Attacking the DeFi ecosystem with flash loans for fun and profit
From MaRDI portal
Publication:2145358
DOI10.1007/978-3-662-64322-8_1zbMATH Open1492.91404arXiv2003.03810OpenAlexW3211314335MaRDI QIDQ2145358FDOQ2145358
Authors: Kaihua Qin, Liyi Zhou, Benjamin Livshits, Arthur Gervais 
Publication date: 17 June 2022
Abstract: Credit allows a lender to loan out surplus capital to a borrower. In the traditional economy, credit bears the risk that the borrower may default on its debt, the lender hence requires upfront collateral from the borrower, plus interest fee payments. Due to the atomicity of blockchain transactions, lenders can offer flash loans, i.e., loans that are only valid within one transaction and must be repaid by the end of that transaction. This concept has lead to a number of interesting attack possibilities, some of which were exploited in February 2020. This paper is the first to explore the implication of transaction atomicity and flash loans for the nascent decentralized finance (DeFi) ecosystem. We show quantitatively how transaction atomicity increases the arbitrage revenue. We moreover analyze two existing attacks with ROIs beyond 500k%. We formulate finding the attack parameters as an optimization problem over the state of the underlying Ethereum blockchain and the state of the DeFi ecosystem. We show how malicious adversaries can efficiently maximize an attack profit and hence damage the DeFi ecosystem further. Specifically, we present how two previously executed attacks can be "boosted" to result in a profit of 829.5k USD and 1.1M USD, respectively, which is a boost of 2.37x and 1.73x, respectively.
Full work available at URL: https://arxiv.org/abs/2003.03810
Recommendations
Cites Work
Cited In (9)
- Mitigating decentralized finance liquidations with reversible call options
- Routing MEV in constant function market makers
- How to exploit a DeFi project
- SoK: lending pools in decentralized finance
- A theory of Automated Market Makers in DeFi
- Are DeFi tokens a separate asset class from conventional cryptocurrencies?
- Differential privacy in constant function market makers
- Maximizing extractable value from automated market makers
- Speculative multipliers on DeFi: quantifying on-chain leverage risks
Uses Software
This page was built for publication: Attacking the DeFi ecosystem with flash loans for fun and profit
Report a bug (only for logged in users!)Click here to report a bug for this page (MaRDI item Q2145358)
