Hacking Attacks: Ethereum vs Terra Flash Loans

It is standard for DeFi platforms to offer over-collateralized loans, in which borrowers deposit more in assets than they withdraw. Some DeFi platforms (like AAVE) support a newer type of loan, the flash loan. When a loanee takes out a flash loan, no collateral is required. This is achievable because flash loans are repaid within the same transaction that they are taken out – a smart contract is used to rapidly perform a series of transactions that result with the loanee ultimately repaying the loan.

Flash loans are atomic, meaning that they are only processed if all included transactions are executed. If they are not, they are rolled back. This enables individuals to borrow massive sums with almost no risk. It is common for borrowers to withdraw tens of thousands, millions, or even tens of millions of dollars at once, albeit for a brief period.

Flash loans have three primary uses: trading arbitrage, collateral swapping, and self-liquidation. Here’s an explanation of each:

• Trading Arbitrage: Different exchanges may charge different prices for certain assets, opening opportunities to purchase and sell the same assets on different exchanges for a profit. This process is called “trading arbitrage”. While it can be done manually, doing so usually doesn’t yield much of a profit, since the prices of these assets usually only differ by a fractional amount. Flash loans can be used to automatically execute large arbitrage orders, quickly turning a much larger profit.

• Collateral Swapping: Changing the base collateral used in DeFi loans can be frustrating and time-consuming, especially for those who diversify their collateralized assets. Flash loans can be used to quickly pay off loans in order to free locked assets, then swap those assets for others.

• Self-Liquidation: If a traditional DeFi loan’s base collateral decreases in value too greatly, it will be liquidated. Meaning, collateralized assets will be sold at a discount in order to repay the loan, yielding a loss for the borrower. Flash loans can be used to self-liquidate, fully paying off the loan and withdrawing the collateralized assets without a loss.

Because flash loans are atomic, they are risk-reduced. However, they are not entirely risk-free. Flash loans incur network fees regardless of whether or not they succeed. This exposes loanees to front-running, in which other parties execute identical flash loans while paying higher network fees. Front-ran flash loans are processed first, often leaving original loanees with nothing but network fees to pay.

Most flash loan platforms use the Ethereum Network because it was the first major DeFi-supportive network to gain mass adoption. With Ethereum gas fees as high as they are, front-running has become a major issue for those seeking flash loans.

The use of Ethereum for flash loans poses another serious risk. Ethereum smart contracts are vulnerable to reentrancy attacks, during which hackers withdraw all funds stored within a smart contract. This is done using an external smart contract that withdraws funds multiple times before the withdrawn balance is confirmed.

Ethereum smart contracts are uniquely vulnerable to reentrancy attacks due to Ethereum’s Solidity programming language. Technical jargon aside, Ethereum smart contracts are only secure if coded in a very specific way. Minor mistakes can leave them highly vulnerable. In fact, a single misarranged line of code allowed hackers to steal USD 60 million of Ether in the infamous “The DAO” hack.

If a reentrancy vulnerability is found within the smart contracts of popular Ethereum-based DeFi platforms, flash loaners could lose millions. Needless to say, many are looking for DeFi solutions outside of the Ethereum Network. One alternative that has been gaining popularity recently is White Whale, the first cryptocurrency project to offer flash loan UST arbitrage within the Terra ecosystem.

Flash loans on Terra are much more secure than flash loans on Ethereum. This is because Terra is built using Cosmos, which powers several other popular projects like Binance Chain. Cosmos’ smart contract engine (CosmWasm) does not allow calls to external smart contracts, and Terra’s smart contract language is far more forgiving than Ethereum’s. This makes White Whale’s arbitrage system immune to reentrancy attacks.

As for frontrunning, it is an inescapable risk. The best course of action is to reduce its likelihood and the damage that it causes. Most front-running attacks are performed on the Ethereum Network by bots, which take advantage of Ethereum’s high and volatile gas prices. Switching to a network with lower and more stable network fees can greatly reduce frontrunning risk.

White Whale offers a sleek and easy web-app interface that makes arbitrage accessible to everyone.