For DeFi, flash loans may pose a greater risk than expected
For Ethereum, the world’s second-largest cryptocurrency, finance seems to be the most important use case. Decentralized finance (DeFi) powered by Ethereum’s smart contract blockchain can provide valuable benefits to those who currently do not have access to traditional forms of finance. However, with suspicion regarding the degree of decentralization that has been achieved so far, along with concerns regarding security vulnerabilities with DeFi, the topic continues to remain contentious.
On the latest episode of the Epicenter podcast, Gonçalo Sá, Co-founder of ConsenSys Diligence discussed issues regarding security complexities and flash loan attacks on DeFi.
Sá highlighted that with flash loans, some security assumptions were completely broken and that flash loans can be used to break DeFi protocol ‘atomically’. He went on to add that, “In a sense that these could have already have happened there. There are whales that would have the capability to perform such attacks, but there’s the reputational risk of doing so.” Clarifying reputational risk whale accounts face if they were to carry out an attack, Sa noted,
“Whales have an incentive not to break things because they are invested in the ecosystem too. They’re invested in the success of the network. I can not hold practically any ETH and still carry on these attacks and that’s the whole issue here”
However, Gonçalo Sá, also pointed out that while such vulnerabilities remain, the community has positively responded and have taken active steps in preventing such attacks from repeating. He said,
“One thing that has gotten much better is the incident response time as a community, as a tribe. Like I think Etherium was very disorganized when I first started getting into this space. A lot of things were wrong. But then people from older industries that are more used to having standards and proper methodology for a secure lifecycle of a product and development, in general, started trickling in.”
While flash loans were originally thought out to be an innovative form of uncollateralized lending, vulnerabilities in the system exploited by users earlier in the year sparking off a debate within the ecosystem. In the flash loan attack, the user borrowed ~10,000 ETH and could have gotten away with $350,000 by taking advantage of flaws in the protocol.
Crypto analysis firm, Arcane Research in a report highlighted how DeFi has been put under immense pressure as a result of the flash loan attacks on bZx that happened in February. The report highlighted,
“The attackers exploited buggy code and poor liquidity in DEXs in order to manipulate various ETH-pairs, creating massive profits and leaving bZx with uncovered loans. In DeFi applications, the code will always be the law. Buggy code and limited price feeds based on illiquid decentralized exchanges is a challenge that needs to be solved in order for DeFi to prosper. “