Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Deus Finance is a derivatives trading platform. Calculating the price of a token is complicated in a decentralized system. If it is done via an off-chain oracle, like chainlink, then a deep amount of trust is being put into them. If it's being done by an algorithm, the algorithm can be manipulated to make the price too high or too low.

In this case, the price oracle is generated with some simple math from the Solidex pool:

(dei balance * usdc balance) / total supply

What would happen if one of these parameters was manipulated? By taking out a large flash loan, the price is drastically changed. In particular, taking out a large amount of DEI cuts the pool amount by a lot.

Once a users collateral is worse less than what they are trading on, their assets become insolvent. These accounts can be liquidated, giving the user the LP tokens from the liquidated users.

Since the attacker has their hands on a large amount of LP tokens, they can burn this to recoup the original value. Finally, they repay the flash loan and make a profit from other users derivatives.

What's the lesson here? Use a Time Waited Average Price (TWAP). The weighting the average price over time, like a large order, or flash loan, doesn't affect the price very much. A few extra links: Peckshield analysis and Rekt.news.