$96,519.00
2.14%$1,827.42
1.17%$2.15
1.20%$602.56
0.55%$146.13
0.91%$0.999901
-0.01%$0.17217
1.27%$0.678934
2.45%$0.243798
-1.46%$1,824.87
1.09%$96,330.00
2.18%$3.38
0.05%$13.95
2.59%$19.91
0.64%$0.261706
0.98%$8.73
0.90%$2,191.72
1.03%$0.00001282
0.87%$0.999854
0.00%$377.04
5.33%$3.00
-1.01%$0.176397
1.09%$91.76
10.53%$20.74
2.39%$3.96
1.13%$283.67
1.37%$1,826.29
1.10%$0.998604
-0.15%$4.31
0.24%$1.00
-0.01%$96,473.00
2.14%$1,947.79
1.15%$0.580069
-1.39%$28.15
-1.23%$0.00000802
0.98%$375.20
-0.08%$50.81
0.01%$4.79
-2.52%$4.93
-0.12%$1.00
0.00%$1.05
0.01%$2.31
-0.85%$0.869811
0.18%$0.092411
4.40%$21.47
-0.27%$174.33
0.62%$16.29
1.39%$4.63
0.31%$0.711069
-0.27%$29.80
0.44%$0.089696
-5.28%$4.31
-1.53%$10.94
-0.59%$0.02490554
-0.70%$0.998201
-0.21%$1.17
0.00%$96,183.00
2.19%$0.219595
-0.39%$4.14
1.67%$4.30
0.16%$0.692674
3.08%$0.199699
-0.89%$2.58
-1.71%$0.509924
-0.80%$0.270303
1.43%$0.998214
-0.10%$4.10
0.84%$2.36
-0.58%$0.307203
-1.28%$10.78
-0.19%$96,247.00
1.78%$0.00001695
-2.11%$0.952094
7.19%$86.85
2.94%$0.826686
5.75%$1.25
-0.52%$1,477.51
-4.07%$0.421647
-1.75%$0.0187845
1.39%$153.42
0.95%$0.071902
-2.05%$1,823.78
0.89%$0.693025
-1.76%$0.999818
0.01%$1,902.98
1.20%$1.025
-8.32%$3.78
2.39%$0.611752
-3.73%$0.198017
-1.75%$0.531217
-4.40%$1.47
-11.53%$0.680824
-0.33%$9.33
-0.29%$0.998024
-0.18%$15.32
1.57%$0.999395
-0.03%$0.090811
-0.78%$2,070.27
1.08%$3,386.49
0.44%$3,391.68
0.54%$0.999705
-0.01%$0.198015
-3.17%$601.91
0.42%$96,279.00
1.75%$188.41
0.82%$0.01552194
-0.87%$96,905.00
3.09%$161.69
0.94%$0.00007687
-0.86%$95,856.00
2.21%$36.75
-1.45%$0.01136256
-3.41%$0.712737
-1.98%$0.566672
-5.43%$0.705342
0.44%$0.782114
-0.01%$2.41
1.61%$1,946.67
1.12%$0.00000069
-1.94%$3.72
-1.92%$0.01514803
-1.11%$0.272838
-1.34%$0.111135
-1.62%$0.997908
-0.05%$1.98
-1.59%$0.998406
0.31%$37.87
4.85%$17.91
1.54%$0.01765224
8.17%$1.098
-0.93%$1,911.29
1.13%$0.369223
-2.20%$0.575637
2.47%$0.537474
-1.09%$0.293535
-2.87%$0.053202
1.32%$3.20
0.05%$100,794.00
5.02%$1.57
-2.93%$0.99829
-0.01%$0.00536157
-0.71%$96,454.00
2.09%$0.602864
0.71%$1,909.69
1.03%$0.9999
-0.01%$0.067492
0.71%$0.132955
-5.04%$110.95
0.01%$0.438286
-0.56%$0.0083326
-3.71%$0.9999
-0.01%$0.499694
-4.82%$0.392822
-3.21%$96,170.00
2.35%$1.27
2.48%$6.77
-2.95%$95,257.00
7.53%$0.171909
1.20%$0.174741
-5.59%$0.5618
-3.86%$15.17
-2.86%$0.00002097
-3.01%$1,826.46
1.09%$0.132585
1.97%$1.49
2.57%$0.00000041
-1.24%$0.155702
10.78%$1.085
-0.00%$1.001
0.06%$0.162115
-6.50%$0.406255
4.72%$1,945.34
1.08%$0.486888
-1.63%$0.00742382
-0.70%$1,826.78
1.22%$5.48
-0.47%$1.83
-40.95%$0.00555723
-3.51%$0.03916947
-1.63%$2.31
-1.07%$0.387295
-2.91%$1,826.57
1.18%$0.071519
-1.37%$1.48
-10.05%$1,825.03
1.34%$0.219999
-0.24%$32.53
0.68%$1.34
-3.09%$0.999901
0.07%$21.45
-0.72%$0.076817
-3.79%$38.69
0.00%$2.88
-4.77%$0.17041
-3.44%$0.00401317
0.22%$0.01748611
-0.86%$0.03379085
-4.36%$1,872.24
2.08%$0.346629
-2.83%$0.999768
-0.16%$0.00005853
-1.59%$0.999878
0.01%$1.00
0.02%$0.999048
-0.09%$0.759673
-1.95%$0.485864
-2.39%$96,410.00
2.09%$0.67705
-0.69%$0.00000149
2.95%$0.303067
4.19%$0.65588
-0.28%$20.73
2.41%$1,816.12
0.90%$0.262997
-4.49%$111.59
1.83%$97,223.00
3.31%$3,386.93
1.52%$0.00279848
3.31%$0.999744
0.01%$19.92
0.68%$2.44
-3.18%$1.12
32.78%$0.218854
-3.04%$0.128785
-3.77%$0.457365
-11.37%$0.189452
-3.04%$2.78
-0.98%$0.03087765
0.13%$1,934.71
1.08%$0.521661
-1.64%$1.097
-0.00%$21.19
-3.43%$3.15
8.52%$0.00000065
5.16%$0.252615
-3.32%$1,937.33
2.10%$2,005.22
1.18%$1.52
0.82%$0.99938
-0.01%$0.03502441
-3.71%$0.999744
0.05%$96,300.00
4.03%$14.70
0.41%$1,989.04
1.12%$0.999621
0.01%$1,826.22
1.06%$0.00263211
-2.68%$0.01197311
-1.31%Reading
A potential exploit in the decentralized financedecentralized finance (DeFi) ecosystem has been exposed and it won’t be fixed until noon on Friday. The reveal comes just days after two exploits used DeFi tools to take home $1 million.
