Beyond Code Vulnerabilities: Economic Audits and Security of DeFi Protocols

CN
Foresight News
Follow
1 year ago

The security of DeFi protocols relies not only on technical audits but also on economic audits, which can assess risks such as market volatility, governance vulnerabilities, and liquidity, providing more comprehensive protection.

Written by: Chainrisk

Translated by: Sissi@TEDAO

The vulnerabilities of DeFi protocols arise not only from code defects or attacks but also from economic factors such as market volatility, governance manipulation, and liquidity crises. Traditional technical (code) audits primarily focus on whether the code operates as intended but often fail to consider the impact of economic conditions, such as market pressure or manipulation, on the stability of the protocol.

Technical (code) audits aim to ensure that the code operates as expected and that there are no exploitable vulnerabilities or defects. However, the scope of technical audits is typically limited to an independent review of the protocol itself, failing to consider the broader economic environment or the interdependencies between protocols.

What is an economic audit?

  1. An economic audit is a security practice that goes beyond the scope of technical audits. While technical audits typically focus on identifying code vulnerabilities or defects, economic audits assess the protocol's performance under various economic scenarios by simulating real market conditions and stress testing.
  2. The focus of economic audits is on understanding the economic interactions within DeFi protocols and how external factors such as market volatility, liquidity crises, and governance manipulation can exploit the protocol's vulnerabilities.
  3. One of the key aspects of economic audits is simulating market conditions, such as severe price fluctuations, changes in liquidity, or shifts in user behavior. Another critical component is reviewing the governance structure of DeFi protocols. Governance-related vulnerabilities may allow malicious actors to control the protocol by manipulating the voting system, as seen in the Beanstalk incident.
  4. Additionally, economic audits evaluate the incentive mechanisms within the protocol to ensure they promote healthy participation and prevent malicious behavior. For example, poorly designed incentives may encourage attacks or opportunistic behavior, undermining the protocol's stability. Economic audits also analyze the potential cascading effects that may arise when a protocol or token is attacked, especially in the highly interconnected DeFi ecosystem, where such cascading effects can have severe consequences.
  5. These audits aim to predict the cascading effects that a single attack may trigger across multiple protocols, similar to how financial crises in traditional markets can spread from one industry to another. The highly interconnected nature of DeFi makes these cascading effects particularly dangerous, as the failure of one protocol can severely impact the liquidity, pricing, and governance of other protocols.
  6. Finally, economic audits assess whether the risk parameters within the protocol are well-calibrated to withstand potential stress or manipulation. Economic audits can help protocols identify and mitigate economic vulnerabilities that technical audits may overlook, thereby providing a more comprehensive security framework for the DeFi ecosystem.

Technical Audit vs. Economic Audit

While both types of audits are crucial, they focus on different aspects and cannot replace each other.

Simple, indivisible atomic operations vs. complex operations dependent on external factors

  • Technical Audit: Focuses on ensuring that the code executes atomic operations, meaning operations either fully execute or completely fail, minimizing the risk of attacks that may arise from partial execution failures. Technical audits examine specific code logic to ensure it operates as intended and is free of vulnerabilities or defects.
  • Economic Audit: Economic audits go beyond the realm of atomic operations, focusing on the broader economic environment where complex operations exist. These operations depend on external factors to the protocol, such as external liquidity, market prices, or governance decisions. Economic audits assess how these external factors may trigger vulnerabilities or risks within the protocol by simulating these conditions.

Code vulnerabilities vs. exploitability

  • Technical Audit: Aims to identify specific vulnerabilities in the code that may be exploited by attackers. For example, if a function does not have proper security mechanisms in place, a hacker may exploit it to steal funds or alter critical parameters of the protocol.
  • Economic Audit: Unlike technical audits that focus on code vulnerabilities, economic audits examine how broader economic conditions may expose the protocol to attack risks. For instance, governance mechanisms with economic risks may lead to malicious takeovers or market manipulation events, severely impacting the protocol.

Audit scope (internal/external to the protocol)

  • Technical Audit: The scope of technical audits is typically defined by the protocol itself. The focus is on reviewing the codebase, identifying technical vulnerabilities, and ensuring the protocol operates as expected from a purely functional perspective.
  • Economic Audit: The scope of economic audits is broader, analyzing not only the internal logic of the protocol but also its interactions with the wider DeFi ecosystem, including external factors such as market conditions, liquidity, token interdependencies, and governance structures. This broader scope provides a more comprehensive risk analysis, especially important in the dynamic and interconnected DeFi ecosystem.

