Lending Protocol Attack

The most common attack vector, where an attacker artificially manipulates the price feed (oracle) used by a lending protocol to determine collateral value. This allows them to:

• Borrow excessively against under-collateralized assets.
• Trigger unfair liquidations of other users' positions.
• Example: The 2022 Mango Markets exploit, where an attacker manipulated the price of MNGO perpetual futures to borrow over $100M from the protocol.

Exploits that target weaknesses in the liquidation engine, which is responsible for closing under-collateralized loans. Attackers can:

• Abuse flash loans to force positions into being under-collateralized.
• Exploit rounding errors or incorrect incentive calculations in the liquidation process.
• Example: The 2020 bZx "Flash Loan" attacks, where attackers manipulated prices to trigger and profit from liquidations within a single transaction.

An attack where an attacker gains control of a protocol's governance tokens to pass malicious proposals. This can lead to:

• Draining the protocol treasury.
• Changing critical parameters (like collateral factors) to enable other exploits.
• Example: The 2022 Beanstalk Farms exploit, where an attacker used a flash loan to acquire majority voting power and passed a proposal to send $182M in assets to their wallet.

Attacks that exploit inherent flaws in a protocol's tokenomics or incentive structures, rather than a technical bug. This includes:

• Ponzi-like mechanisms where sustainability depends on constant new deposits.
• Misaligned incentives between liquidity providers and borrowers.
• Example: The collapse of the Venus Protocol's XVS markets in 2021, where flawed incentive design led to massive bad debt during market volatility.

Direct exploitation of bugs in the protocol's core smart contracts. These are classic software bugs that allow unauthorized actions, such as:

• Reentrancy attacks, where a function can be called repeatedly before its state is updated.
• Integer overflows/underflows leading to incorrect balance calculations.
• Example: The 2020 dForce Lendf.Me hack, where a reentrancy vulnerability in the ERC-777 token standard was exploited to drain $25M.

An attack on one protocol that triggers a cascade of failures across interconnected DeFi systems (DeFi Lego). This occurs due to:

• Shared oracle dependencies creating a single point of failure.
• High leverage and inter-protocol borrowing creating systemic risk.
• Example: The 2022 UST depegging event, which caused massive liquidations and insolvencies across multiple lending protocols that accepted UST as collateral.

An attack that targets vulnerabilities in how a protocol calculates borrow rates or supply rates. By manipulating utilization rates or exploiting rounding in the rate curve, an attacker can distort the protocol's economics to their advantage.

• Mechanism: A large, sudden deposit or withdrawal (often via flash loan) can spike the utilization rate, causing borrow rates to skyrocket and triggering unintended liquidations or draining the reserve fund.
• Defense: Use smoothed or kinked rate models with caps, and implement rate change speed limits.

A denial-of-service attack on a lending protocol's price oracle, preventing it from updating. This can freeze all borrowing, lending, and liquidation activity, potentially allowing undercollateralized positions to go unliquidated.

• Method: An attacker might spam the oracle's update transaction, exploit a bug in the oracle's update logic, or attack the underlying data source (like a specific DEX pool).
• Defense: Use decentralized, resilient oracle networks (e.g., Chainlink) with multiple fallback mechanisms and independent node operators.

An attack where an adversary artificially inflates or deflates the price feed used by a lending protocol to value collateral or borrowed assets. This can trigger faulty liquidations or allow the attacker to borrow excessive funds against worthless collateral.

• Common Vectors: Flash loan attacks on decentralized oracles (e.g., DEX price manipulation), exploiting stale prices from centralized feeds.
• Example: The 2020 bZx attacks used flash loans to manipulate DEX prices, causing the protocol to misvalue collateral and grant oversized loans.
• Defense: Use decentralized oracle networks (e.g., Chainlink), time-weighted average prices (TWAPs), and multi-source price feeds.

An attack that targets the automated liquidation mechanism, either by preventing healthy liquidations to cause protocol insolvency or by manipulating conditions to liquidate positions unfairly.

• Common Vectors: Spamming the network to block liquidation transactions, exploiting flaws in the liquidation incentive or penalty calculation, or using price manipulation to push positions below the liquidation threshold.
• Defense: Implement permissionless, incentivized liquidator networks, circuit breakers for extreme volatility, and robust, gas-efficient liquidation logic.

A technique where an attacker borrows a large, uncollateralized loan within a single transaction, uses the funds to manipulate the protocol's state (e.g., oracle prices, governance votes), and repays the loan before the transaction ends, profiting from the manipulated outcome.

