BTC0.020
ETH0.020
HTX0.020
SOL0.020
BNB0.020
BTC0.020
ETH0.020
HTX0.020
SOL0.020
BNB0.020
The bZx incident triggers thinking on the risk management of DeFi platforms
Soteria
2020-02-20 06:33
本文约1615字,阅读全文需要约6分钟
The assets on the DeFi line have a narrow scope of use and can only be traded, invested, and borrowed, and their liquidity is low. This is one of the main reasons for the profit of the dZx event manipulator.

Image source: Internet

Image source: Internet

So far, although there are still different opinions on the specific operation process of this manipulator, so we only focus here:

1. The manipulator borrowed 10,000 ETH without collateral by setting up a smart contract on the DYDX platform through Flashloan;

2. Use 5500 ETH to lend 112 wBTC on Compound;

3. Borrow 5637.6 WETH with 1300ETH as collateral on bZx and sell short, increase the exchange rate of WBTC/WETH from 38 to about 109, and then exchange 51.3 WBTC in KyberSwap+Uniswap according to this exchange rate.

4. Sell WBTC to WETH on Uniswap, the average exchange rate is 61.4, and then complete the dYdX smart contract and return 10,000 ETH, and the remaining ETH is the profit of the manipulator, worth about 350,000 US dollars.

What is shocking is that the entire loan and repayment process must be completed within 13 seconds, that is, within one block. In other words, this complex operation process is completed between lightning and flint.

A group of friends in the magic piper technology development community said that the money can be transferred in ten seconds, and the credit loan can be used in this way. Intuition does not work!

We consulted Mr. Jiang Xuxian, an expert group friend, and referred to his professional articlesbZx Hack Full Disclosure (With Detailed Profit Analysis), to roughly figure out the above manipulation process, however, we still have a lot of questions, and a lively discussion on these issues has started in the Soteria community:

Soteria SSDE development community notes 2020.2.18.

Su Boming-Financial Grand View Garden: bZx smart contract problem: When the exchange price of Uniswap WBTC/ETH was manipulated from 38 to 109.8, the collateral on bZx should be insufficient, and the position should be liquidated, but the bZx smart contract does not have any protection measures that require additional collateral. There is also no liquidation action, which is a hidden problem.

Claire: Manipulators complete such complicated operations between flashes and flints. Those hackers who understand finance and programming really feel like they are in no one's land now. They are nothing but white wolves...

Su Boming-Financial Grand View Garden: (Such people) there are no more than 10 in the world, right?

Claire: It feels like DEFI people are playing games! The exchange rate increases several times in a few seconds, and then uses this exchange price to find you to exchange. Artificial intelligence should not respond at the current stage, right? At this time, Kyberswap should trigger further inspections. People will stop and think about it, will artificial intelligence do it?

Su Boming-Financial Grand View Garden: I think that the risk management of DeFi financial assets is not done well. The main contradiction is that these assets are all online assets, and the scope of use is very narrow. They can only be traded, invested, and borrowed. To put it simply, this DeFi risk management is not benchmarked against traditional financial institutions. The main contradiction is that there is no way for assets to be on-chain. As long as assets are not on-chain, risk management cannot be connected with traditional ones.

Claire: Manipulators take advantage of the lack of liquidity to raise the exchange rate and then exchange and ship.

Su Boming-Financial Grand View Garden: Yes, I understand that too. But if you think a little more, the assets on the chain are not perfect, so there are so many loopholes in price issues.

Wisdom into Gold Capital - Lin Jian: We are now only using blockchain transactions as a primary and a half market for capital.

Claire: Low liquidity and narrow application range are one of the reasons why the exchange rate can be raised in a short period of time. The DeFi platform also allows unsecured loans. . .

Su Boming-Financial Grand View Garden: I wrote in an article that I have you in me, and you have me in you, which is to get along well with traditional financial institutions, otherwise we can’t play with them.

Claire: This is a platform risk management issue.

(full text)

(full text)

Note: 【1】bZx Hack Full Disclosure (With Detailed Profit Analysis)

DeFi
Soteria
作者文库
推荐文章
Coinsidings 2.0 makes every trip you take a chance to make a fortune
an hour ago
Coinsidings 2.0 makes every trip you take a chance to make a fortune
Lazy Man’s Financial Management Guide | Huma 2.0 reopens; BounceBit launches USD1 incentive campaign (June 9)
8 minutes ago
Lazy Man’s Financial Management Guide | Huma 2.0 reopens; BounceBit launches USD1 incentive campaign (June 9)
24-hour reversal! Musk just extended an olive branch, and Trump declared the "relationship is over"
40 minutes ago
24-hour reversal! Musk just extended an olive branch, and Trump declared the "relationship is over"
Non-agricultural data slightly exceeded expectations, ushering in a wave of profit realization, BTC consolidated at a high level (06.02~06.08)
15 minutes ago
Non-agricultural data slightly exceeded expectations, ushering in a wave of profit realization, BTC consolidated at a high level (06.02~06.08)
Cryptocurrency and US stocks are going both ways. Check out the 8 major securities tokenization trading platforms
32 minutes ago
Cryptocurrency and US stocks are going both ways. Check out the 8 major securities tokenization trading platforms
From bearish to 3 times increase at opening, Circle IPO's big turnaround
06-06 02:57
From bearish to 3 times increase at opening, Circle IPO's big turnaround