Exploitation of vulnerabilities in different contexts

  • Technical Audit: Primarily ensures that the code itself does not have specific vulnerabilities, such as reentrancy bugs or integer overflow errors. Once a technical audit is completed, the code is considered safe in a controlled environment.
  • Economic Audit: In contrast, economic audits assess the protocol's performance in real-world scenarios where external economic pressures (such as price manipulation or governance attacks) may expose vulnerabilities. Economic audits ensure that the protocol remains secure even under the influence of these external factors by simulating real economic conditions.

Differences in audit scope

  • Technical Audit: The scope is usually limited to the internal operations and codebase of the protocol. The audit focuses on checking whether the smart contracts operate as intended and ensuring that the code is free of errors and logical flaws.
  • Economic Audit: The scope is broader, taking into account external influencing factors such as market dependencies, governance structures, and liquidity constraints. Economic audits assess the protocol's interactions with the wider DeFi ecosystem and analyze whether the protocol can withstand economic pressures.

Technical audits and economic audits complement each other, both are essential, and together they build a complete security assurance system.

Key vulnerabilities not covered by technical audits

Technical audits cannot address certain vulnerabilities arising from external economic factors, dependencies, and interactions with other protocols, which need to be identified and mitigated through economic audits.

Token correlation and cascading effects

Token correlation is an important source of risk in DeFi, as tokens from different protocols may depend on each other. For example, when the price of a token from one protocol plummets, it may trigger cascading effects across multiple platforms.

Technical audits typically do not assess the potential cascading effects that may arise when tokens within a protocol are affected by external economic conditions (such as market downturns or attacks on other protocols).

In contrast, economic audits analyze the protocol's response to such events by simulating these scenarios. For instance, the collapse of Terra Luna, where its stablecoin depegged, triggered widespread destruction across the entire DeFi ecosystem.

Oracle dependency and price manipulation

Many DeFi protocols rely on oracles to obtain external data, such as token prices or interest rates. However, this dependency introduces a common vulnerability: if the oracle is compromised, or if the data it provides is inaccurate or manipulated, the protocol may face significant risks.

Price manipulation attacks are a typical form of economic attack, where attackers profit by manipulating the token prices provided by oracles, for example, by exploiting arbitrage opportunities or forced liquidations.

Technical audits typically only ensure that the code can correctly interact with oracles but do not assess the risk of price manipulation at the oracle level, which can have devastating effects on the protocol.

Governance attacks

Governance vulnerabilities are another major risk in DeFi protocols, especially in systems where voting power is tied to token holdings. Attackers can exploit governance mechanisms to take over the protocol, propose malicious proposals, or steal funds, as demonstrated in the Beanstalk vulnerability incident. In this incident, the attacker temporarily borrowed a large amount of tokens through a flash loan, controlling 79% of the voting power, which led to the proposal of malicious actions and the theft of $181 million.

Technical audits typically overlook governance structures, focusing instead on examining the smart contract code. However, economic audits analyze potential vulnerabilities in governance systems, particularly the risks associated with temporarily increasing voting power through means such as flash loans, which are often difficult for technical audits to detect.

Liquidity crises and protocol stress

Liquidity crises pose a significant threat to DeFi protocols. When a protocol's liquidity suddenly decreases, it may trigger price slippage, forced liquidations, or collateral shortages, leading to a vicious cycle that puts pressure on the entire protocol. Liquidity crises can be triggered by various factors, such as market downturns, increased token volatility, or large withdrawals.

Technical audits ensure that smart contracts operate correctly under normal conditions, but they do not simulate low liquidity stress scenarios, where the protocol may become vulnerable to attacks or unexpected behavior. In contrast, economic audits simulate these stress conditions, assessing how the protocol responds to liquidity constraints and testing whether the protocol has mechanisms in place to cope with or recover from such crises.

Typical cases of economic attacks

These cases illustrate how attackers exploit economic weaknesses in the design and structure of DeFi protocols rather than code vulnerabilities.

Case 1: Mango Market Attack

  • Date: October 2022
  • Attack Method: Price manipulation
  • Loss Amount: $116 million

In this vulnerability, the attacker manipulated the price of the Mango token ($MNGO), causing price discrepancies across multiple exchanges, which triggered large-scale liquidations and ultimately drained the protocol's funds. The attack process is as follows:

  1. Initial Setup: The attacker used two wallets, each holding $5 million in USDC, to initiate the attack. Wallet 1 placed a large sell order for MANGO tokens worth $483 million at a low price of $0.0382.
  2. Price Manipulation: Subsequently, Wallet 2 was used to purchase all the MANGO tokens sold by Wallet 1 at this low price. The attacker then began to buy MANGO tokens in large quantities across multiple trading platforms (including Mango Markets, AscendEX, and FTX), driving the price up from $0.0382 to $0.91, resulting in a significant short-term increase.
  3. Exploiting the Price Surge: This sudden price surge led to a large number of short positions being liquidated, as the price of MANGO tokens exceeded the collateral value of the short sellers. As a result, the attacker profited from the price increase, while the price of MANGO tokens subsequently fell to $0.0259.

