Trader Exploits bZx Oracle for $330,000 Profit

By February 15, 2020 DApps
Click here to view original web page at cryptobriefing.com

A trader took full advantage of bZx’s use of Uniswap as a price oracle by crashing the price of wBTC on Uniswap after opening a 5,000 ETH wBTC short on the platform.

Breaking Down the Trade

What started as just another day in DeFi has ended in an episode of drama and reflection. A trader used the flash loans functionality to profit off bZx’s use of Uniswap as an oracle.

bZx uses Uniswap prices for its internal products. This particular trader took a 10,000 wETH flash loan from dYdX and split the corpus into two: one half was deposited into Compound and the other half into bZx’s Fulcrum protocol.

The Compound portion of the deposit was used as collateral to borrow 112 wBTC and the 5,000 wETH deposited into Fulcrum was a long position perpetual swap on sETH/wBTC, as per the transaction details from EtherScan.

112 wBTC was then dumped into Uniswap. This caused a major decrease in Uniswap’s wBTC price as this accounts for 14.6% of the total supply for wBTC. As a result, this trader pocketed just over $1 million in revenue as the sETH/wBTC price went up due to bZx’s reliance on Uniswap for prices.

wBTC was likely chosen by the trade because of its low supply and liquidity in the market. This translated to a steeper decline in price.

This trader was left with close to $690,000 worth of debt, and after paying off the 10,000 wETH loan, they walked away with close to $330,000.

Even after being hit with massive slippage from the sale of a chunk of wBTC, the trader still came out of the trade victorious. Net profit for Uniswap liquidity providers fell as a result of this, and this was the highest volume day for Uniswap’s wBTC market since the DEX’s inception.

Source: ZumZoom

Oracle Deficiencies Come to Light

The DeFi community has constantly discussed the possibility of using Uniswap as a resilient, permissionless price oracle for protocols and dApps. However, the risk of using a single source of truth for a protocol opens it up to incidents like this, where oracles are exploited for profit.

ChainLink, for example, draws the price of an asset from multiple sources. If bZx had used ChainLink, Uniswap’s wBTC price would’ve accounted for just a portion of the total price. Other sources such as Kyber, Switcheo, IDEX, and Bitfinex would also have been used.

To conduct a similar attack on a network that uses multiple price inputs, one would have to force the price of an asset down across the various exchanges from which price inputs are taken.

Oracles are a critical piece of infrastructure for permissionless systems. Protocols like ChainLink help streamline this process and ensure price manipulation on one platform does not meaningfully affect the end result for their clients.

It’s important to note that this wasn’t a hack or unethical move of any sort. The trader simply found an exploit and gamed the bZx protocol. Decentralized systems need to be robust on their own, without human intervention.

Incidents like this will only push DeFi protocols to implement better standards. This one event will go a long way in improving the overall robustness of DeFi.

Leave a Reply