Cream Finance Suffers Second Flash Loan Attack - What Can We Learn From It?

發佈於 Sep 28, 2021 | 部落格

cream-hack-abstract

Cream Finance (also known as C.R.E.A.M. Finance), a decentralized finance (DeFi) protocol, suffered another devastating hack at the end of August, resulting in the drainage of over $34 million worth of AMP and ETH. This is the second flash loan attack the decentralized borrowing and lending platform has experienced this year, and follows its $37.5 million loss in a flash loan attack in February. 

With the increasing frequency of these kinds of attacks in the DeFi world, this article investigates what happened and what lessons institutional investors and custodians can learn from the hacks. 

The Cream Finance team confirmed in a tweet on September 1, 2021, that 462,079,976 AMP tokens and 2,804.96 Ether had been stolen from the platform. According to Cream Finance Product Manager, Eason Wu, the catalyst for the incident was the flashlending of AMP tokens. AMP token contracts allowed for a reentrancy attack. A flash loan attack was the same method that was used in the infamous DAO attack in February 2020. 

Cream Finance has since paused the supply of AMP tokens and has stated that the stolen AMP and ETH will be replaced. It also allocated 20% of all protocol fees to repay customers. 

Flash Loan Attacks On the Rise: What Are They?

Flash loan attacks have become an increasingly popular way for hackers to gain access to DeFi platforms. This method of attack first came under the spotlight in February 2020 after a hacker infiltrated the margin trading protocol bZx in two hacks, one after the other, relieving bZx of $350,000 followed by $600,000, within five days of each other. 

According to DeFi Pulse, prior to the breach, bZx was listed as the eighth biggest DeFi platform, while at the time of writing, it now sits at number 73. The increasing popularity of flash loan attacks illustrates the mushrooming exploitation of thieves and hackers of the relatively nascent DeFi world. 

But, what exactly are flash loan attacks and what does their increasing prevalence mean for the DeFi world? 

How Do Flash Loan Attacks Happen?

In DeFi projects, participants are unknown to each other and lending is done based on collaterals. This, coupled with the volatile nature of all cryptocurrency, means that most DeFi platforms will only let you borrow 75% of your total collateral. If the price of the asset you collateralized starts to drop against the market price, the smart contract behind the DeFi protocol will sell it at a certain spot price to protect the loaning parties. 

In order for a DeFi credit market like bZx to run properly, they have to know the value of the collateral, which they get from pricing information on cryptocurrency exchanges. But the trouble with this is that this information is often not consolidated; one exchange’s pricing information for a token can be completely different to another exchange’s.

Unlike traditional markets, where trading of a company’s stocks or shares, like Apple, is limited to one regulated exchange, say the Nasdaq, in the cryptocurrency world, almost anyone can start their own exchange. The resulting price discrepancies between crypto exchanges provide the opportunity for flash loan attacks.

Flash loans were first released by DeFi protocol Aave in January 2020 and subsequently by bZx the following month. Flash loans allow borrowers to take out loans without collateral. As the name implies, flash loans are paid back quickly - in the same on-chain transaction in which the loan was taken out.

Opportunistic traders arbitrage the money borrowed from the flash loan and return the money to the lender quickly, while keeping the profit they made. In addition to this, there is almost no risk involved for the borrower as all transactions on Ethereum smart contracts are settled atomically, meaning all transactions are settled, or none are. So, if the trader can’t pay back the loan they don’t lose anything because according to the smart contract code, a transaction never occurred - if the network detects that the loan can’t be instantly repaid it will block every transaction associated with it, effectively cancelling the whole thing.

How did the Cream Finance flash loan attack happen?

The Cream Finance hack occurred because of a bug in the ERC 777 smart contract code. While taking out the flash loan, the hacker performed a re-entrancy attack, which allows them to withdraw funds repeatedly in a loop before the original transaction is approved or denied or the funds are returned.

What Can Be Learned From The Cream Finance Attacks?

The first Cream attack involving $29 million happened in early 2021. Luckily, no user funds were affected. The attacker utilized an unreleased version of a contract from fellow DeFi protocol Alpha Finance to withdraw $37.5 million. Specifically, the hack exploited a whitelisting feature and rounding miscalculation in its code, stole the funds, and sent them to Tornado.cash to obfuscate their transfers. You can learn more about the exact specifics here.

The second attack deftly further exploited flash loan vulnerabilities, highlighting the ever-evolving complexity of the DeFi space and how any additional variables and changes could open a whole new pandora black box of security threats for companies. 

One of the most obvious lessons that can be learned by the DeFi industry from these attacks is that relying on exchange price data with huge discrepancies is one of the underlying issues that has contributed to the proliferation of flash loan attacks. 

In response to the hack, CEO of Chainlink, Sergey Nazarov, stated that it’s important “not [to] use [a] single specific exchange as a price feed”. He continued by saying that “if it becomes thinly traded, people look at [it] and they say, ‘Okay, this is how I’m building a product against this market or against that piece of data’”.

The reentrancy bug in Cream’s code is a major problem as well, significantly contributing to the occurrence of the second attack and certainly raises industry eyebrows. Cofounder of cryptocurrency wallet Zengo, Tal Be’ery, stated that DeFi platforms need to develop a firewall application to filter out malicious requests that exploit their underlying code.     

However, Nazarov further stated that you can have all the code auditing in the world but if your pricing is based on poor data, failure is inevitable.