Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Flash loans are crypto loans that do not require collateral. This is possible because an attacker can either payback the loan or the transaction will revert. This allows a user to get access to near infinite liquidity in order to arbitrage and various other things.

The holder of the liquidity gets a fee for providing the flash loan service. While these have a legit use case, it can cause lots of havoc. Distorting the price of, pump and dumps, oracle manipulation, wash trading and much more are possible

So, how do we protect against these attacks? The first option is probably the best: breaking logic into two transaction. If the calls cannot be performed in the same transaction then the manipulation is usually worthless.

Next, relying on robust oracles. For instance, using Chainlink instead of an on-chain calculation. Finally, keeping track of items to ensure that there's a limit on the change. For instance, letting a slippage limit.

Besides the active measures, we can have inactive actions as well. Blacklisting suspicious actors and adding in a pausing ability to occur with runtime monitoring works well too. But, having the first measures discussed are much more important. The final reactive measure is storing funds in a vault to pay users back.

Personally, it's a combination of the active and reactive measures that should occur. By having on chain defenses, they can be restricted. But, if something does happen, the developers should be fast to move.