Result: The attack caused a significant loss of liquidity for Mango Market, with over 4,000 short positions being liquidated, further undermining the stability of the protocol. This economic attack did not rely on technical vulnerabilities but exploited cross-platform price manipulation, indicating that economic audits can prevent or mitigate the impact of attacks by simulating price manipulation scenarios.

Case 2: Beanstalk Attack

  • Date: April 2022
  • Attack Method: Governance Manipulation
  • Loss Amount: $181 million

The Beanstalk attack involved the attacker controlling the governance system to push through malicious proposals. This attack highlighted how governance vulnerabilities, if mismanaged, can cause damage as severe as technical flaws. The key steps of the attack are as follows:

  1. Governance Vulnerability Attack: The attacker proposed two proposals to transfer tokens from the Beanstalk treasury to their personal wallet. These proposals were disguised as legitimate governance changes. Beanstalk's governance system required an emergency proposal vote (emergencyCommit), and if the proposal received two-thirds of the votes, it could be approved.
  2. Flash Loan Attack: The attacker temporarily borrowed a large amount of Beanstalk tokens through a flash loan, enough to control 79% of the voting power. After gaining an absolute majority, the attacker successfully pushed these proposals through, executing the transfer of tokens from the Beanstalk treasury to their personal wallet.

Result: This successful governance attack led to the BEAN token being depegged, resulting in a 75% loss in price and severely impacting the stability of the protocol. The total loss from this attack reached $181 million. If an economic audit had been conducted to simulate governance-related risks, this situation could have been mitigated to some extent. Economic audits can identify the risks of governance manipulation, particularly the possibility of temporarily gaining voting control through flash loans, a scenario often overlooked by traditional technical audits.

These two cases highlight the essential complementary role of economic audits to technical audits, ensuring that protocols can withstand attacks from price manipulation and governance vulnerabilities, areas that are often inadequately examined in traditional security assessments.

Case 3: Terra Luna Stablecoin Depegging Incident

The collapse of the Terra Luna ecosystem is a notable example of a protocol failure caused by economic factors rather than technical vulnerabilities. This event is often viewed as a textbook case of economic mismanagement, demonstrating how a loss of control in one area can trigger a cascading collapse of the entire DeFi ecosystem.

Terra's stablecoin UST was algorithmically pegged to the US dollar, relying on its relationship with the Luna token to maintain price stability. The design concept was that UST could always be exchanged for Luna at a certain ratio, thereby keeping the price stable. However, this system was highly dependent on market confidence and liquidity, both of which began to collapse as external economic pressures intensified.

In May 2022, a significant market event caused UST to depeg, with its price falling below $1. This triggered a "death spiral" effect, as holders of UST rushed to exchange their tokens for Luna, rapidly diluting the supply of Luna and causing its price to plummet. As the depegging of UST continued to worsen, a feedback loop formed, leading to the collapse of both UST and Luna prices, ultimately rendering the protocol irrecoverable.

The collapse of Terra Luna had widespread implications for the DeFi ecosystem. Many protocols were highly interconnected with Terra through liquidity pools, lending platforms, and staking services, leading to a liquidity crisis that caused other protocols to experience massive liquidations and financial losses due to their indirect exposure to Terra.

This collapse did not stem from any specific code vulnerabilities or technical flaws but was due to economic mismanagement—specifically, reliance on an algorithmic stablecoin that lacked sufficient reserves or protective mechanisms to withstand market volatility. Technical audits could not uncover this vulnerability because the root of the problem lay in the protocol's economic model, underscoring the necessity of economic audits, which can simulate depegging scenarios and liquidity crises to identify such risks.

The collapse of Terra Luna illustrates how the failure of one protocol can trigger a cascading effect throughout the entire DeFi ecosystem, emphasizing the importance of assessing interdependencies between protocols during audits. This collapse stemmed from an unsustainable economic model (algorithmic stablecoin) that was unprepared to handle extreme market conditions. Economic audits can reveal the vulnerabilities of protocols by simulating these extreme scenarios.

The lack of sufficient reserves and failure to consider extreme market volatility were key reasons for the collapse of Terra Luna, highlighting the importance of testing for such risks in economic audits.

This case emphasizes that no matter how technically sound a protocol's code may be, it remains vulnerable to economic collapse without adequate stress testing of its economic model and consideration of market conditions.

