Navigating DeFi Exploits

Exploring DeFi is risky; smart contract hacks happen all the time. In 2020 alone, there were at least 12 high-profile DeFi hacks, draining away no less than $121 million in funds from DeFi protocols.

Source: CoinGecko 2020 Yearly Report No one - not even the best smart contract auditors - can fully predict what will happen with deployed smart contracts. With billions of dollars of funds sitting on smart contracts, you can be sure that the most brilliant hackers are constantly looking to exploit and profit from security weaknesses.

The big risk for DeFi is that as projects leverage the composable nature of DeFi and build on top of one another, the complexity of DeFi applications increases exponentially, making it harder for smart contract auditors to spot weaknesses. DeFi application developers have to ensure that cybersecurity auditors constantly check their code to reduce any possibility of exploits because the consequences of mistakes will be huge financial losses. This aticle will look at the causes of hacks, flash loans, potential solutions to reduce losses from hacks,and some tips for individuals to avoid losing funds in DeFi exploits.

Causes of Exploits

Below aer some common causes of exploits. The list is not meant to be exhaustive.

1. Economic Exploits/Flash Loans Flash loans allow users to leverage nearly limitless capital to carry out a financial transaction as long as the borrower pays the loan within the same transaction. It is a powerful tool that allows one to maneuver economic attacks that used to be constrained by capital requirements. With flash loans, having the right strategy is the only requirement to exploit opportunities. Almost all DeFi hacks utilized flash loans. More details to follow in the next section.

2. Code in Production Culture Spearheaded by Andre Cronje, the founder of Yearn Finance, many DeFi projects follow the ethos of test-in-production instead of maximizing security and testing to speed up the pace of product development. Having audits on every release will significantly extend the time required to bring any product updates to market. One of the main competitive advantages of DeFi is that developers can iterate much faster, pushing the boundaries of financial innovations. However, not every project can afford to have audits, especially when the project has yet to achieve any traction. Despite having multiple audits, hackers still manage to exploit some projects, suggesting that having audits may not be sufficient to prevent all hacks.

3. Sloppy Coding and Insufficient Audits In a bull market, many project teams feel pressured to move fast and take shortcuts to release their products quicker. Some may decide to skip audits altogether to have the first-mover advantage and only conduct audits several months after the products are live. There are also plenty of “forks” - new projects that use the same code as other established projects. Launched without a complete understanding of how the code works, they are treated as a quick cash grab, resulting in many exploits.

4. Rug Pull (Inside Jobs) In the DeFi space, it is not uncommon for projects to launch with anonymous teams. Some do so to avoid the scrutiny of regulators due to an uncertain regulatory climate. However, others choose to be anonymous as they have bad intentions. There have been many instances where anonymous teams conducted an inside job and intentionally left a bug, which is exploited to steal from unsuspecting users. The crypto community does not alienate projects launched by anonymous founders, seeing how the first cryptocurrency, Bitcoin,was also founded by an unknown person. Users evaluate projects based on the code produced, not who or where the developers are from.This is aligned with the decentralization ethos of open software. ( “Saddle Finance - REKT - Rekt News.” 20 Jan. 2021, https://www.rekt.news/saddle- finance-rekt/.) Ideals aside, if an exploit were to occur on a protocol launched by an anonymous team, the chances of recourse are low as it is hard to find the real-world identity of the developers.

5. Oracle Attacks DeFi protocols need to know asset prices to function correctly. For example, a lending protocol needs to know the asset price to decide whether to liquidate the borrowers’ position. Therefore, as an indispensable part of DeFi infrastructure, oracles may be subject to heavy manipulation. For example, the exploit of MakerDao’s vault caused unnecessary vaults’ liquidation that totaled more than $8 million worth of ETH in losses.

6. Metamask Attack As the main interface to every Ethereum application, it is no surprise that Metamask has become a primary attack target. The Consensys team has been thorough in security, and to date, there have been no widespread exploits. However, there were a few high profile attacks: ● $59 million loss through the EasyFi project’s admin MetaMask account ● $8 million loss through the personal wallet of Nexus Mutual’s founder ( “EasyFi - REKT - Rekt News.” 20 Apr. 2021, https://www.rekt.news/easyfi-rekt/. “Rekt - Nexus Mutual - Hugh Speaks Out - Rekt News.” 23 Dec. 2020, https://www.rekt.news/nxm-hugh-speaks-out/. )

Usage of Flash Loans The following chart shows the composition of all the Flash Loans usage from Aave:

