US-based blockchain security company Quantstamp has launched its service called Economic Exploit Analysis to prevent flash loan attack vectors in smart contracts
US-based blockchain security company Quantstamp has launched its service called Economic Exploit Analysis to prevent flash loan attack vectors in smart contracts. By utilising Economic Exploit Analysis, Quantstamp can proactively identify potential flash loan attack paths within smart contracts using automated tools, preventing protocol breaches.
This service is bolstered by research from the University of Toronto, which Quantstamp has refined into a practical tool for production-level use. What is a flash loan? In the first half of 2023 alone, an estimated USD 207 million was stolen through flash loan attacks, as per Quantstamp. A flash loan is an uncollateralised loan provided by a smart contract that can be taken out for as short as a single transaction.
In these attacks, hackers leverage flash loans to borrow substantial funds and manipulate DeFi protocols into unexpected states that developers may not have anticipated. Flash loan attacks can drain the entire TVL (total value locked) of a DeFi protocol, and their complicated nature combined with DeFi's composability means these attack vectors often evade conventional audits. Elevating DeFi security to safeguard against flash loan attacks Seeing the need to prevent these attacks, Quantstamp collaborated with researchers from the University of Toronto to advance their research into a production-level automated tool.
With the tool now fully developed, Quantstamp is unveiling a new service for DeFi clients called Economic Exploit Analysis, where the Quantstamp team uses the tool to detect flash loan attack vulnerabilities in a client's code. Available for both deployed and undeployed protocols, this innovative service will vastly benefit the entire DeFi ecosystem by reducing the number of flash loan attacks and the amount of funds lost to those hacks. Quantstamp believes that the Economic Exploit Analysis service will have a lasting impact on the DeFi ecosystem.
Coupled with Quantstamp's core business offering, smart contract audits, services such as Economic Exploit Analysis will foster a safer and more secure environment for both DeFi companies and their users, pushing the industry further toward mainstream adoption. As per Quantstamp’s officials, DeFi has the potential to change the global financial infrastructure for the better, but its success requires pre-empting threats like flash loan attacks. They developed this tool to provide DeFi protocols an extra layer of security on top of audits.
As DeFi evolves, security measures need to evolve with it. Services like Economic Exploit Analysis give them an edge against hackers. Automated search tool with manual expertise in Economic Exploit Analysis While the search process of the tool is automated, some manual guidance and protocol-specific adaptations are required.
In addition to checking clients' contracts, auditors also incorporate contracts from the integrated and other relevant DeFi protocols, which enhances Quantstamp's ability to discover flash loan attack vectors that involve multiple protocols. While the search tool is non-exhaustive, meaning that attacks may still exist even if the automated tool doesn't detect them, its practical success rate is remarkably high. Currently available across all EVM-compatible chains, the Economic Exploit Analysis service has the potential to adapt the tool to other blockchains and VMs (virtual machines) suffering from similar attack vectors.
Quantstamp also offers security services including smart contract audits, ZK rollup audits, and more. Quantstamp is blockchain-agnostic, conducting audits for several other blockchains beyond Ethereum including Solana, Flow, Cardano, Avalanche, Binance Smart Chain, Near, Hedera Hashgraph, Tezos, Aptos, and Sui. .
Aug 24, 2023 13:13
Original link