• Why it's effective: Requires zero upfront capital, allowing anyone to execute large-scale attacks.
• Primary Use: Not an attack itself, but a powerful funding mechanism for oracle manipulation and governance attacks.
• Mitigation: Design systems where critical state changes (like oracle updates) cannot be influenced within a single block.

An attack where an attacker acquires enough voting power (typically governance tokens) to pass malicious proposals that drain the protocol's treasury or alter its parameters for personal gain.

• Common Vectors: Using flash loans to temporarily borrow a majority of governance tokens ("flash loan governance attack"), or exploiting delegation mechanisms.
• Example: The 2022 Beanstalk Farms attack used a flash loan to pass a proposal that drained $182 million from the protocol's treasury.
• Defense: Implement time-locks on executable code, multi-sig safeguards for treasury access, and quorum requirements that consider token longevity (e.g., vote-locking).

An attack that exploits flaws in the mathematical model determining borrowing and lending rates, potentially leading to bank runs, insolvency, or arbitrage at the protocol's expense.

• Common Vectors: Artificially inflating utilization rates to spike borrowing costs and trigger mass withdrawals, or exploiting kinks in the model's formula for risk-free profit.
• Impact: Can cause a liquidity crisis or make the protocol economically non-viable.
• Defense: Rigorous modeling and auditing of rate formulas, implementing rate change speed limits, and stress-testing under extreme market conditions.

A systemic risk where the total value of bad debt (unpaid loans) exceeds the value of the protocol's remaining collateral, rendering it insolvent and unable to repay depositors.

• Causes: Cascading liquidations during a market crash where collateral value plummets faster than liquidators can act, or a successful attack that creates unrecoverable bad debt.
• Key Metric: Protocol Insolvency occurs when Total Bad Debt > Total Collateral Value.
• Risk Mitigation: Conservative loan-to-value (LTV) ratios, diversified collateral types, safety modules or insurance funds, and over-collateralization requirements.

A flash loan attack uses uncollateralized, instant loans to manipulate market prices or protocol logic within a single transaction. The attacker borrows a large sum, executes the exploit, and repays the loan, all atomically. This is a common vector for price oracle manipulation and governance attacks.

• Key Mechanism: Requires no upfront capital, as the loan is borrowed and repaid in the same block.
• Example: The 2020 bZx attack used flash loans to manipulate the price of sUSD on Uniswap, allowing the attacker to drain funds from the lending protocol.

Oracle manipulation is an attack where an adversary artificially inflates or deflates the price feed a lending protocol uses to determine collateral values. By feeding incorrect price data, the attacker can borrow more than allowed or trigger unfair liquidations.

• Common Targets: Decentralized oracles that rely on spot prices from specific DEX pools.
• Defense: Using time-weighted average prices (TWAPs), multiple oracle sources, and circuit breakers.

This exploit targets the automated liquidation process in lending protocols. Attackers may manipulate conditions to trigger unnecessary liquidations of other users' positions or to become the sole liquidator for profit.

• Methods: Includes liquidation fee arbitrage, where attackers profit from the fee differential, and self-liquidation to extract value from a protocol's incentive design.
• Impact: Can lead to loss of user collateral and destabilize the protocol's debt markets.

An economic design flaw is a vulnerability in the tokenomics or incentive structure of a lending protocol, rather than a smart contract bug. Attackers exploit these to drain value via legitimate protocol functions.

• Examples: Incorrect collateral factor calculations, mispriced interest rate models, or unsustainable liquidity mining rewards that can be gamed.
• Famous Case: The Iron Bank exploit on CREAM Finance involved borrowing against a manipulated collateral token at an incorrect price.

A reentrancy attack occurs when a malicious contract calls back into a vulnerable lending protocol function before the initial execution finishes, allowing repeated unauthorized withdrawals or state changes. This classic vulnerability was central to the 2016 DAO hack.

• How it Works: The attacker's fallback function recursively calls the vulnerable withdraw function, draining funds.
• Prevention: Using the checks-effects-interactions pattern and reentrancy guards.

A governance attack involves acquiring enough voting power (often via token) to pass malicious proposals that change a lending protocol's critical parameters. This can drain the treasury, alter fees, or disable security modules.

• Acquisition Method: Attackers may use flash loans to temporarily borrow governance tokens.
• Defense: Implementing time locks on governance actions, multi-sig safeguards, and progressive decentralization.