Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
金錢樂高遊戲的潛在風險 : 從 DeFi 攻擊事件簿中可以學到什麼?
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
charles
August 02, 2020
Technology
270
1
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
金錢樂高遊戲的潛在風險 : 從 DeFi 攻擊事件簿中可以學到什麼?
charles
August 02, 2020
More Decks by charles
See All by charles
The intersection between open-source and blockchain : Trust and Consensus
charlesj
0
79
Other Decks in Technology
See All in Technology
AIネイティブな開発のサプライチェーンリスク対策 〜激動の開発現場でリスクに立ち向かう〜【ZennFes】
cscengineer
PRO
2
160
あなたの知らないPDFのアクセシビリティ
lycorptech_jp
PRO
0
240
サイバーエージェントにおけるAI推進戦略と変革への取り組み
shotatsuge
0
530
脱SaaS!FDEを支えるプロビジョニングと分離設計
knih
0
300
水を運ぶ人としてのリーダーシップ
izumii19
4
990
SteampipeとExcel Power QueryでAWS構成定義書の作成を自動化する
jhashimoto
0
180
フルAIで個人開発して学んだあれこれ / yuruai vol.1
isaoshimizu
0
110
MUSUBI 田中裕一『AIと共に行う「しごとのリデザイン」- スモールバックオフィス編』AI Ops Lab #4
musubi
0
310
入門!AWS Blocks
ysuzuki
1
180
OTel × Datadog で 「AI活用」を計測し、改善に繋げる
shihochan
2
630
[AWS Summit Japan 2026]迷っているあなたへ_小さな一歩が、やがて自分を助けてくれる
sh_fk2
2
400
AI 不只幫你寫 Code: 當專案從 300 暴增到 1500, 我們如何撐住 DevOps
appleboy
0
220
Featured
See All Featured
Done Done
chrislema
186
16k
Ruling the World: When Life Gets Gamed
codingconduct
0
260
The #1 spot is gone: here's how to win anyway
tamaranovitovic
2
1.1k
Mind Mapping
helmedeiros
PRO
1
260
SEO for Brand Visibility & Recognition
aleyda
0
4.6k
brightonSEO & MeasureFest 2025 - Christian Goodrich - Winning strategies for Black Friday CRO & PPC
cargoodrich
3
740
Measuring & Analyzing Core Web Vitals
bluesmoon
9
870
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
11
950
How to Ace a Technical Interview
jacobian
281
24k
The Invisible Side of Design
smashingmag
301
52k
What Being in a Rock Band Can Teach Us About Real World SEO
427marketing
0
1k
Noah Learner - AI + Me: how we built a GSC Bulk Export data pipeline
techseoconnect
PRO
0
200
Transcript
金錢樂高遊戲的潛在風險 : 從 DeFi 攻擊事件簿中 可以學到什麼? Charles Jhong August 2,
2020
About Me ➔ Hey I’m Charles Jhong ➔ A golang
developer ➔ Working at AMIS ◆ Wallet service backend ◆ Bitcoin/Omni integration ➔ Motorcycle enthusiast 2
Agenda ➔ DeFi x Security ➔ Type 1 : Re-entrancy
Attack ➔ Type 2 : Flash Loan ➔ Type 3 : Front Running ➔ Summary 3
DeFi x Security ➔ 近兩年 DeFi 火熱,吸引更多人加入幣圈,也導致了多起駭客攻擊事件, 安全議題是 DeFi 走下去必須克服的挑戰
➔ 探究漏洞產生原因,才有機會防止再次發生 ➔ 其他類型 Dapp 也有可能面臨同樣的威脅 4
Type 1 : Re-entrancy Attack 5
What’s Re-entrancy attack? ➔ 智能合約的 race condition 問題 6 Figure
source : Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks (Michael Rodler, Wenting Li, Ghassan O. Karame, Lucas Davi) https://arxiv.org/abs/1812.05934
