At the time of writing, 145K transactions are pending to be included in the Ethereum network. The surge in adoption of the Ethereum network, together with ETH price appreciation, has boosted the dollar costs of gas fees, resulting in an unfriendly experience for retail users. Layer 2 solutions aim to increase the network throughput by building ‘on top’ of Ethereum, without affecting the decentralization or security characteristics of the underlying blockchain.
Each solution has its own considerations and tradeoffs to consider, including throughput, transaction cost, security, scalability, functionality, amongst other things. However, no single Layer 2 solution fulfills all needs.
A series of attacks compromised several Binance Smart Chain (BSC) projects in May. Following PancakeBunny, three project forks — AutoShark, Merlin Labs, and PancakeHunny were also attacked using similar techniques. PancakeBunny suffered the most costly attack of the four, which saw nearly $45M in total damages. In this article, we dig into the details behind the attacks on the three copycats.
AutoShark was attacked five days after PancakeBunny, followed by Merlin Labs and PancakeHunny, respectively. The following is an analysis of the problems and possible attack techniques for these three forked projects.
In May 2021, we witnessed multiple hacks targeting BSC DeFi products. In particular, a loophole related to reward minting in the yield aggregator, PancakeBunny, was exploited to mint ~7M BUNNY tokens from nothing, leading to a $45M financial loss. After the hack, three forked projects — AutoShark, Merlin Labs, and PancakeHunny — were exploited using similar techniques. Below we dig into loophole and give a step-by-step account of the exploit by reproducing the attack against PancakeBunny.
Many people believe that composability is crucial to the success of DeFi. Token contracts (e.g., ERC20s) play an essential role on the bottom layer…
The target of the accident was Spartan Protocol, a DeFi protocol for synthetic assets running on BSC. When diving into the detailed source code, we can see it is a tweaked version of the UniswapV2 protocol. Specifically, the fee mechanism is modified to incentivize liquidity providers when liquidity is scarce. As a result, users trading larger volumes are charged more fees. Almost all main assets on BSC (e.g. BNB) have corresponding UniswapV2-like pairs (e.g. WBNB-SPARTA). Similar to UniswapV2, those pairs are open for users to add/remove liquidity. …
On Feb 24th, the post-mortem describing three white-hacks on Primitive Finance was released. More than one month after the post-mortem release, we identified a vulnerable user with ~$1M (500 WETH) at risk on April 14. By reproducing the white-hacks, we demonstrated our findings to Primitive Finance via ImmuneFi and helped the victim at risk reset the allowance. Below, we outline how we exploited the loophole on a simulated platform and identified the victim using blockchain data analytics.
Gas reflexivity and feedback loops
Ethereum block space is probably the most scarce resource right now. The rise of liquidity mining and yield farming over the past couple of months have led to a sharp increase in gas fees, with averages currently in the 400–600 Gwei range(!).
The GBTC and ETHE premium arbitrage trade has recently become very topical. Both products, issued by Grayscale, have traded at a consistent premium over NAV (TradeBlock XBX and ETX Index) since inception. Currently, GBTC trades at a 30% premium to NAV, and ETHE trades at a 850% premium to NAV.
There are multiple ways to monetize on the growth in decentralized finance networks via trading strategies. Underlying strategies tend to fall into two wider risk categories; 1) guaranteeing on-chain liquidity on applications that rely on external liquidity provision, and 2) extracting fees from applications with guaranteed on-chain liquidity.
Market participants have a few ways to earn a higher rate of return than the rate of ‘risk free’ interest (e.g. lending rates on Compound Protocol, or eventually, the DAI savings rate, or ‘DSR’). Outside of speculative trading, this includes acting as keepers. Keepers are independent operators that exploit opportunities for profit…
Auctions are a particularly popular topic in game theory, with dutch auctions in particular being widely studied. Generally, dutch auctions facilitate price discovery, but may not necessarily reach an equilibrium state where all participants reveal their true valuation of the item for sale.
In Algorand, the dutch auctions are ran with an embedded 1-year put option, with a strike price tied to the auction clearing price. …
Ampleforth’s (AMPL) IEO recently sold out on Bitfinex in 2 seconds.
“AMPL supply expands and contracts in response to it’s price deviating from a 1 USD target. Deviations result in a supply change of AMPLs once every 24 hours, increasing or decreasing the number of tokens in each holder’s wallet pro-rata.”
The full whitepaper can be found here.
Whilst some market participants (perhaps initially a majority) may think of AMPL as a stablecoin, this is not the case. The price will mean revert towards $1, but the number of AMPLs held in wallets will deviate over time due to rebasing…
We help our clients buy and sell cryptocurrency products, earn yield, manage risk and access liquidity.