Page 96 - Cyber Defense eMagazine December 2022 Edition
P. 96
platforms cannot rely on retroactive bounties from attackers who decide to adopt the role of a white hat
hacker after the fact.
The market liquidity of a token should be a primary consideration when deciding which assets can be
used as collateral on a lending platform. Illiquid tokens introduce a much greater risk of being manipulated
in a way that breaks the intended functioning of the platform. In the case of the Moola incident, the
attacker only required approximately $133k worth of $CELO to pump the price of $MOO from $0.018 to
a peak of $3.58, representing a gain of nearly 20,000%.
In deeper, more liquid markets, the cost of such an attack increases dramatically. It would take an
astronomic amount of money to manipulate the price of blue-chip assets by the same magnitude.
This was a flaw in the design of the protocol. It was not the result of an error in the platform’s smart
contract, but rather a lack of foresight when choosing which assets could be used as collateral. While it
remains unclear who the perpetrator of the Moola Market manipulation was, they would likely defend their
actions not as an attack on the protocol but rather as a “highly profitable trading strategy,” to use the
words of the Mango Markets exploiter.
Lending platforms want to incentivize the usage of their token, and allowing it to be used as a collateral
asset is one way of doing so. However, if liquidity is insufficient to prevent attacks such as these, this
ends up being a short-sighted strategy, as there is unlikely to be any demand for the token of a broken
platform that opened its users up to potentially devastating losses.
In addition to the careful selection of collateral assets, DeFi platforms have a range of tools at their
disposal to protect their protocols and its users. On-chain monitoring services such as Skynet that
continuously scan the blockchain for suspicious activity can raise the alarm minutes before an attack can
be carried out.
Careful design choices, pre-deployment auditing, and post-deployment monitoring can all combine to
raise a protocol’s level of security to the highest possible standard. A meaningful commitment to security
is not just the right thing to do, it’s also a no-brainer from a business standpoint. DeFi protocols that take
security seriously demonstrate to potential users that they intend to be around for the long term, which is
crucial when it comes to attracting the liquidity and day-to-day usage that makes a platform thrive.
DeFi’s transparency is one of its greatest strengths. It means on-chain security incidents can be quickly
diagnosed and addressed, not just by the team behind a platform that suffered the exploit but also by the
developers of other platforms that may share similar vulnerabilities. But these lessons are not always
learned as quickly as they should be, which leads to DeFi’s transparency becoming one of its greatest
liabilities. Copycat attacks are trivial to carry out when the exact attack flow of a previously successful
exploit is permanently written into the chain.
The fact that Moola Markets suffered the same fate as Mango Markets did just a week prior is illustrative
of this conundrum. In order to make transparency a powerful strength rather than a critical weakness,
DeFi and Web3 projects need to move quickly to address vulnerabilities and mitigate risks as soon as
they appear. Security does not end after a project is deployed. It needs to be integrated into all steps of
the process, from design, to deployment, and beyond.
Cyber Defense eMagazine – December 2022 Edition 96
Copyright © 2022, Cyber Defense Magazine. All rights reserved worldwide.