Attacking the DeFi Ecosystem with Flash Loans for Fun and Profit

DEFI news has been all over the place recently driven by the fact that the amount stored in protocols has reached the $1B dollar milestone not so long ago, but not to forget the recent hacks and surprises. Ethereum 2.0 and staking will most probably also raise awareness and result in great use cases and innovation.

Let's take a deeper look then into the actualities, which we hope all of us will benefit from!

We have decided to organise a series around the topic and invite top tier experts from both the academic and the protocol side, so we can understand better what is happening and where we are headed.

At the next meetup, we are going to explore from both the academic and the actual protocol side the story of flash loans.

Our first guest is Kaihua, a Ph.D. student supervised by Dr. Arthur Gervais at Imperial College London. He is interested in security and privacy in the area of blockchains and cryptocurrencies. Prior to Ph.D., he obtained his MSc in communications and signal processing from Imperial College. He also has three years of professional experience as a software engineer in Cisco.

The most recent paper about DeFi can be found here:
https://arxiv.org/pdf/2003.03810.pdf

Make sure we all review this paper, so we can question accordingly!

Here is the abstract as a teaser:

"Credit allows a lender to loan out surplus capital to a borrower. In the traditional economy, credit bears the risk that the borrower may default on its debt, the lender hence requires an upfront collateral from the borrower, plus interest fee payments. Due to the atomicity of blockchain transactions, lenders can offer flash loans, i.e. loans that are only valid
within one transaction and must be repaid by the end of that transaction. This concept has lead to a number of interesting attack possibilities, some of which have been exploited recently (February 2020).
This paper is the first to explore the implication of flash loans for the nascent decentralized finance (DeFi) ecosystem. We analyze two existing attacks vectors with significant ROIs (beyond 500k%), and then go on to formulate finding flash loan-based attack parameters as an optimization problem over the state of the underlying Ethereum blockchain as well as the state of the DeFi ecosystem. Specifically, we show how two previously executed attacks can be “boosted” to result in a profit of 829.5k USD and 1.1M USD, respectively, which is a boost of 2.37× and 1.73×, respectively."

From the protocol side, we have Emilio Frangella, one of Aave’s core engineers with 15 years of experience in software development. He got interested in crypto in 2017 after a 10 years long career in traditional banking institutions, and he is now contributing to shaping the future of DeFi.

Today Emilio will introduce Aave, an Aave Protocol, the open-source protocol for money market creation on Ethereum with innovative features such as Flash Loans, the first uncollateralized loan option in DeFi. Flash Loans allow developers to borrow instantly and easily, no collateral needed provided that the liquidity is returned to the pool before one transaction block ends. Flash Loans lower the barrier to entry, since they do not require any capital to be able to borrow. However, in the wake of events where Flash Loans were leveraged to exploit, we must consider their role in the larger DeFi ecosystem.