Attack Events ➔ The DAO (June 2016, 3.6M ETH, rollbacked
and forked) ➔ Uniswap ◆ 4/18 2020 UTC ◆ $ 300K ➔ Lendf.me ◆ 4/19 2020 UTC ◆ $ 25M 7
Lendf.me hack ➔ 類似 Compound 的借貸應用 ➔ 駭客利用 imBTC (ERC-777)
和 lendf.me 組合下所形成的漏洞,進行 imBTC 假入金 ➔ 利用洗出來的假餘額,把平台中其他的資產全部借走 8
Lendf.me 9 Tx Execution Trace from bloxy.info https://bloxy.info/tx/0xe49304cd3edccf32069dc bbb5df7ac3b8678daad34d0ad1927aa725a896 6d52a
Lendf.me Code analysis by Peckshield https://medium.com/@peckshield/uniswap-lendf-me-hacks-root-cause-and-loss-analysis-50f3263dcc09 10
Lendf.me 駭客疑似身份被暴露,最後還錢了 11
Class of re-entrancy attack ➔ Cross-function Re-Entrancy ➔ Delegated Re-Entrancy
➔ Create-Based Re-Entrancy 12 參考論文 Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks (Michael Rodler, Wenting Li, Ghassan O. Karame, Lucas Davi) https://arxiv.org/abs/1812.05934
How to defense? ➔ Reentrancy Guard (OpenZeppelin) ◆ nonReentrant function
modifier ➔ Variable mutex ➔ Enhanced EVM ➔ Analysis tools ➔ 確保對接合約內容 ◆ 萬惡 ERC-777 ? 13
Type 2 : Flash Loan 14
How flash loan works? ➔ 無抵押貸款 ➔ 利息低,額度高 ➔ 借款及還款必須在同一筆
tx 完成,否則 revert() 15 Image source https://hackingdistributed.com/2020/03/11/fla sh-loans/
Flash lender and borrower ➔ 提供 liquidator & arbitrager 利用
➔ 洗交易量、collateral swapping ➔ AAVE, dydx, Uniswap V2 (flash swap), bZx... 16
AAVE Source https://github.com/aave/aave-protocol/blob/master/contracts/lendin gpool/LendingPool.sol#L880-L891 17
Attack Events ➔ bZx ◆ 2/15 & 2/18 2020 UTC
◆ $350K + $650K ➔ Balancer ◆ 6/28 2020 UTC ◆ $500K 18
bZx hack ➔ Flash loan attack 首例 ➔ Capital intensive
attack ➔ 短期內連續被攻擊兩次 ◆ 2/15, pump then arbitrage ◆ 2/18, oracle manipulation (price manipulation) 19
bZx hack 20 bzx first attack analysis by peckshield https://medium.com/@peckshield/bzx-hack-full-disclosure-with-detailed-profit-analysis-e6b1fa9b18fc
bZx hack 21 bzx second attack analysis by peckshield https://medium.com/@peckshield/bzx-hack-ii-full-disclosure-with-detailed-profit-analysis-8126eecc1360
Flash attackers will be the new normal ➔ 貸款方風險低,競爭之下會使得借款成本極低 ➔
降低發動此類型攻擊成本,沒錢的駭客有了方便的資金來源 ➔ 攻擊風險低,萬一失敗了,不怕本金被染色、標籤 節錄自 https://medium.com/dragonfly-research/flash-loans-why-flash-attacks-will-be-the-new-normal-5144e23ac75a 22
How to defense? ➔ 邏輯上應避免單一 tx 操縱 ◆ 治理投票 ◆
Oracle price feed (time-weighted average) ◆ 檢查餘額,必須存在一個區塊以上 ◆ DeFi/Dapp 在模擬時,必須考量到大量資金的 corner case,以及相 依性造成的 transitive risk 23
Type 3 : Front Running 24
What’s Front Running? ➔ 搶跑交易 ➔ 源自於底層 protocol 特性 (廣播交易、15
秒區塊時間) ➔ Transaction order DOES matter ➔ 較難偵測與區分惡意行為 ◆ 偵測需紀錄 mempool 資料,並與鏈上數據交叉比對 ◆ 良性競爭 ? Priority Gas Auction (PGA) 25
