The world of Decentralized Finance (DeFi) has revolutionized traditional financial systems by leveraging smart contracts on blockchain technology. However, with innovation comes inherent risks. In this exploration of DeFi risks, we delve into the technical vulnerabilities of smart contracts, highlighting their non-legally binding nature and the potential for irreversible consequences. We examine historical exploits that have shaken even well-established blockchains and explore the complex interactions within DeFi protocols, which create opportunities for vulnerabilities. Additionally, we delve into the critical role of oracles and the manipulation risks they introduce, as well as the impact of flash loans as a new attack vector. Understanding these risks is crucial for participants in the DeFi ecosystem, from users to developers, as they navigate this evolving financial landscape.
Technical vulnerabilities of smart contracts
Smart contracts are not legally binding contracts; they are computer programs that automate actions based on predetermined rules. These actions may be related to native cryptocurrencies on public blockchains, such as bitcoin and ether, which are synthetic commodity money. These cryptocurrencies are not backed or guaranteed by any third party and are not redeemable for fiat currency or any other asset. Instead, they serve as access tokens to the Bitcoin and Ethereum networks and function as collateral and a medium of exchange within these networks.
Native cryptocurrencies on public blockchains such as bitcoin and ether can be destroyed, permanently immobilized, or rendered unspendable. In some cases, such as the DAO Hack on Ethereum in 2016 or the Value Overflow Incident on Bitcoin in 2010, such exploits have been remediated by overriding the technical reality of the blockchain with social consensus because they represented an existential threat to the network. However, most exploits do not reach such a critical threshold of importance, and users who engage with faulty smart contracts run the risk of losing all their coins. There are generally no bailouts or recourse available to these users.
The Parity incident is arguably the most significant unremediated failure of a smart contract to date. The incident resulted in the immobilization of 513,774 ETH, which were held in multi-signature wallets created by Parity, an Ethereum development organization. Multi-sig setups are typically designed to require a certain number of valid signatures to authorize a transaction. For example, a 2-of-3 scheme requires two of the three predetermined keys to be provided for outputs to be spent.
An unknown individual exploited multi-signature wallets by executing a function in a smart contract, which led to the destruction of each wallet and the ether it contained becoming permanently unusable. The amount of ether that was locked up, which was equivalent to 0.52% of all the ether in circulation at that time, was worth $174 million during the hack and $1.175 billion as of the time of writing. Because blockchains like Ethereum that allow for smart contract functionality are more complex and allow for more intricate transactional logic, failures like this are inevitable. The flawed multi-signature wallets in this case were created by an organization led by Gavin Wood, who was one of the founders of Ethereum and the creator of Solidity, the programming language used by Ethereum. The difficulty in developing a completely secure multi-signature contract demonstrates the inherent risks associated with using digital assets on vulnerable base layers that allow for expressive functionality.
Moving beyond the risks associated with custodianship, the use of more complex smart contract interactions required by decentralized finance (DeFi) protocols can create further opportunities for potential vulnerabilities. DeFi is particularly susceptible to technical vulnerabilities due to the intricacy of smart contracts that interact with each other on the blockchain and the difficulty of predicting all possible edge cases before code deployment. Once smart contracts are deployed, upgrading them can be a difficult task that places a significant burden on developers. Certain smart contracts, such as Uniswap, are irreversible and cannot be taken down once deployed, making upgrades a matter of creating a new smart contract and convincing users to switch to it.
As long as the Ethereum blockchain continues to function properly, certain types of smart contracts will continue to work regardless of how administrators or users behave. In some other types of smart contracts, administrators have the ability to include clauses in the code that allow for upgrades, termination, or deprecation of the contracts. These clauses provide developers with more options and recourse in case of bugs in deployed contracts. However, this approach has its downsides, such as potentially making administrators responsible for user funds and making the entities that control administrative keys a target for attackers.
According to Werner et al (2021), there were 21 instances of technical attacks on DeFi protocols from February to December 2020, resulting in an overall loss of $144.3 million (measured in USD at the time of the attack) for users. However, in some cases, attackers returned the funds. These types of technical exploits are relatively common.
Attackers use various methods to exploit DeFi protocols, such as exploiting reentrancy bugs, executing “transaction sandwiches,” exploiting logical bugs, and taking advantage of governance mechanisms. In each case, attackers take advantage of DeFi’s characteristics, such as algorithms that are predictable, large pools of capital with limited human oversight, and blockchain-based infrastructure. The inflexibility of certain DeFi building blocks, like Automated Market Makers, can facilitate many of these attacks. The use of on-chain collateral, such as ether, allows attackers to withdraw their profits without any repercussions. If the tokens that attackers gain control of include stablecoins or other assets that are under the liability of a third party (such as exchange tokens), the tokens can be frozen.