We can see that flash loans are mainly used for arbitrage purposes. Arbitrage is the act of exploiting price differences between markets to make a profit. For instance, say there is a considerable price difference for WBTC on two different decentralized exchanges. A flash loan can be used to borrow a substantial amount of WBTC without any collateral to profit from the price difference. ( “Flash Loans, one month in. Balancing fees and first usage ... - Medium.” 12 Feb. 2020, https://medium.com/aave/flash-loans-one-month-in-73bde954a239.) The second usage of flash loans is for loan liquidation. There is usually a penalty for the borrowers if they let the protocol liquidate their position. When the market has substantial price actions, borrowers can choose to obtain flash loans and self-liquidate their positions, avoiding the penalty fees. Consider an example where DAI is borrowed from Maker with ETH as collateral. When the price of ETH falls significantly, it may get near the liquidation level for the DAI loan. There may neither be ETH to increase collateral nor DAI to repay the loan. What can be done is to take a DAI flash loan to repay the Maker loan. A portion of the withdrawn ETH collateral can be swapped to DAI to repay the flash loan instantly. Using this method, the remaining ETH is kept without paying the liquidation penalty. Lastly, flash loans can also be used to executea collateral swap. For instance, if we have a DAI loan in Compoundwith ETH as collateral, we can swap theETH collateral to WBTC collateral using a flash loan. This allows us to changeour risk profileseasily without having to go through multiple transactions. Executing flash loans still requires considerable technical knowledge and has high entry barriers to those who do not know how to code. However, there is a third-party app that makes the execution of flash loans accessible for average users – this platform is called Furucombo.

Flash Loan Protocol: Furucombo Furucombo is a platform that allows anyone to create arbitrage strategies using flash loans. Thanks to its drag-and-drop tool that enables end-users to build and customize different DeFi combinations, the barriers to entry for assembling money-legos are lowered. Do note that Furucombo does not find arbitrage opportunities for you. To use Furucombo, users need to set up input/outputs and the order of the transactions, and it will bundle all the cubes into one transaction for execution. An example of how an arbitrage transaction can be carried out is shown below:

1. Obtain a 15,000 DAI flash loan from Aave. 2. Swap DAI to yCRV using 1nch. 3. Exchange yCRV back to DAI using Curve. Due to price differentials, you end up with 15,431 DAI, more DAI than before. 4. The loan amount of 15,013 DAI includingAave’s flash loan fee is repaid to Aave. The user is left with a profitof 418 DAI. All of these steps are executed within one transaction. Furucombo does not require any upfront funds nor charge fees for users to build “combos” and make arbitrage trades using flash loans on the platform. All you need is ETH in your wallet to pay for the gas fee. Users are advised to trade at their own risk as arbitrage opportunities are not always available on Furucombo, and a combo may fail if the price difference no longer exists. Users face the risk of paying for the transaction fees regardless of the outcome.

Case Study: bZx Flash Loans Hack On 15 February 2020, a transaction took place on the Ethereum blockchain that was considered unique at the time. A profit of approximately $360,000 was achieved within one block and in one transaction in just under a minute. This transaction caught the crypto community's attention and was widely analyzed.The gain was achieved via an initial nearly-risk-free loan in the form of a flash loan, subsequently followed by a series of arbitrage between different decentralized exchanges.

6. Total Profit The Compound position was still in profit. As the average market price of 1 WBTC was 38.5 WETH, the attacker can get 112 WBTC with roughly 4,300 ETH. In total, the attacker gained 71 WETH + 5,500 WETH - 4,300 ETH = 1,271 ETH, roughly $355,880 (assuming the ETH price of $280). The event above not only demonstrates the possibility of extreme capital gains by manipulating the price of other assets but that there were also no other costs for the borrower besides a relatively low protocol fee. The only condition faced by the borrower was that the loan was to be repaid within the same transaction. Thus, the very concept of uncollateralized loans opens up a wide range of opportunities in the space.

Flash Loan Summary Flash loans can be a double-edged sword. On one hand, its novel use of smart contracts brings convenience and advancements to the DeFi ecosystem - traders withoutmuch capital can launch arbitrage and liquidation strategies with flash loans without the need for a large capital base. On the other hand, hackers can use flash loans to launch flash loan attacks, vastly enhancing their profits since no collateral is required. Just like any tool, flash loans can be used for both good and bad purposes. In our view, flash loan attacks utilized for ill-purposes have strengthened the whole DeFi ecosystem as projects improve their infrastructure to prevent future attacks from occurring. As flash loans are still at a nascent stage, the attacks can be seen as a silver lining that mitigates the kinks in the DeFi ecosystem and makes it more antifragile.

Solutions Having only smart contract audits is not enough to prevent exploits. Projects need to do more, and they are now looking for alternatives to ensure the safety of funds deposited in their protocols. Below are some of the possible solutions:

Internal Insurance Fund Several projects have decided to use their native token as the risk backstop. Examples include: ● Maker minted MKR back on Black Thursday to cover for liquidation shortfall in DAI. ● Aave rolled out stAAVE to cover any potential shortfall for the depositors. ● YFI collateralized their token and borrowed DAI to pay back hacked funds.

Insurance Being one of the new kids on the block ,Unslashed Finance offered protocol- level covers to LIDO and Paraswap for their users. This opens up the possibility for protocols to buy covers for their users. ( “Yearn.Finance puts expanded treasury to use by repaying victims of ....” 9 Feb. 2021, https://cointelegraph.com/news/yearn-finance-puts-expanded-treasury-to-use-by- repaying-victims-of-11m-hack. ) Bug Bounty Projects are increasingly leveraging Immunefi to list bug bounties, encouraging hackers to claim rewards for finding bugs rather than exploiting them. The highest bounties offer up to $1.5 million. However, with higher potential rewards from hacking, whether this will deter the hackers remains to be seen.

