A Quick Walkthrough of 1H2020 Major Defi Development and Attacks

The author of this series is Rong Lin, Senior Vice President and Head of Lending & Payment of Matrixport. She formerly worked as Vice President for Deutsche Bank Global Markets department, specializing in structured derivatives in FICC (Fixed income, currencies and commodities), and also Senior Manager of Ant Financial where she was the core leading member for its blockchain for cross border remittance network.

Ask me where you could see most creativity and excitement in blockchain finance over the past year. The answer would of course be Decentralized Finance, or “DeFi”

DeFi projects deploy contracts on a decentralized blockchain network and conduct financial services in accordance with coded rules. Each project can be seen as an open and transparent financial institution, or let’s just call it a “bank”.

Each of these “banks” currently employs only a few to 20 or 30 employees. However, their “savings balances” have grown rapidly, reaching a total of over $1 billion 1Q 2020. Even after the historic market turmoil of March 2020, it has now quickly recovered. The number of users has also grown from zero all the way to 50–60 thousand.

This may not sound a big number for the traditional finance world, but consider that blockchain finance is still at a very early stage — out of a global population of 6 billion people, there are only an estimated 20 million or so people who own any cryptocurrency. The growth trend in the number of users is close to that of the Internet in the early 1990s.

Let’s take a look at the development of the four representative projects in the first half of 2020, review the issues to be solved in Defi world and discuss what changes, in essence, can decentralized finance bring to the traditional centralized finance (“Cefi”) world. These four projects all involve lending business and deploy smart contracts on Ethereum (ETH) blockchain network.

January

“15-Second Loan” — Aave Flash Loan Goes Online

In traditional finance, banks give you a loan, usually either by investigating your credit conditions or by requesting you to provide collateral.

With flash loans, neither of these are needed.

Even if you’re bankrupt in the traditional world, you can borrow a large amount of money from a “bank” such as Aave. How can the bank guarantee that you’ll pay the money back then? The answer is that you need to pay back the money before the next ledger recorded on the bank’s system. Otherwise, the system will declare that the action of borrowing itself and what you did with the money, as invalid. That’s right! The money, and your operations, are all on the network only anyway. It’s just a system log.

The “banks” mentioned here all use the Ethereum network for their underlying ledger system. On average, it takes about 15 seconds to register a block and record a series of transactions. So that’s a more or less 15-second loan.

What can a 15-second loan do?

Data shows that many users use it for arbitrage or to debt refinance.

“Flash Loans” have been operating for a while now. In February, they suddenly became well-known because of a clever attack.

Someone found a loophole in a leveraged trading protocol called bZx, where the step of checking the latest price and seeing if you have enough margin before placing an order was skipped. With that, you can use relatively little amount of money as margin to manipulate the market price. And that’s how the attack began.

To put it simply, the hacker first borrowed from another project that offers flash loans a large sum of money (it was ETH, which can be considered the standard currency on the Ethereum network). One part of it served as collateral to borrow and hoard a not-so-liquid asset called WBTC. Another part went to the aforementioned problematic platform as margin to leveraged buy WBTC, driving up its market price. Then, the attacker sold the WBTC he had hoarded earlier at a high price, repaid the flash loan, and was left with a profit.

The attacker came empty-handed, then borrowed money into a stash. Next, he artificially inflated the goods price, and then sold at a higher price to pay back the loan. Within 15 seconds, he earned $360,000, and then disappeared without a trace.

February

“Principal Protected Lottery” — PoolTogether Receives Investments

The PoolTogether project came up with a game: you can pay one dollar to buy a lottery ticket and be promised that after a few days, the dollar will be returned to you. What kind of prize can you win with such a lottery? The total amount of all tickets sold will be deposited in a bank to earn interest. When the day of the drawing arrives, the interest is given to the random winner.

If you had met these people on the street, you might worry that they were frauds. But this is the world of the blockchain.

PoolTogether automatically executes this lottery logic in the form of open source code, making every move transparent and subject to everyone’s review. (There are some issues we’ll get to later, of course.)

Is it possible to have a digital “dollar” to place orders online? Yes. They integrate the stablecoins DAI (MakerDao) and USDC, which are pegged 1:1 to actual dollar.

Is it possible to have a digital bank to deposit money, generate interest, and provide a deposit certificate in real time? Yes. They integrate with Compound, a DeFi star project that provides deposit and loan services.

PoolTogether also uses the dealer Uniswap to provide currency exchange service, the protocol Aragon DAO for auditing, and they plan to integrate with Chainlink to provide better random numbers to select winners…

What does it imply?

It’s like even when you’re nobody with little business, the e-checking system of JPMorgan Chase, the deposit service system of Wells Fargo, the foreign exchange service of Citibank, and the auditing services of the Big Four accounting firms… all welcome you to freely connect to. They provide support for your projects and tell your clients the ins and outs of every transaction. Open, transparent, tracible.

In the traditional world, the basic financial service are practically monopolized. While in the blockchain world, they’re now deployed as ready-made modules, each like building blocks, or in Defi jargon, “money legos” for you, allowing you to stand on their shoulders, put your limited resources into your most creative area and provide a variety of financial service for all.