Dominik Harz, a PhD candidate at Imperial College London, has posted a Medium post detailing the potential weakness. It’s focused on the concept of flash loans and the stablecoin Dai. While he has notified Maker—which runs Dai—the issue won’t go up for a vote until tomorrow. And in the meantime, $700 million is at risk.
A trader has again exploited a number of decentralized finance (DeFi) tools, to take home a large amount of Ethereum (ETH). After netting $350,000 on Valentine’s Day, he or she has now taken a further $645,000—a total just shy of a million dollars. The theft happened in the same way. A clever set of instructions—all executed in one big transaction—enabled the trader to leverage current weaknesses in the DeFi ecosystem for their own gain. By using several decentralized financial tools, and a smal...
“That attacker would be able to steal $700m worth of ETH collateral and be able to print new Dai at will,” Harz wrote. “This attack would spread throughout the whole DeFi space as Dai is used as backing collateral in other protocols.”
A flash loan is a new—and risky—concept in DeFi. It’s essentially the act of lending out money, without asking for anything held as collateral in case the loan is defaulted upon. The only reason that they exist is that the loan gets paid back, in the same transaction. This is possible because on Ethereum—the blockchain platform in question—transactions can be made up of multiple components.
Can an attacker use flash loans to attack @MakerDAO? Find out!
We quantify the required MKR and show that an attacker can increase his chances by:
- combining loans from @dydxprotocol and @AaveAave to increase liquidity
- oracle tampering on DEXshttps://t.co/CxzpUnUPCy— Dominik Harz (@dominik0_) February 20, 2020
So, in the case of the first DeFi exploit the other day, the trader made one big transaction that triggered a bunch of actions across various DeFi protocols. Within the transaction, they made a flash loan, used the money for nefarious goals, profited $350 million, and returned the loan. The lender is safe because they know that—due to the power of the blockchain—if the money doesn’t come back, the transaction is (kind of) reversed so it never happened in the first place. Either way, they keep their money.
Now, here’s how Harz argues that flash loans could be used to exploit Maker.
MakerDAO is a decentralized governance system that runs the Dai stablecoin. Holders of the governance token MKR vote on how Dai should be programmed. But it’s possible to exploit the governance system.
“The basic idea is to accumulate enough MKR tokens to replace the existing governance contract with the attacker’s, malicious, governance contract,” Harz said. “The malicious governance contract is then able to give the attacker full control over the system and withdraw any collateral in the system as well as create arbitrary amounts of new Dai.”
However, when this attack vector was suggested before, the idea was to crowdfund the MKR tokens needed to carry it out. And that’s where flash loans come in. They make it much easier for an attacker to build up a large supply of MKR tokens—and use them to take over the system.
Not only can they use a flash loan to buy a large amount of MKR, but they can also use flash loans to manipulate the price of MKR—in the same way as the recent DeFi attacks. With a cheaper MKR price, it becomes much easier to snap up more coins.
Harz said that this strategy could be used in combination with a crowdsourcing strategy for maximum effect at a low cost. Maker is set to vote on a solution to stop flash loans from affecting the governance mechanism tomorrow—but the clock is ticking.
A new layer-1 blockchain focused on privacy and mining accessibility is now live with the launch of Tari mainnet. Led by a group of former Monero developers, Tari’s mainnet follows the network’s testnet launch in September 2024, placing it in a crowded field of layer-1 networks that includes heavyweights like Bitcoin, Ethereum, and Solana. But the developers see Tari differently than the pack. “Our hot take: Existing chains are missing key ingredients needed for them to succeed in becoming the...
Solana network validators narrowly avoided catastrophe, rolling out a patch that killed a bug in a program that could have allowed exploiters to mint certain tokens in unlimited quantities—or withdraw them from any account. The vulnerability, which would have only affected Token-22 confidential tokens, was found in the ZK ElGamal Proof program, which certifies encrypted balances and verifies the accuracy of zero-knowledge proofs. “In the on-chain ZK ElGamal Proof program, some algebraic compon...
In a demo transaction, developers from smart contract operating system BitcoinOS (BOS) claim to have sent 1 BTC from a Bitcoin wallet to a Cardano wallet and back without relying on traditional bridge infrastructure, touting it as the first "bridgeless cross-chain transfer." "Crypto users don't use BTC beyond the existing functionality," not because they value simplicity, but because "they don't have any other options," Edan Yago, co-founder and core contributor at BOS, told Decrypt. Compared t...
