Flashloan Attacks

[odyslam]

• Inverse Finance
• Cream Finance

Description

The general flow of these attacks seems to be the following:

• Use large capital to buy various tokens in pools and leverage flashloans to leverage the position even further
• Get loans against the inflated positions which are much larger than the original capital
• Due to the use of on-chain oracles, they show an inflated value of the tokens because of sudden surge of capital (which is temporary due to the flashloas)
• Pay buck flashloans and default on positions
• Get away with all the collateral

Notes

Inverse Finance

• Attacker manipulated the oracle price by swaping via a private mempool so the oracle is not brought back down at the next block, but at the N + 2 blocks (since they would see it at N + 1)
• Attacker made sure to attack at N + 1 block since the oracle would use the price from N (inflated)

Possible Assertion

Oracle MUST NOT diverge more than X, where X is some rolling average

[makemake-kbo]

basically the only way to get a divergance within an assertion is to either to read on chain chainlink price data or calculate twap/vwap with cheatcodes?

[odyslam]

Another idea I had during devcon is using gas metering to basically see if some transaction is much more expensive than what you expected it to be?

[czepluch]

You mean because the amount of calculations/computations in a tx is higher than in a tx with a regular swap?

[makemake-kbo]

Another idea I had during devcon is using gas metering to basically see if some transaction is much more expensive than what you expected it to be?

this would break batching/smart contract wallets no?

[odyslam]

@czepluch yeah

@makemake-kbo dunno. maybe there is a threshold where it's very safe to say it's a flash loan