DeFi, a moniker for Decentralized Finance has gained traction over the years, mainly due to its ethos. However, the projects built are still budding and hence products are often exploited. bZx is a project that has caught the attention of the crypto-space due to a recent exploit that cost it $350,000.
From Overtaking Wall St. to Assassination Markets
Flash Loans, a concept discussed by Emilio Frangella at Aave, was the first attempt at uncollateralized lending. Frangella discussed it in detail about flash loans and how anyone would be able to take liquidity out of the Aave protocol, provided that the same liquidity plus a fee is returned within the context of the same transaction.
bZx is a project that implemented flash loans and was exploited by a user. The user exploited the pricing oracle; since flash loans allow borrowing without collateral, the user borrowed ~10,000 ETH, half of this was sent to compound finance to buy 112 WBTC, which was sent to bZx exchange to hedge for a short position. The remaining ETH was supposedly sent to Uniswap converted to 112 WBTC, which was eventually sold on Kyber.
Since bZx depended on only one price oracle, the short on bZx exchange yielded massive profits, a portion of which was used to repay the loan and the rest was the profit worth approximately $350K.
bZx put out a statement,
“Due to the complexity of the transaction, providing a comprehensive accounting of the losses will require additional time. This was not a simple Uniswap attack, and we do not use Uniswap as an oracle.”
A detailed report on the exploit from bZx will further explain the attack.
Emin Gün Sirer, Professor of Cornell University tweeted that the idea of flash loans was “brilliant” and that it was,
“… way ahead of what Wall Street can do. And seems like it’s only possible with on-chain smart contracts. The obvious uses involve arbitrage. Though they have many other uses, all the way up to assassination markets.”
It won’t be surprising for the darknet market place to use DeFi, however successful implementation of KYC and AML at on-ramps and off-ramps would better control the situation.