ValueDeFi flash-loan attack exposes critical lack of due diligence in DeFi

Nov 23, 2020 3 min read
News Article Banner Image

The decentralized lending market grew by 8% this week as the total borrowing volume reached $3.09 billion. Benefiting from the growth, Maker replaced Uniswap as the overall DeFi leader, with a 17% market dominance level. Compound, meanwhile, maintained its market dominance in the lending sphere, with a 55% share.

The weekly average trading volume of decentralized exchanges rose by 20% and reached $0.53 billion this week. While Uniswap maintained its trading volume dominance of 37%, its position as having the largest liquidity pool was replaced by its primary competitor, SushiSwap.

Flash-loan attacks proving problematic for DeFi

Flash-loan attacks have become a headache for the DeFi community as yield aggregator ValueDeFi became the fifth victim in only three weeks. Following the $34 million loss from Harvest Finance, there have been flash-loan exploits of Akropolis, Origin Protocol and Cheese Bank, with a loss of $2 million, $7 million and $3.3 million, respectively.

ValueDeFi suffered from a $6 million flash-loan exploit on Nov. 14. According to Emiliano Bonassi, a self-described white-hat hacker, the flash-loan exploit on the ValueDeFi protocol was more complex than previous attacks, as two flash loans were used. Hackers took out a flash loan of 80,000 ETH — worth over $36 million — and a $116 million flash loan in DAI from Uniswap to exploit the ValueDeFi protocol, resulting in a net loss of $6 million.

The detailed steps for the attack were illustrated on Bonassi’s Twitter account:

According to an analysis conducted by audit firm PeckShield, the root cause of the ValueDeFi protocol exploit was a bug in its “MultiStablesVaults,” which uses Curve to measure the asset price. Because of the bug, hackers were able to use flash loans to manipulate the price of 3crv tokens. After that, they could burn the minted tokens from the pool to redeem a disproportionate share of 33.08 million 3crv tokens, instead of the normal 24.95 million. Hackers then redeemed the 3crv tokens for DAI, which led to a $7.4 million loss in DAI. (The hackers did, however, returne $2 million to the core developers of ValueDeFi.)

Visit https://www.okex.com/ for the full report.

OKEx Insights presents market analyses, in-depth features, original research & curated news from crypto professionals.

Not an OKEx trader? Sign up, start trading and earn 10USDT reward today!

was originally published in OKEx Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

Popular news

How to Set Up and Use Trust Wallet for Binance Smart Chain
#Bitcoin#Bitcoins#Config+2 more tags

How to Set Up and Use Trust Wallet for Binance Smart Chain

Your Essential Guide To Binance Leveraged Tokens

Your Essential Guide To Binance Leveraged Tokens

How to Sell Your Bitcoin Into Cash on Binance (2021 Update)

How to Sell Your Bitcoin Into Cash on Binance (2021 Update)

What is Grid Trading? (A Crypto-Futures Guide)

What is Grid Trading? (A Crypto-Futures Guide)

Start trading with Cryptohopper for free!

Free to use - no credit card required

Let's get started
Cryptohopper appCryptohopper app
©2017 - 2023 Copyright by Cryptohopper™ - All rights reserved.