DoctorCaT
Basic
- Joined
- 04.08.21
- Messages
- 19
- Reaction score
- 8
- Points
- 3
Flash Loan Hacks
In 2017, during a DAO, decentralized autonomous organization, hack, multiple protocols were 51% attacked for the users profit.
The 51% attack happens on the blockchain network when a user can get control of most of the hash rate (over 50%) and have enough power to modify or prevent transactions from happening.
Since blockchains rely on nodes like PoW, or proof of work, it is important to disburse the nodes across as many different entities as possible to mitigate a 51% hack.
As of 2019, DeFi providers hacks are not as brutal and often not as conspicuous. Of the easiest and most common ways is to exploit vulnerabilities and platform bugs. For example, attacks on the ApeRocket (Polygon) protocol have been carried out using only flash loans through Aave and PancakeSwap (More details on the developer's blog).
Hacking Theory
Most providers of DeFi Flash Loan projects that do not use LTV are using protection systems like Plasma and NuCypher.
The problem with these systems is their complicated implementation in transactions between their networks and Etherium or Blockchain, for example, Plasma Brige allows double spending, which allows repeated withdrawals.
NuCypher allows developers to store, share and manage personal data and seeks to add an interoperable layer of security to various blockchains, where developers can grant permission to access sensitive information in a number of decentralized applications, but in practice the platform only offers secret management and dynamic access control services through Umbral, its encryption scheme, and Ursula, a network of operating nodes.
Umbral is a NuCypher encryption scheme that allows users to keep data private and share information securely.
Data owners grant decryption rights to the recipient of the data in a process run by "proxy nodes" called Ursuls, which re-encrypt the data for the recipients. (Note that proxies do not have access to the underlying data or unlock keys, they simply apply additional conditions that must be met to unlock the data).
After running diagnostics on providers such as AAVE, Fulcrum, Finside, MarkerDAO, we found out that the bug is applicable within a single transaction....
Continued in a closed channel https://t.me/joinchat/copTAJUSRh8xNDNh
In 2017, during a DAO, decentralized autonomous organization, hack, multiple protocols were 51% attacked for the users profit.
The 51% attack happens on the blockchain network when a user can get control of most of the hash rate (over 50%) and have enough power to modify or prevent transactions from happening.
Since blockchains rely on nodes like PoW, or proof of work, it is important to disburse the nodes across as many different entities as possible to mitigate a 51% hack.
As of 2019, DeFi providers hacks are not as brutal and often not as conspicuous. Of the easiest and most common ways is to exploit vulnerabilities and platform bugs. For example, attacks on the ApeRocket (Polygon) protocol have been carried out using only flash loans through Aave and PancakeSwap (More details on the developer's blog).
Hacking Theory
Most providers of DeFi Flash Loan projects that do not use LTV are using protection systems like Plasma and NuCypher.
The problem with these systems is their complicated implementation in transactions between their networks and Etherium or Blockchain, for example, Plasma Brige allows double spending, which allows repeated withdrawals.
NuCypher allows developers to store, share and manage personal data and seeks to add an interoperable layer of security to various blockchains, where developers can grant permission to access sensitive information in a number of decentralized applications, but in practice the platform only offers secret management and dynamic access control services through Umbral, its encryption scheme, and Ursula, a network of operating nodes.
Umbral is a NuCypher encryption scheme that allows users to keep data private and share information securely.
Data owners grant decryption rights to the recipient of the data in a process run by "proxy nodes" called Ursuls, which re-encrypt the data for the recipients. (Note that proxies do not have access to the underlying data or unlock keys, they simply apply additional conditions that must be met to unlock the data).
After running diagnostics on providers such as AAVE, Fulcrum, Finside, MarkerDAO, we found out that the bug is applicable within a single transaction....
Continued in a closed channel https://t.me/joinchat/copTAJUSRh8xNDNh
