Seminar, InfoSec Seminar: Flash Loans for Fun and Profit

Speaker: Arthur Gervais

Date/Time: 04-Mar-2021, 16:00 UTC

Venue: Virtual Seminar

Details

Abstract: Credit allows a lender to loan out surplus capital to a borrower. Credit bears the risk that the borrower may default on its debt; the lender hence requires upfront collateral from the borrower, plus interest fee payments. Due to the atomicity of blockchain transactions, lenders can offer flash loans, i.e., loans that are only valid within one transaction and must be repaid by the end of that transaction. This concept has led to many exciting attack possibilities, some of which were exploited in February 2020.

This talk will explore the implication of transaction atomicity and flash loans for the nascent decentralized finance (DeFi) ecosystem. We will analyze two existing attacks with ROIs beyond 500k% and formulate finding the attack parameters as an optimization problem over the state of the underlying Ethereum blockchain and the DeFi ecosystem. We will show how malicious adversaries can efficiently maximize an attack profit and hence damage the DeFi ecosystem further. Specifically, we will present how two previously executed attacks can be “boosted” to result in a profit of 829.5k USD and 1.1M USD, respectively, which is a boost of 2.37× and 1.73×, respectively.

This talk is based on a paper at Financial Cryptography and Data Security (FC) 2021. The preprint is available here: https://arxiv.org/pdf/2003.03810.pdf.

Bio: Arthur Gervais is a Lecturer (equivalent Assistant Professor) at Imperial College London. He's passionate about information security and worked since 2012 on blockchain related topics, with a recent focus on Decentralized Finance (DeFi).

Add to Calendar

This page was last modified on 27 Mar 2014.