Class of front running attack ➔ Displacement attack ➔ Insertion
attack ➔ Suppression attack 26 參考論文 SoK: Transparent Dishonesty: front-running attacks on Blockchain https://arxiv.org/abs/1902.05164
Priority Gas Auction 27 Source http://frontrun.me/
Arbitrage market size (10~100 ETH / day) 28 參考論文 Flash
Boys 2.0: Frontrunning, Transaction Reordering, and Consensus Instability in Decentralized Exchanges https://arxiv.org/abs/1904.05234
Bot profit (10K USD / day) 29 參考論文 Flash Boys
2.0: Frontrunning, Transaction Reordering, and Consensus Instability in Decentralized Exchanges https://arxiv.org/abs/1904.05234
MEV ➔ Miner-extractable value ◆ 區塊獎勵以外的潛在收益 ◆ 來源之一 : 透過操縱交易順序,礦工可以得到的報酬
➔ What if MEV > block reward? ◆ 上層應用危及底層 protocol ◆ 礦工會嘗試 fork • Undercutting attacks • Time-bandit attacks 30 參考論文 Flash Boys 2.0: Frontrunning, Transaction Reordering, and Consensus Instability in Decentralized Exchanges https://arxiv.org/abs/1904.05234
How to defense? ➔ Commit-reveal ◆ LibSubmarine ➔ MEV auction
➔ POS 31 參考論文 SoK: Transparent Dishonesty: front-running attacks on Blockchain https://arxiv.org/abs/1902.05164 Source https://libsubmarine.org/
Summary 32
Summary ➔ 安全的挑戰日新月異,新型應用甚至會影響底層協議安全 ➔ Dapp 間的相依,同時繼承風險 ➔ 無許可制系統,金融應用不再是特許事業 ◆ Dapp
Gate Keeper? ◆ 整體生態仰賴社群力量 ➔ 開發環境/工具仍有相當大的需求缺口 33
References ➔ https://medium.com/@slowmist/slowmist-details-of-lendf-me-reentrancy-attack-3e168ab5f2b1 ➔ https://www.youtube.com/watch?v=QfFtnW46uwI ➔ https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/contracts/utils/ReentrancyGuard.sol ➔ https://hackingdistributed.com/2020/03/11/flash-loans/ ➔
https://medium.com/@peckshield/bzx-hack-full-disclosure-with-detailed-profit-analysis-e6b1fa9b18fc ➔ https://medium.com/@peckshield/bzx-hack-ii-full-disclosure-with-detailed-profit-analysis-8126eecc1360 ➔ https://uniswap.org/docs/v2/core-concepts/flash-swaps/ ➔ https://medium.com/dragonfly-research/flash-loans-why-flash-attacks-will-be-the-new-normal-5144e23ac75a ➔ https://medium.com/offchainlabs/mev-auctions-considered-harmful-fa72f61a40ea ➔ https://medium.com/offchainlabs/front-running-as-a-service-334c929c945a ➔ https://medium.com/offchainlabs/meva-what-is-it-good-for-de8a96c0e67c ➔ https://themerkle.com/f2pool-allegedly-prevented-users-from-investing-in-status-ico/ ➔ https://ethresear.ch/t/mev-auction-auctioning-transaction-ordering-rights-as-a-solution-to-miner-extractable-value/6788 ➔ https://libsubmarine.org/ ➔ https://github.com/lorenzb/libsubmarine 34
Slides & Handles 35 @shad0356jc @shad0356jc @charles_jhong
Thank you 36