March

“Bid ETH at $0” — MakerDAO’s insolvency

The MakerDAO project involves the logic of “collateralized lending”. Similarly, in physical world if you mortgage a house, you can borrow cash at a discount based on the value of the house. Or more close in nature is the Repo products in traditional finance. i.e. you use liquid assets such as equity, government bonds, gold and commodities etc as some type of pledge to borrow cash.

In MakerDAO, you can pledge digital currencies such as ETH, with a discount according to the market price, to get the project’s own USD stablecoin called DAI. The target price of every DAI is one dollar. In order to prevent the price of the collateral from falling too much and then not worth enough to repay the loan, liquidation rules were set: if the ETH market price falls to a certain level and you do not add collateral or repay the loan in time, you lose the collateral. The system then allows someone else to take it and auction it off to repay the loan.

The system went relatively well for quite some time until the Black Thursday. On March 12, the price of ETH plummeted, and some collateral auction process triggered. In the end, about $4 million in ETH was auctioned away at $0.

What went wrong?

If we take a closer look at the description of the product rules above, there are three major points requiring special attention for such collateralized lending products.

Firstly, “market prices” — how the market prices are determined, or what are known in blockchain as “Oracles”. For example, the rule says that if Ethereum drops to $120, you will lose your collateral. But who defines whether Ethereum price at this time is $121 or $119? MakerDAO uses the median value of multiple data sources to transmit prices through the blockchain network. However, during the market crash, the entire network was congested, making it impossible for market prices to transmit updates in a timely manner.

Secondly, “auction” — that is, the mechanism of collateral liquidation. MakerDAO had several problems with the collateral liquidation mechanism.

One problem was that the DAI issued by the project itself must be used to buy collateral during the auction, yet DAI’s liquidity dried up during market turmoil. There wasn’t much market liquidity for Dai to begin with. Then, in the panic of the crash, no one was willing to pledge ETH to make new DAI. Instead, a large number of DAI loans were returned, resulting in the drying up of DAI liquidity in the entire market. The original goal was to exchange USD at 1:1, but at that time the price rose to 1.12 USD.

The second problem is the design of the auction mechanism used in the liquidation on the blockchain: the auction starts at $0. You submit the auction price on the Ethereum blockchain, and if no one bids a higher price within 10 minutes, you win the auction. At that time, the network was congested, and the fee for posting transactions on Ethereum was at least 10 times higher than normal. So users, who pay the normal fee to participate in auctions, could not submit the price in time.

Therefore, someone paid a relatively high commission fee, submitted a successful bid price of 0 DAI, bought nearly $4 million of ETH which, of course, worth even more now, and the whole system went into insolvency.

Third, the “collateral” — whether this “bank” can guarantee the safe custody of the collateral you put in it. Nothing actually went wrong with MakerDAO at this time. But next, we’ll introduce the attack that was carried out against it.

April

Stealing While Saving — $25 Million Stolen from Lendf.Me

On April 19, the decentralized lending project Lendf.Me was attacked by a hacker who took all the assets in the project, which amounted to nearly $25 million. Of course, very dramatically, the hacker later returned all the money.

How did he do it?

To put it simply, it starts with Lendf.Me’s “supply” collateral’s balance update design.

When you want to go to this “bank” to deposit money, your bookkeeping registration method is coded by the system. At the deposit counter, your account balance is calculated as follows: (the numbers in the circles are examples)

At the withdrawal counter, the account balance is calculated as follows:

But when taking deposit, people think it’s best to intersperse it with some other operations. For example, before confirming the deposit , you first go to the anti-money laundering center to make sure the address the money came from is not the address of someone who robbed a bank. So Lendf.Me adopts an improved standard on the network and supports calling external operations on a compatible basis with the original logic.

It was this feature that was targeted.

Because the operation called by the hacker was to withdraw money.

Let us solve a problem:

Your account starts with 5 dollars, and then you go to the deposit counter to deposit 1 dollar. During this process, you run to the withdrawal counter and take out 2 dollars. What should the final balance be?

The result is that Lendf.Me in the end still registered 6

We know the answer should be 4. But during the whole process, even though the withdrawal counter registered the withdrawal action, the final confirmation was made on the deposit counter, which was only told that the calculation method is: balance at the time of deposit + money deposited. So, 5+1=6.

There’s no problem with the separate processing of depositing and withdrawing money. But when called together, and with no logic to prevent malicious actions, that’s where it went wrong. The hacker took advantage of this and kept taking out this bank’s assets until all the money was gone.

What’s especially regrettable is that this hacking method, which we call a “re-entry exploit”, had already happened in Ethereum a long time ago. Even the day before the attack, people had already seen the loophole and had reminded the team. Unfortunately, it wasn’t handled very well.

Of course, the hacker then very dramatically returned the money. He even added a “better future” message for everyone. But it wasn’t because of some special magic, just that the identity of the hacker was revealed.

By the way, this improvement that can be used for external calls is a key difference between the token standard that Ethereum calls ERC777 and the ERC20 token standard. ERC20 is the standard adopted by most of the tokens in the “ICO” bubble that people have been hearing about for the past two years. Everyone uses the same standard API standard. No matter how many new assets are added and what each asset represents, access to various service providers like wallets, exchanges, etc. becomes very simple. It offers something great for open finance: standardization.