Crypto Protocols are based on code built by developers who are looking to empower individuals in DeFi, and there are a variety of tools and functionality that have been made available in support of this. One tool that is often used by sophisticated investors is a flash loan. Flash loans allow users to access funds at magnitudes greater than the initial principal invested because a set of DeFi transactions are completed, and the loan is paid back, within a single block chain transaction. Since the borrow and repayment are within the same transaction, the provider of the loan can give the user access to large amounts of funds at low/zero risk and low cost to the user.
AMM Protocols, since they are based on code built by developers, may have flaws or weaknesses. Very clever individuals are able to combine the code flaws and the flash loan functionality to execute what is known as a “flash loan attack”. In a recent series of flash loan attacks on Binance Smart Chain, attacker(s) were able to manipulate the AMM protocols’ understanding of coin prices and the market value of these coins, yielding significant gains for the attacker(s) when they sold off the coins they were able to collect.
In other words, the attacker artificially devalued the coin within the AMM, swapped it, and sold it at the now higher market value, all in one transaction; which also happened to depress the price of the coin in the overall market. By using flash loans and completing this exploit in a single block along with multiple other transactions, arbitrage bots and other market participants are not able to correct or take advantage of the discrepancy in the price feed and the manipulated feed is only useful to the attacker.
This attack is not victimless. Unfortunately all those who provided liquidity for the pool of coins which the attacker used will soon find that when they try to redeem their LP (liquidity provider tokens) there are not enough coins to fill the LP demand. This is because the flash loan attack took place before stability could be achieved and this is where investors experience both a material loss and an emotional loss of trust.
Pharo can cover these lost LP tokens.
Pharo can reconstitute trust.
Pharo flash attack cover buyers would be protected from this type of potential loss, allowing them to hedge in otherwise risky AMMs or volatile coins, and feel confident about their DeFi positions.
For those interested in a more technical discussion, the attacks all exhibited the following behavior.
- Execute a series of transactions in a single block, not via a UI, but interacting directly with the target protocol contract and flash loans provider.
- Use flash loans to access large amounts of tokens, and deposit those tokens into liquidity pools to temporarily depress or inflate that token’s price.
- Redeem more LP tokens than originally deposited, since their value has now been depressed.
- The Protocol is now left with an insufficient balance of LP tokens, as compared to remaining rewards owed or LP tokens outstanding.
Pharo can verify the flash attack loss by observing that the total withdrawable value from the pool is less than redeemable LP Tokens. Pharo would monitor this event using the real time oracle associated with the AMM protocol’s target pool.
How do you understand Flash Loan Attacks and how would you write the Pharo? Let us know!
