Chengdu Lian'an: Considering DeFi from the balancer event

Since 2019, DeFi has gradually turn into a hot spot for blockchain, and a lot of funds have begun to flood into various DeFi projects. Since the Synthetix project emerged, DeFi projects have sprung up in people's sights. Nevertheless , with the continuous development of DeFi, the security dilemmas of DeFi projects have grown to be increasingly more urgent.
In the recent event that Balancer was attacked, the attacker used the loophole developed by the combination of Balancer's fund pool and deflationary currency to steal $500, 000 in the fund pool. Less than twenty four hours later, the balancer was attacked again. The attacker used Compound's "borrowing is mining" feature to steal unclaimed Comp coins from the fund pool.

For the initial attack, we have already analyzed it before, and interested friends can move ().
About the 2nd attack, mcdougal thinks that the attacker's behavior is somewhere between squeezing wool and an illegal attack, and can not say that it's an illegal attack.
On usually the one hand, the attacker has indeed violated the concept of Balancer's contract design and used Balancer's code vulnerabilities to steal benefits that did not fit in with them.
But alternatively, the funds stolen by the attacker are not the main in the capital pool, however the profit generated by Compound's "borrowing is mining" feature, and even if the attacker will not attack, the Balancer contract it self isn't reasonable. Allocate this money to users.
This is just like the empty cartons produced every day in a supermarket. The business will not plainly stipulate dealing with it. Generally speaking, when it accumulates to a certain degree, a specific employee finds it and sells it, which employee benefits. At the moment, an outsider came. That he unearthed that these paper boxes could generate benefits, so that he applied for employees, and left the work immediately after trying to sell the paper boxes and went to another shop. Following the 2nd incident, the Balancer official did not make any relative repair measures, which indirectly shows the official attitude, the official may be more inclined for this is a kind of "sweeping wool" behavior.

And also this incident involved an overall total of three DeFi projects. Balancer, dydx and Compound.
What exactly is DeFi?
DeFi means "decentralized finance" in Chinese, and aims to make use of blockchain technology to perform the functions of lending, storage, and payment in old-fashioned finance, shorten the transaction time in financial transactions, reduce transaction fees, and solve problems such as for example transnational difficulties.
Currently the hot projects on DeFi include Compound, Maker, dydx, and so on, as shown in the next figure:

In DiFi projects, many of the tools of the traditional financial industry are directly moved to the blockchain, such as for example lending and storage. However the blockchain and the real world have become different, and their underlying logic is significantly diffent.
Like in neuro-scientific old-fashioned finance, "credit" is the fundamental condition of credit. Banks will rate someone's credit to determine whether or not they can lend to him. In the closed world of blockchain, due to the privacy of blockchain, addresses can not be associated with people, so there is no "credit" attribute. If you wish to achieve "credit", you'll want an oracle to acquire real-world information.
Nonetheless it is precisely due to the big difference between the blockchain and the real world that DeFi can realize some functions that can not be realized in the real world.
dydx lightning loan:
0 Mortgage loaned 30 million US dollars
In the initial incident of the balancer, the attacker used dydx to borrow $30 million, but without the collateral. This isn't possible in the traditional financial field. The borrowing methods in the traditional financial field use "asset mortgage" or "credit mortgage" as a means in order to avoid borrowing risks. Nevertheless , due to the characteristics of the blockchain, it could be achieved. The transaction is rolled back, so it's possible to reach 0 mortgage for large loans.
dydx allows users to produce a massive amount loans with 0 mortgage, and users only have to return the loan in a transaction. If the consumer will not return the loan following a transaction, the transaction will undoubtedly be rolled back and the money spent can be recovered, thereby steering clear of the principal risk. Although the loan must be came back in a transaction, the smart contract allows the consumer to execute multiple operations in a transaction. In this transaction, the consumer can buy a lot of a specific token at the lowest price, and then sell it at a high price. Even if the cost big difference is extremely small, considerable gains may be accomplished on the basis of a lot of principal. If it's placed in the traditional financial field, it really is broadly speaking difficult to make this happen kind of operation. But with dydx, anybody can get this "huge quantity of money".
You will find always two sides to the emergence of new things. While dydx flash loans provide ordinary people who have the possibility of using huge sums of money, it also provides help for hackers hiding in the dark. Just as Balancer was attacked for initially, when there is no dydx, hackers must raise a lot of principal in order to achieve the deflationary tokens in the fund pool, otherwise the attack will not be possible.
Balancer:
By charging
To control your own personal assets
In old-fashioned finance, users need certainly to pay management fees to a third-party management agency to balance their assets and protect their value. However the emergence of Balancer broke this example, asset owners can protect their asset value by charging fees.
Balancer allows users to determine their very own fund pool and put their different assets into the pool. If the selling price of different assets changes, the resulting price big difference will induce arbitrageurs to change in the fund pool, thereby making the funds in the pool This content of varied tokens reaches a balance. Arbitrageurs obtain benefits through arbitrage, and fund owners therefore balance the worth of these assets.
Assuming that you can find two tokens, DAI and WBTC in a fund pool, when DAI appreciates externally, the ratio of DAI to WBTC will undoubtedly be paid off, that'll induce arbitrageurs to convert their WBTC into DAI in this pool before funds The pool exchange ratio is equivalent to that of the external pool, making the DAI holdings in the fund pool increase and the general value decreases. When DAI depreciates externally, it'll induce arbitrageurs to convert the DAI in their hands into WBTC, simply because they held a lot of DAI earlier in the day, and when combined, the general value rebounded again. After continuous operations by arbitrageurs, a balance is definitely maintained in the fund pool.
Balancer's fund pool model isn't too problematic, but when encountering special tokens such as for example deflationary currencies or Compound, problems will arise. The core of the Balancer fund pool is the variable exchange ratio. Under normal circumstances, this ratio can change with the inflow and outflow of different tokens, so that the amount in the pool reaches a balance. Nevertheless , when encountering deflationary currencies or special currencies such as for example Compound, The incoming and outgoing data has errors with the data used to calculate the ratio. This error allows the attacker to attack and profit.
How exactly to view DeFi
It isn't difficult to see from the above two projects that DeFi isn't just a matter of moving the real-world financial system to the chain. Due to the big difference in underneath layer, DeFi may do many things that the true financial system can not do, such as for example zero mortgage lending, cross-border remittance and other very promising functions. But there's also great risks and problems that follow, such as for example how exactly to talk to the real world, ways to get government approval, and how exactly to solve security problems.
"Give me a fulcrum, I can move our planet. " In contrast to old-fashioned finance, underneath layer of DeFi relies on smart contracts, which are essentially programs. Programs have incomparable efficiency and convenience in old-fashioned finance, but there's also code vulnerabilities that old-fashioned finance does not need to take into account. If hackers find this type of "fulcrum" in the smart contract, they are able to easily leverage tens of millions of assets.
Therefore , Chengdu Lianan recommends that readers treat DeFi rationally, choose safe and promising projects for rational investment, execute a good job of research before investing, and become vigilant about undisclosed smart contracts and audit reports.