Other Possible Solutions ● Industry-wide insurance pool There can be an industry-wide insurance pool where every DeFi protocol chips in part of their earnings or pays a fixed fee. The pool isexpected to pay out claimswhen one of the membersexperiences a hack. This is similar to the idea of the Federal Deposit Insurance Corporation (FDIC). ● Auditors to have skin in the game This idea proposed auditors to stake on DeFi insurance platforms such as Nexus Mutual. As stakers, if the protocols are hacked, then the auditors will experience loss. This implementation is expected to align the interest of auditors and the project.

Tips for Individuals Besides smart contract hacks, you may also be exposed to various hacking attempts. Below are some steps you can take to minimize risks and reduce the chances of getting hacked. Don’t Give Smart Contracts Unlimited Approval

Step 1 ● One of the most common instances that require approvals is swapping. ● In the example, we plan to swap 15.932 SNX to 0.0834 ETH on Uniswap. ● Click “Approve SNX”

Step 2 ● The left image is the default window that we will see. ● Click “View full transaction details” ● Then we will be presented with the right image. Click “Edit”.

Step 3 ● Choose “Custom Spend Limit”. ● A lot of applications choose the “Unlimited” option in default. ● Key in the amount that we want to spend, in this example, that’s 15.932 SNX.

Step 4 ● Under the “Permission” section we can see that the figures are updated. ● Click “Confirm” and pay the transaction fee. Revoking Unlimited Approvals from Smart Contracts If you have previously given DeFi protocols unlimited spending approvals, there are two optionsfor you. The easier optionis to move all your funds to a new Ethereum address, and you will get a fresh restart without taking on any of the risks associated with your previous Ethereum address. However, if moving funds out of your existing Ethereum address is not possible, you can check the list of all previous approvals using the Token Approval tool provided by Etherscan.94 94 (n.d.). Token Approvals @ etherscan.io. Retrieved May 23, 2021, from https://etherscan.io/tokenapprovalchecker

On this page, you can see all the approvals that you have previously granted to smart contracts. You should revoke all approvals with Unlimited approved amounts, especially protocols that you no longer interact with. Do note that revoking each approval requires a smart contract interaction itself and will incur transaction fees.

Use a Hardware Wallet A hardware wallet is a physical device used solely for storing cryptocurrencies. Hardware wallets keep private keys separate from internet- connected devices, reducing the chances of your wallet being compromised. In hardware wallets,the private keys are maintained in a secure offline environment, even if the hardware wallet is plugged into a computer infected with malware. While hardware wallets can be physically stolen, it is not accessible if the thief does not know your passcode. In the unfortunate event that your hardware wallet is damaged or stolen, you will still be able to recover your funds if you had created a secret backupcode prior to the loss. The top hardware wallets manufacturers are Ledger and Trezor, though more have entered the industry.

Use a Separate Browser Profile Although browser extensions are helpful and makeyou more effective and productive in your work, you shouldalways be worriedabout malicious browser extensions causing trouble with your cryptocurrency experience. If you accidentally installed a malicious browser extension, it may snoop on your Metamask keys and become an attack vector on your funds. One method to improve your security is to create a separate browser profile on your Google Chrome or Brave browser. In that new browser profile, install only the Metamask extension. By doing so, you reduce the risk of a malicious browser extension siphoning out funds from your wallet. Here is a step-by-step guide to creatinga new browser profile on Google Chrome. Separate Browser Profile: Step-by-Step Guide

Step 1 ● Opening the Chrome browser will lead to the above page. Click “Add”. ● Alternatively you can go to the upper right-hand corner and click on the profile icon. Click “+ Add” at the very bottom.

Step 2 ● Pick the name and color. Then click “Done”

Step 3 ● Sign in a different Chrome account if you have one. If not, just click “Get started”.

Step 4 ● Download the Metamask extension and make it the only extension in this profile. Conclusion The DeFi space is still very much an experimental ground for various financial innovations. As such, things may and can go wrong. Do be aware of the risks of using new DeFi applications, especially those that are not battle-tested. Always do your research before using any DeFi protocols. In most cases, once a mistake takes place, there is no recourse to the losses incurred. Even inthe event of remuneration by the protocol,the losses usually exceed the amount of compensation received. Becauseof the risks involved, the returns from participating in DeFi activities are high. To not miss out on the high returns offered by DeFi, one csn opt to hedge some risks by buying insurance or put options.

Reference Darren Lau, Daryl Lau, Teh Sze Jin, Kristian Kho, Erina Azmi, Benjamin Hor, Lucius Fang, Khor Win Win, "How to DeFi: Beginner" , May 2021

Recommended Reading

1. To be your own bank with Metamask https://consensys.net/blog/metamask/metamask-secret-seed- phrase-and-password-management/

2. How (Not) To Get Rekt – DeFi Hacks Explained https://finematics.com/defi-hacks-explained/

3. DeFi Security: With So Many Hacks, Will It Ever Be Safe? https://unchainedpodcast.com/defi-security-with-so-many-hacks- will-it-ever-be-safe/

4. News on hacks and exploits https://www.rekt.news/