DeFi Protocol Layered Architecture

DeFi protocols are typically composed of multiple layers, each playing a specific role in the overall functionality of the protocol. These layers usually include:

1. Core Protocol Layer: This is the foundation of the protocol, containing smart contracts that define the operations of the protocol, such as lending, staking, or trading. Technical audits typically focus on this layer to ensure that smart contracts execute as intended and are free of vulnerabilities or programming errors.

2. Oracle Layer: DeFi protocols often rely on oracles to obtain real-time data from external sources (such as price data, interest rates, etc.). This layer is crucial for the normal operation of the protocol, as incorrect data can lead to price errors, insufficient collateral, or other risks. Economic audits will examine the protocol's reliance on oracles and the potential risks of oracle manipulation, which technical audits often cannot fully cover.

3. Governance Layer: Many DeFi protocols adopt decentralized governance structures to decide on key changes to the protocol. The governance layer involves voting, token-based decision-making, and protocol changes. Economic audits will analyze vulnerabilities in the governance structure, such as voting power manipulation or flash loan attacks, where attackers temporarily gain significant voting power to influence protocol decisions.

4. Liquidity Layer: The liquidity layer ensures that the protocol has sufficient liquidity to operate normally. In lending or trading protocols, the liquidity layer determines whether users can access funds or execute trades. Economic audits will simulate liquidity stress scenarios to test the protocol's performance under conditions of insufficient liquidity, such as large withdrawals or sudden market downturns.

### Economic Risks in Layered Architecture

In the layered architecture of DeFi protocols, the interactions between layers can introduce economic risks that are often not covered by traditional technical audits.

  1. Inter-Protocol Dependencies: Many DeFi protocols are interdependent, relying on other protocols for liquidity, collateral, or data. For example, a lending protocol may depend on an external stablecoin as collateral. If that stablecoin collapses or loses its peg to fiat currency, the lending protocol may become under-collateralized, leading to massive liquidations.
  2. Cascading Effects Between Protocols: Attackers can exploit the interrelationships between protocols by attacking one layer, thereby affecting other layers and causing broader losses. For instance, an attacker might manipulate the asset price in one protocol (through oracle manipulation), thereby impacting lending, trading, or collateral operations in other protocols.
  3. Liquidity Crises: The layered architecture also introduces the risk of liquidity crises, where the liquidity of one layer depends on another. A sudden withdrawal of liquidity from a liquidity pool may affect the normal operation of the protocol, leading to cascading failures throughout the entire protocol and impacting the normal functions of other layers.

The interconnectedness of DeFi protocols means that risks often propagate across multiple layers. A vulnerability in one layer (such as the oracle or governance layer) can trigger cascading effects, leading to failures in other layers (such as the liquidity layer or core operational layer). Technical audits primarily focus on the core protocol, ensuring that smart contracts execute as intended, but they cannot simulate the systemic risks arising from the interactions between these layers.

The layered architecture of DeFi protocols introduces complex economic risks that cannot be fully captured by technical audits alone. Economic audits provide critical assessments of the interactions between different layers, analyzing how they may be exploited or face pressure under real-world conditions, thereby helping to identify potential risk points.

Conclusion

Relying solely on technical audits is insufficient to protect DeFi protocols from broader economic risks. Economic audits simulate real market conditions, conduct stress tests, and assess the resilience of protocols under scenarios of price manipulation, liquidity crises, and governance vulnerabilities. The DeFi industry must prioritize economic risk management to safeguard protocols from systemic threats. Currently, the market for economic audits is underdeveloped, presenting significant opportunities for companies focused on this area. The future of DeFi security will require a combination of technical and economic audits to ensure protocols can withstand a wider range of vulnerability risks.

免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。

Share To

Related Articles

avatar
avatarOdaily星球日报
1 hour ago
Web3 Lawyer Interpretation: New Regulations from 8 Departments Implemented, RWA Regulatory Path Officially Clarified
avatar
avatar深潮TechFlow
6 hours ago
AINFT AI Aggregation Platform "Airdrop Carnival Season" is here: A prize pool of 16,000 USDT invites you to enjoy mainstream AI large models.
avatar
avatarOdaily星球日报
8 hours ago
Airdrop Weekly Report | Polymarket submits trademark registration application for "POLY"; Bithumb recovers 620,000 BTC mistakenly airdropped to users (2.2-2.8)
avatar
avatarPANews
9 hours ago
After working at Multicoin for three years, what do you think about "signal king" Kyle announcing his retirement from the industry?
avatar
avatarTechub News
9 hours ago
Fu Jin: AI and digital assets have become a "must-answer question" for institutions, and the Global Leaders Camp will reshape the cognitive system of industry talent.
APP

X

Telegram

Facebook

Reddit

CopyLink