Coder Flash Swaps 340,000 ETH – Trustnodes

Coder Flash Swaps 340,000 ETH


Flash swapped bugy code, Dec 2020

A coder has performed the most complex operation yet in open finance with multiple flash loans and a new thing: flash swaps.

The latter sound similar to flashloans with Uniswap stating “flash swaps allow you to withdraw up to the full reserves of any ERC20 token on Uniswap and execute arbitrary logic at no upfront cost, provided that by the end of the transaction you either: pay for the withdrawn ERC20 tokens with the corresponding pair token OR return the withdrawn ERC20 tokens along with a small fee.”

The coder flashloaned $50 million from dYdX and flash swapped 340,000 eth from Uniswap, currently worth $220 million, creating huge volumes in the DAI-ETH pool where accumulated fees have shot up by 300%.

In total some $800 million in market making volumes was made by this one execution operation, pocketing Liquidity Providers (LPs) some $1 million in fees.

Coder flash swapping and flashloaning buggy oracle, Dec 2020
Coder flash swapping and flashloaning buggy oracle, Dec 2020

According to Emiliano Bonassi, who describes himself as a white hacker, the coder “used multiple lenders (different Uniswap pools) and asked for a double (different assets) loan to dydx:

Lender 1 (uni pool 1) -> attacker -> lender 2 (uni pool 2) -> attacker -> lender 3 (uni pool 3)-> attacker -> lender 4 (batch loan from dydx) -> attacker -> exploit -> chain of repayments.”

The code of Warp Finance was exploited due to a miscalculation in its pricing oracle (featured image) with the lead dev at Alpha Finance Lab stating:

“You can’t just do reserves[0]prices[0] + reserves[1]prices[1] when computing [Total Value Locked] TVL in Uniswap LP or you will get rekted.”

Warp Finance itself hasn’t provided a diagnosis, stating it will do so in a few days. They were audited by Hacken, a cybersecurity consulting company, but as shown the only audit that matters is the one by Nakamotos across the globe.

This Nakamoto’s audit found he could easily manipulate the simple price calculations at Warp Finance, a trading place for LP tokens, and to do so he needed just one eth deposited to his account from the mixer Tornado Cash.

The flashswaps and flashloans could then be used to ‘arbitrage,’ draining the DAI and USDC vaults on Warp, leaving USDt alone due to lack of liquidity.

Some $5.5 million has been locked now in collateral, with it unclear currently whether this collateral is the coder’s or Uniswap’s or Sushiswap’s which this coder also used.

Warp says they will try and recover this collateral to distribute it to users who lost money, but $1 million is clearly in the coder’s account and can’t be recovered with nearly $8 million lost in total.

Thus huge sums were moved to end up with a $1 million clear profit, indicating the barriers to exploiting code oversights are very low and the cost for the exploiter is almost non existent.

Except for however much his time might cost as this was a complex operation, and therefore may have taken at least a week to code.

On the other hand, it’s a pretty leet operation, bringing to attention that there are now flash swaps you can do for hundreds of million with no upfront capital.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>