Quantstamp introduces tool to detect protocols’ flash loan attack vulnerability

The new service, called Economic Exploit Analysis, uses University of Toronto research and will work on any EVM-compatible blockchain.

Blockchain security provider Quantstamp has launched an automated service to detect flash loan attack vectors in smart contracts. The new service is being called Economic Exploit Analysis and is based on research done at the University of Toronto.  

Economic Exploit Analysis will be available to protocols, whether they have been deployed or not. It will enhance Quantstamp’s audits by identifying flash loan attack vulnerabilities in a client’s code. The service will be available on any Ethereum Virtual Machine (EVM)-compatible blockchain and is non-exhaustive — that is, it may not detect all attacks.

In decentralized finance (DeFi), a flash loan is an unsecured loan that has to be taken out and paid back in the same transaction. Flash loans can be used to take advantage of price differences between crypto exchanges (arbitrage), debt refinancing and similar actions. A flash loan attack is the manipulation of DeFi protocols in ways developers did not foresee. Quantstamp explained:

“Flash loan attacks can drain the entire TVL (total value locked) of a DeFi protocol, and their complicated nature combined with DeFi’s composability means these attack vectors often evade conventional audits.”

Related: Ripple expands Canadian engineering activities with U of Toronto XRP validator

The need for greater security in DeFi markets is garnering increasing attention. The problem of flash loan largest attacks, in particular, was brought into focus when Euler Finance was attacked in March. Last year, over $2 billion worth of crypto was stolen in hacks and exploits.

Coinbase’s new Base layer-2 is also addressing security vulnerabilities. It is developing a monitoring tool that it is calling Pessimism to “provide prompt notification of anomalies in the protocol and network, such as account balance irregularities, contract events, or disparities between L1 and L2 states,” it announced in a recent blog post.

Collect this article as an NFT to preserve this moment in history and show your support for independent journalism in the crypto space.

Magazine: The trouble with automated market makers

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe To The Latest Crypto News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.