The new service, called Economic Exploit Analysis, uses University of Toronto research and will work on any EVM-compatible blockchain.
Blockchain security provider Quantstamp has launched an automated service to detect flash loan attack vectors in smart contracts. The new service is being called Economic Exploit Analysis and is based on research done at the University of Toronto.
Economic Exploit Analysis will be available to protocols, whether they have been deployed or not. It will enhance Quantstamp’s audits by identifying flash loan attack vulnerabilities in a client’s code. The service will be available on any Ethereum Virtual Machine (EVM)-compatible blockchain and is non-exhaustive — that is, it may not detect all attacks.
In decentralized finance (DeFi), a flash loan is an unsecured loan that has to be taken out and paid back in the same transaction. Flash loans can be used to take advantage of price differences between crypto exchanges (arbitrage), debt refinancing and similar actions. A flash loan attack is the manipulation of DeFi protocols in ways developers did not foresee. Quantstamp explained:
“Flash loan attacks can drain the entire TVL (total value locked) of a DeFi protocol, and their complicated nature combined with DeFi’s composability means these attack vectors often evade conventional audits.”
Related: Ripple expands Canadian engineering activities with U of Toronto XRP validator
The need for greater security in DeFi markets is garnering increasing attention. The problem of flash loan largest attacks, in particular, was brought into focus when Euler Finance was attacked in March. Last year, over $2 billion worth of crypto was stolen in hacks and exploits.
Another day, another speaker for #L2Warsaw – @jgorzny, Head of L2 Scaling at @Quantstamp!
He'll discuss their new rollup security framework and its aim to standardize language for both users & developers.
Title: "Rollup Security Framework"
12:00 PM pic.twitter.com/3rW9UFZZoS— L2BEAT (@l2beat) August 18, 2023
Coinbase’s new Base layer-2 is also addressing security vulnerabilities. It is developing a monitoring tool that it is calling Pessimism to “provide prompt notification of anomalies in the protocol and network, such as account balance irregularities, contract events, or disparities between L1 and L2 states,” it announced in a recent blog post.
Collect this article as an NFT to preserve this moment in history and show your support for independent journalism in the crypto space.
Magazine: The trouble with automated market makers