Economic Attack

An attacker borrows a large sum of capital without collateral via a flash loan, uses it to manipulate on-chain asset prices or protocol states, and repays the loan within a single transaction. This exploits the atomicity of blockchain transactions to create risk-free, capital-efficient attacks.

• Mechanism: Borrow → Manipulate (e.g., drain a lending pool via oracle manipulation) → Repay.
• Example: The 2020 bZx attack, where flash loans were used to manipulate oracle prices and drain liquidity pools.

An attacker acquires a majority or significant portion of a protocol's governance tokens to pass malicious proposals that drain the treasury, mint unlimited tokens, or alter critical parameters. This is a direct attack on the decentralized autonomous organization (DAO) structure.

• Mechanism: Token accumulation → Proposal submission → Voting power execution.
• Defense: Time locks on execution, multi-sig safeguards, and progressive decentralization.

A classic market manipulation scheme adapted for DeFi. Developers or insiders artificially inflate (pump) a token's price through marketing and liquidity provision, then suddenly withdraw all liquidity (dump), leaving investors with worthless tokens. A rug pull is a malicious exit scam by developers.

• Key Indicator: Low liquidity, anonymous teams, and excessive token concentration.

An attacker exploits the reliance of a DeFi protocol on a specific price oracle (e.g., a decentralized exchange's spot price). By manipulating the oracle's reported price through large, skewed trades, the attacker can trigger faulty liquidations, borrow excessive funds, or mint synthetic assets incorrectly.

• Target: Lending protocols and derivatives platforms.
• Solution: Use decentralized, time-weighted average price (TWAP) oracles from multiple sources.

A systemic risk event where a sharp drop in collateral value triggers a wave of liquidations across a lending protocol. Liquidators selling the seized collateral further depress the price, creating a positive feedback loop that can lead to protocol insolvency and market-wide contagion.

• Precipitating Factors: High leverage, correlated collateral assets, and low liquidity.
• Historical Context: Contributed to major downturns like the March 2020 "Black Thursday" on MakerDAO.

An attack that aims to render a protocol economically unsustainable by forcing it to pay out more in rewards or subsidies than it collects in fees. Attackers exploit incentive mechanisms—like liquidity mining rewards or gas reimbursements—to extract value until the protocol's treasury is drained.

• Target: Protocols with poorly calibrated emission schedules or refund mechanisms.
• Mechanism: Automated bots perform minimally valuable actions to claim maximum rewards.

A punitive mechanism in Proof-of-Stake (PoS) networks where a validator's staked assets are partially or fully destroyed for malicious behavior. This creates a direct financial disincentive for attacks like double-signing or prolonged downtime.

• Primary Use: Secures consensus by penalizing validators who act against the network.
• Example: In Ethereum, slashing can remove a validator's stake for proposing conflicting blocks.

A time-delay mechanism that locks staked assets for a set duration before they can be withdrawn. This prevents rapid exit after a malicious act and allows time for slashing penalties to be applied.

• Defensive Purpose: Increases the cost of attack by making capital illiquid and at risk.
• Impact: Thwarts short-range attacks where an attacker might try to withdraw funds immediately after compromising the network.

The concept that reversing a transaction or block becomes prohibitively expensive because it would require destroying a massive amount of staked value. It quantifies security in financial terms.

• Mechanism: In PoS, finalizing a block requires a supermajority of stake. Reversing it would cause that stake to be slashed.
• Metric: Often expressed as the Cost of Corruption vs. Profit from Corruption.

Protocol-level caps that limit the amount of value that can be extracted or moved within a specific time frame. These are common in decentralized finance (DeFi) lending protocols.

• Purpose: Mitigates the impact of a bank run or a flash loan attack by throttling outflow.
• Example: A lending market may impose a daily limit on stablecoin withdrawals to prevent a liquidity crisis during market stress.

Defenses against attempts to maliciously control a protocol's decentralized autonomous organization (DAO) or governance system to drain its treasury.

• Time-locks on Execution: Delays between a governance vote passing and its execution, allowing time for community response.
• Multisig Guardians: A temporary, trusted committee with veto power during a protocol's early stages.
• Vote Delegation & Quorums: Ensuring a broad, engaged voter base is required for major changes.

Protections against oracle manipulation attacks, where an attacker feeds incorrect external data (like asset prices) to a DeFi protocol to profit from distorted valuations.

• Decentralized Oracles: Using multiple, independent data sources (e.g., Chainlink) to avoid a single point of failure.
• Time-Weighted Average Prices (TWAPs): Smoothing price data over a period to prevent instantaneous manipulation.
• Circuit Breakers for Feeds: Pausing protocols if price deviations exceed a safe threshold.

An attack where a single entity creates many fake identities (Sybils) to subvert a network's reputation or governance system. In blockchains, this is a prerequisite for many economic attacks, as it allows an attacker to gain disproportionate influence in Proof-of-Stake voting, oracle data feeds, or decentralized governance without holding a proportional economic stake. Defenses include proof-of-personhood systems and stake-based weighting.

A critical vulnerability where an attacker exploits the data feed (oracle) that supplies external information (like asset prices) to a smart contract. By manipulating the price reported to a DeFi protocol (e.g., via a flash loan), the attacker can trigger faulty liquidations or mint excessive synthetic assets. This is a common vector for economic attacks on lending platforms and derivatives. Robust oracle designs use decentralized data sources and time-weighted average prices (TWAP).

An uncollateralized loan that must be borrowed and repaid within a single blockchain transaction. While a legitimate DeFi primitive, flash loans are a powerful tool for economic attackers because they provide massive, temporary capital to exploit price discrepancies or governance mechanisms without upfront capital. They are central to complex attack vectors like oracle manipulation and governance takeovers.

The profit validators or searchers can extract by reordering, including, or censoring transactions within a block. MEV creates economic incentives for behaviors that can degrade network performance and fairness. While not always malicious, many economic attacks (like sandwich attacks or time-bandit attacks) are forms of MEV extraction. Solutions include fair ordering protocols and MEV-boost auctions.

The foundational protocol (e.g., Proof-of-Work, Proof-of-Stake, Delegated Proof-of-Stake) that secures the blockchain and determines transaction ordering. The economic security model of the consensus mechanism is the primary defense against 51% attacks and long-range attacks. Understanding its incentive structure and slashing conditions is essential for analyzing systemic economic risks.

The mathematical study of strategic interaction between rational actors. It is the theoretical backbone for analyzing and preventing economic attacks. Blockchain protocols are mechanisms designed with specific incentives and penalties to make attacks economically irrational. Concepts like Nash equilibrium, Prisoner's Dilemma, and Byzantine Generals Problem underpin the security models of decentralized systems.