So is this a case of Nirvana code that allowed it to be exploited? I don't see flash loans as being inherently bad, as tweets and articles play it up to be.
I imagine professional/sovereign exploitation teams are looking for contracts that can be exploited, and have tooling and workflow processes in place to test exploits before deploying on a live blockchain network.
Dumb question: could some of these attacks be mitigated (or at least made more costly) with transaction size caps? I feel like there’s a monthly drip of stories like this.
Suspending payments at banks usually are used to avoid bank runs. I believe the parent was trying to point out that crypto is learning why banks are the way they are now.
That's not how most banks work, you may have been at one that had the person with authority but transfers over certain amounts ($1M around here) require multiple reviews and certain people. You can do it in a day (and regularly do for wires) but it requires additional steps and authorization. Banks also don't necessarily have all of the cash you'd need on hand.
I actually vaguely remember some friend relating a story about someone trying to pull a currency manipulation stunt against a bank. Basically they had some system where someone could approach the bank and ask for a quote on an FX pair. And then after that decide if they wanted to trade and if so how much and which side they wanted to take. So they sold this bank more and more of some currency right. And some junior at the bank was adjusting to this, the more they had of this currency the more they changed the price. Some senior learned about this was horrified and explained that they were being scammed, that the counterparty was gonna do a big transaction the opposite way after moving the price far enough. So he set the price right back to where it started. And that stopped the suspicious trades immediately.
So the problem was that Nirvana's Oracle Feed, that reported the price of ANA, was manipulated into showing a market price higher than was purchased by the exploiters. Who then sold their ANA back at the higher price for USDT, thus making a profit.
So how was the Nirvana Oracle manipulated to report a higher price for ANA? My guess is that the large purchase was enough to push the price higher (by 35%) and make the flash loan transaction profitable.
15 comments
[ 4.4 ms ] story [ 45.3 ms ] threadI imagine professional/sovereign exploitation teams are looking for contracts that can be exploited, and have tooling and workflow processes in place to test exploits before deploying on a live blockchain network.
Cheers
So how was the Nirvana Oracle manipulated to report a higher price for ANA? My guess is that the large purchase was enough to push the price higher (by 35%) and make the flash loan transaction profitable.
This has been done many times before in the crypto space.
Literally the exact same exploit.
https://cointelegraph.com/news/inverse-finance-exploited-aga...
https://cryptobriefing.com/deus-finance-suffers-3m-oracle-ex...
https://medium.com/valixconsulting/twindex-full-incident-ana...
Just Google "flash loan oracle exploit" and you will see just how many time this has been done before lol.
Oh wait - that never happened.