free call of DeFi products' smart contracts has added a lot of uncertain factors, so should they be restricted?

In response to this problem, Li Tianfang said that the so-called "admin key" (administrative authority) is very different between contracts, and it is not a 0 or 1 choice. You can choose to stay in each type of operation. Full control, limited control, time delayed control, etc.

"The designer of each contract needs to make a series of choices in" decentralization "and" easy operation. "For example, in order to avoid centralization, DDEX retains very few administrator rights. Of course, there are some inconveniences, such as we cannot Just upgrade some modules of the contract, add functions, move assets, even if it is "for the benefit of the user." He said at the end that time will tell us what the right choice is.

Reflection: What is the meaning of infinite leverage, DeFi developers should not forget their original intentions

For this attack, the author ’s intuitive feeling is that the main purpose of many DeFi products is to “grow leverage.” This reminds me of the cause of the 2008 economic crisis, which was that Wall Street packaged real estate into various securities products and created too much leverage. At the same time, Let people borrow money at a very low cost. How similar it is to what the DeFi industry is doing today.

What does this really mean?

" You are right, every DeFi project should consider these issues. A good protocol design should encourage more valuable" win win "behaviors. If one type of behavior is really empty gloves, the white wolf, it ’s bad for the entire system. It is negative value, and maybe some adjustments can be made in the agreement to improve the value of the entire system, "said Li Tianfang.

However, the DeFi community not only did not become cautious because of the attack, but contributed to the flames. The author noticed two things:

Remco Bloemen, a research and development staff of 1.0x, proposed to create free unlimited lightning loans directly in the contract of tokens; 2.1 1x.ag, newly launched by 1inchExchange, used "lightning loans" to improve the efficiency of leveraged positions to make unlimited leverage.

"The role of value creation in DeFi has one thing in common: They all need to take risks. For example, market makers need to take risks, and liquidators (liquidators) need to take risks. Doing operations in a block, empty gloves white wolf, "said Li Tianfang.

" This reveals the misunderstanding of developers in this industry, which is to develop some DeFi protocols with a " dazzling technique "mentality. " Cao Yin pointed out sharply .

What is the original intention of DeFi? This is worth reflecting by the builders and advocates. Cao Yin's words are very reasonable:

For speculators, white wolf with high shots and empty gloves definitely likes this tool. Although arbitrage can play a role in promoting the effectiveness of information and reducing transaction costs. However, infinite leverage may bring serial accidents and create systemic risks. According to the current development of DeFi, this situation is likely to happen.

What was our original intention to do DeFi? It is designed to serve small and medium-sized enterprises, entrepreneurs, and ordinary producers without financial infrastructure. We reduce the frictional costs caused by centralization, remove the unnecessary intermediary costs, and at the same time take back data ownership and financial ownership from unreliable centralized institutions and return them to producers. Original intention. The developers of DeFi want to be an open financial market that serves global humankind, makes finance a inclusive commodity, and returns data to the hands of producers and consumers? Or do you want to be a very speculative casino with no regulation, unlimited leverage? What people want to do is very important.