Compound Oracle Attack Raises Concerns over Blockchain Betting

On November 26, an illiquid market for DAI-USDC on Coinbase experienced heavy price slippage. Due to a malicious attack or an error, “stablecoin” DAI moved from $1 to $1.30, 30% away from peg.

Compound, the third-largest DeFi platform, was among the most adversely affected networks as it uses DAI-USDC Coinbase market for its price feed.

As a result, some users of Compound who had borrowed DAI suddenly found that their debt had shot up 30%. Typically, when a user borrows funds within the network, they need to provide collateral exceeding the amount borrowed. Therefore, all loans are usually over-collateralized.

Bitcoin Blockchain

However, when the oracle exploit led to a spike in DAI’s price, the loans were suddenly under-collateralized. When this happened, built-in protocol rules on Compound forced liquidations on all affected borrowers’ positions.

In total, over $100 million was liquidated on Compound following the exploit according to DeFi tracker LoanScan. This went on record as its biggest liquidation yet. Back in July, Compound saw liquidations worth $6.4 million in a span of 24 hours.

2020 Oracle Attacks in Review

Known as “Oracle attacks,” these exploits are not new. Essentially, an oracle allows a smart contract to communicate with sources that are not blockchain-based. They often provide price feeds for DeFi platforms. Exploits based on the manipulation of oracles have been on the rise during the past few months.

In February 2020, there were multiple attacks on the Ethereum-based lending project bZx. During its first flash loan-based attack, malicious actors made off with $350,000-worth of ETH. The second attack took place less than a week after, leading to the loss of ETH worth $633,000.

In October 2020, there was a similar attack on the Harvest Finance token, resulting in a collective loss of $33 million for users of the protocol. Most recently on November 14, 2020, attackers exploited an oracle vulnerability on Value DeFi, siphoning off tokens worth over $7 million.

In most of these incidents, malicious actors manipulate price oracles, creating exchange rates that allow for arbitrage. Once this happens, they get an opportunity to make off with protocol assets. And in other cases, it could be a malfunction on the part of the feed source information.

Manipulation Concerns in the Blockchain Betting Industry

No matter the underlying cause, these attacks raise concerns both within the crypto ecosystem and beyond. Concerns extend to spheres like the gambling market where the use of blockchain technology is fast gaining popularity.

Notably, it is not an issue for traditional casinos, as these usually run everything through private databases. Rather, for blockchain-based services, the moment external data is involved, system security is in trouble.

Many of the games on these sites make use of off-chain market data to determine outcomes. That is necessary because there is no feasible solution for smart contracts to look up external data on their own.

While oracles are indispensable in this implementation of blockchain technology, the security risk that they pose is considerable too. The security of a blockchain lies in the fact that there is no single point of failure. But the oracle becomes one.

Unfortunately, there is no universally accepted oracle in blockchain betting. Nick from TheBitcoinStrip said, “If blockchain gambling is to succeed, smart contract developers need to think carefully about the oracle problem.

Public blockchain gambling apps, particularly on Ethereum need to think hard about how they generate winning numbers. They have to ensure that the event results that they feed into smart contracts are trustworthy and reliable to avoid exploits.”

For the most part, smart contract casino games are not at risk. However, for those using foreign exchange prices or increasingly popular prediction markets, such as the poly market, this issue could lead to large losses if not properly mitigated.

An evaluation of feasible remediation strategies and their implementation is of utmost importance. Resolving this problem could end up being one of the most worthwhile contributions that the online betting industry makes to the blockchain.

Once the solution is found, it will get widespread applications beyond gambling and possibly trigger a true blockchain overhaul.

 

E-Crypto News Executive Interviews



Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

Millions in Cryptocurrency Stolen by Scammers in the Last Month According to Tenable Research
November 24, 2021
Behind The Scenes: How this Crypto Community Responded to + $50m Hack
October 18, 2021
Crypto Scams
Crypto Scams Still Persistent In 2021, SEC Warns About Red Flags To Watch
September 9, 2021
Poly Network
Here’s How Hackers Stole Over $600 million in the Poly Network Attack
August 12, 2021
The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021

Blockchain/Cryptocurrency Questions and Answers

Crypto casinos
How Does Bitcoin Casino Work + 2021 Beginner’s Guide
November 8, 2021
Cryptocurrency
How to Buy and Sell Cryptocurrency
November 8, 2021
What Are Bitcoin Futures And How Will They Work In 2022?
November 4, 2021
Ethereum
The Unconventional Guide to Ethereum
October 28, 2021
ICo Presale
The Science Behind ICO Presales…
October 14, 2021


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin54,514 0.43 % 0.81 % 9.27 %
Ethereum4,092.7 0.19 % 1.07 % 7.74 %
Binance Coin595.46 0.05 % 2.18 % 1.66 %
Tether0.9986 0.03 % 0.08 % 0.23 %
Solana189.73 0.05 % 3.97 % 13.10 %
Cardano1.500 0.16 % 4.07 % 21.98 %
XRP0.9263 0.30 % 2.97 % 15.81 %
USD Coin1.000 0.14 % 0.20 % 0.17 %
Polkadot30.87 2.19 % 17.29 % 10.73 %
Dogecoin0.2215 0.68 % 1.42 % 7.23 %

bitcoin
Bitcoin (BTC) $ 54,301.00
ethereum
Ethereum (ETH) $ 4,088.18
binance-coin
Binance Coin (BNB) $ 596.04
tether
Tether (USDT) $ 1.00
solana
Solana (SOL) $ 190.16
cardano
Cardano (ADA) $ 1.50
xrp
XRP (XRP) $ 0.92763
usd-coin
USD Coin (USDC) $ 1.00
polkadot
Polkadot (DOT) $ 33.63
dogecoin
Dogecoin (DOGE) $ 0.200286