DeFi Oracle attacks
A specific category of vulnerabilities that require particular focus involves issues arising from oracles. In the realm of DeFi, oracles function as information suppliers, delivering external data to smart contracts. They are typically used to provide market price data from single or multiple exchanges to DeFi protocols that depend on external pricing details. For instance, when a protocol uses tokens as collateral, it needs to determine the value (in conventional units like USD) of the offered tokens and utilize smart contracts that make use of market data provided by oracles.
Many DeFi protocols depend on oracles, with price inputs being crucial for initiating liquidations, deleveraging, margin calls, and other automated collateral management processes. As a result, oracle manipulation can have disastrous consequences for these protocols. This situation is somewhat akin to the potential chaos in traditional finance if Bloomberg were compromised and its data manipulated or rendered untrustworthy. Due to the vulnerability of these protocols to discrepancies between an asset’s spot price and index price (which create risk-free arbitrage opportunities), so-called ‘oracle attacks’ are among the most common attack methods. Similar to tactics that involve tampering with the spot reference price for a derivative, oracle attacks manipulate the market price of collateral referenced by a DeFi protocol to generate risk-free arbitrage or trigger liquidations.
In 2020, Liu et al highlight that oracles bring about risks in various ways: their processes are unclear and lack accountability; they add crucial points of trust and reliance within DeFi, and malevolent oracles can inflict severe damage. The researchers discover numerous operational shortcomings in the techniques used for gathering data from multiple exchange platforms, which introduce operational hazards and generate subpar outcomes.
In 2021, Werner et al emphasize that market disruptions at spot exchanges influence oracles and impact DeFi systems built on these price feeds. For example, when the thinly-traded stablecoin Dai momentarily traded at $1.30 on Coinbase (despite being typically pegged to $1), this abnormally high premium was incorporated into the Compound protocol’s price feed. As a result, Compound automatically determined that several accounts were in default, leading to the programmatic deleveraging and liquidation of $88 million worth of collateral. These improper liquidations occurred due to inadequate index construction by Compound (with no controls for extreme events) and the mistaken belief that Dai wouldn’t trade at a substantial premium on the referenced markets.
Excessive leverage: flash loans on DeFi
DeFi presents unique features that give rise to entirely new attack vectors, one of which is the flash loan concept. Introduced in 2020 by DeFi lender Aave, a flash loan is an uncollateralized loan that allows borrowers to access substantial liquidity (up to the size of the loan pool) at a very low interest rate. The catch is that the loan must be repaid within the same transaction in which it is borrowed. As DeFi applications often create arbitrage opportunities, such short-term loans enable individuals with limited capital access to leverage and exploit mispricings, provided that transactions can be executed atomically (i.e., simultaneously). Since Ethereum transactions can call multiple contracts concurrently, flash loans serve as a valuable tool for inter-contract arbitrage, as discussed by Wang et al (2021).
Flash loans significantly lower the entry barriers for potential attackers and increase their leverage, thereby amplifying the financial impact of their assaults on DeFi. Since their inception, flash loans have become increasingly common in DeFi attacks. Cao et al (2021) identified nine separate incidents between February and December 2020, where attackers successfully drained a total of $49.58 million (USD value at the time of the exploit) from DeFi protocols using flash loan-assisted exploits.
The largest of these, the Harvest Attack in October 2020, involved the extraction of $26 million from Harvest by attackers who utilized Curve and Uniswap protocols and relied on a flash loan from Uniswap v2. Although flash loans can be beneficial, they can also be misused to significantly empower potential attackers by reducing trial and error costs and providing nearly limitless leverage – as long as transactions are structured to repay the loan instantly.
In the realm of Decentralized Finance (DeFi), smart contracts bring both innovation and significant risks. These non-legally binding code-based agreements operate on public blockchains, primarily utilizing cryptocurrencies like Bitcoin and Ethereum. Irreversible once deployed, they leave users vulnerable to exploits, as seen in historical incidents like the DAO Hack and Parity Incident. DeFi’s complex interactions, difficulty in upgrading, and administrative clauses add layers of complexity. Moreover, frequent technical attacks on DeFi protocols and the critical role of oracles highlight the need for robust security measures. Flash loans, while offering opportunities, amplify the financial impact of attacks. As DeFi continues to evolve, understanding and mitigating these smart contract-based risks are crucial for users and developers alike.