Go to OpenReview Archive homepageFlashSyn: Flash Loan Attack Synthesis via Counter Example Driven Approximation
Abstract: In decentralized finance (DeFi), lenders can offer flash loans to borrowers, i.e., loans that are only valid within a blockchain transaction
and must be repaid with fees by the end of that transaction. Unlike
normal loans, flash loans allow borrowers to borrow large assets
without upfront collaterals deposits. Malicious adversaries use flash
loans to gather large assets to exploit vulnerable DeFi protocols.
In this paper, we introduce a new framework for automated synthesis of adversarial transactions that exploit DeFi protocols using
flash loans. To bypass the complexity of a DeFi protocol, we propose
a new technique to approximate the DeFi protocol functional behaviors using numerical methods (polynomial approximation and
nearest-neighbor interpolation). We then construct an optimization
query using the approximated functions of the DeFi protocol to
find an adversarial attack constituted of a sequence of functions
invocations with optimal parameters that gives the maximum profit.
To improve the accuracy of the approximation, we propose a novel
counterexample driven approximation refinement technique. We
implement our framework in a tool named FlashSyn. We evaluate
FlashSyn on 16 DeFi protocols that were victims to flash loan attacks and 2 DeFi protocols from Damn Vulnerable DeFi challenges.
FlashSyn automatically synthesizes an adversarial attack for 16of the 18 benchmarks, demonstrating its effectiveness in finding
possible flash loan attacks.
Loading