15 comments

[ 4.4 ms ] story [ 45.3 ms ] thread
So is this a case of Nirvana code that allowed it to be exploited? I don't see flash loans as being inherently bad, as tweets and articles play it up to be.

I imagine professional/sovereign exploitation teams are looking for contracts that can be exploited, and have tooling and workflow processes in place to test exploits before deploying on a live blockchain network.

Cheers

Dumb question: could some of these attacks be mitigated (or at least made more costly) with transaction size caps? I feel like there’s a monthly drip of stories like this.
Withdrawal limits? Sometimes it does seem like they are re-inventing banking.
I’ve not heard of banks with withdrawal limits, ATMs maybe, but if I go to a counter I gotten entire house price money out in 1 go
Not in the EU. Banks tend to not allow you to do that
Suspending payments at banks usually are used to avoid bank runs. I believe the parent was trying to point out that crypto is learning why banks are the way they are now.
Indeed. Defi/Crypto can't solve all of the problems that banks are faced with.
That's not how most banks work, you may have been at one that had the person with authority but transfers over certain amounts ($1M around here) require multiple reviews and certain people. You can do it in a day (and regularly do for wires) but it requires additional steps and authorization. Banks also don't necessarily have all of the cash you'd need on hand.
I actually vaguely remember some friend relating a story about someone trying to pull a currency manipulation stunt against a bank. Basically they had some system where someone could approach the bank and ask for a quote on an FX pair. And then after that decide if they wanted to trade and if so how much and which side they wanted to take. So they sold this bank more and more of some currency right. And some junior at the bank was adjusting to this, the more they had of this currency the more they changed the price. Some senior learned about this was horrified and explained that they were being scammed, that the counterparty was gonna do a big transaction the opposite way after moving the price far enough. So he set the price right back to where it started. And that stopped the suspicious trades immediately.
Crypto: speedrunning millenia of financial failures.
So the problem was that Nirvana's Oracle Feed, that reported the price of ANA, was manipulated into showing a market price higher than was purchased by the exploiters. Who then sold their ANA back at the higher price for USDT, thus making a profit.

So how was the Nirvana Oracle manipulated to report a higher price for ANA? My guess is that the large purchase was enough to push the price higher (by 35%) and make the flash loan transaction profitable.

(comment deleted)
I totally remember the time the oracle feed flash loan thing on my fdic insured US dollars was hacked and it violently went to near zero.

Oh wait - that never happened.