Comments

Post a Comment

Popular posts from this blog

台灣買比特幣在可怕的九月?

 比特幣價格有望打破低迷走勢。 儘管從歷史上看,BTC在9月份的表現平淡無奇,但如果當前的市場勢頭持續下去,2021年可能是這一趨勢的異常值。 台灣買比特幣在可怕的九月? 比特幣價格有望打破低迷走勢分析。 10多天來,比特幣一直在努力突破5萬美元大關。 然而,在9月1日。 2、溢價加密貨幣短暫突破里程碑,在市場上掀起積極漣漪。 從那以後,代幣跌破了關口,在49,000美元的範圍內交易,然後在9月9日反彈,再次觸及50,000美元大關。 3.。 由於比特幣的行為通常是周期性的,看看9月份的月度趨勢可能會揭示出價格的模式,這反過來可能有助於衡量下個月的前景。 從歷史上看,9月一直是BTC表現較為平淡的月份之一。 看看2013年以來的月度價格數據就會發現,代幣在8年內有兩次在9月份-2015年和2016年-出現了正增長,最高漲幅為6%,這可以認為是幾乎持平的。 克拉肯交易所研究部門克拉肯情報公司(Kraken Intelligence)的經理皮特·胡米斯頓(Pete Humiston)告訴台灣買USDT /BTC /ETH,這一趨勢可能對今年意味著什麼: “從歷史上看,9月是比特幣表現最差的一個月。 這就是說,在過去的三週左右的時間裡,它一直接近5萬美元。 如果比特幣突破這一具有重要心理意義的里程碑,它可能會重新激發投資者的興趣,並激發比特幣一路升至6萬美元所需的勢頭。 “。 事實上,比特幣在過去五年中有四年在9月份出現紅色,使其成為比特幣最慘淡的時期。 然而,自2月8日特斯拉首席執行官埃隆·馬斯克宣佈公司收購價值15億美元的比特幣,並開始接受比特幣作為支付方式幾天后,50,000美元大關被認為是比特幣資產突破這一關口後的重大阻力位之一。在此之前幾天,特斯拉首席執行官埃隆·馬斯克(Elon Musk)宣布,該公司已收購了價值15億美元的比特幣(BTC)。 本月初,令牌短暫突破這一阻力位,可能是該資產的積極跡象。 台灣買USDT /BTC /ETH與加密貨幣交易所OKEx的研究團隊OKEx Insight的高級分析師Hunain Naseer討論了當前的情況。 他說:“就目前情況而言,BTC在50,000美元以下的掙扎是多頭需要打贏的一場大仗,我們才能上看60,000美元。 從5萬美元到6萬美元的走勢可能比目前從4萬美元到5萬美元的走勢要快得多。 “。 S2F型號的...
Read more

Will interest rate swaps bring liquidity to DeFi?

Image
Interest rate swaps will not only make the DeFi ecosystem more complete and reliable, but additionally allow visitors to use predictable and stable cashflow to create services. Original title: "Science | Why DeFi Needs Interest Swaps" (Why Decentralized Finance totally needs interest rate swaps! ) Written by: Andrey Belyakov Translation: Min Min This article explains the significance of interest rate swaps (also referred to as "interest rate swaps"), particularly for the present DeFi field. We will elaborate on the next two points: First, interest rate swaps are an "average" expectation of future floating interest levels, which can be used to guage market conditions; second, the scale and need for the centralized swap market. We also gave examples of just how to use swap rates to arbitrage. Probably the most exciting part of this article is liquidity. The supply and demand of interest rate swaps result from market participants. Finally, this article introd...
Read more

Manufactured in China Defi could be the correct way to open financial Lego

Image
DeFi was previously a niche concept in China. On the list of countless WeChat groups based on cryptocurrencies which can be setup every day, few people use DeFi while the theme. Even yet in these activities, you will find hardly any cases of posting, chatting and throwing red envelopes. The specific situation is significantly diffent now. In view of the recent enthusiasm for agricultural production, DeFi has suddenly become "the hottest wool". These tiny WeChat groups are growing every day, attracting businessmen, miners and investors. They now wish to know: How do you get "farm income"? This week's soldier may have an in-depth knowledge of the real history and players of the Chinese DeFi community, and propose future development guidelines. Imported Defi DeFi isn't just niche, nonetheless it is really a bit too intellectual for the Chinese currency circle. For the general public to comprehend how DeFi works, they need to be experienced in complex financial ...
Read more