The famous premise of “Code is Law,” along with many of those who acclaim it, falls apart when we remember that human nature is both clumsy and often malicious.

Code is created by programmers who, being human, can make mistakes. If there is one thing that TheDAO¹ left us with as a moral, among many other things, it is that those errors or “bugs” can be very costly for the community and the whole industry.

As we said, in addition to being clumsy, it can be malicious. The mischievous use of consensus mechanisms for unsanct and difficult-to-detect purposes has given rise to several flash attacks in recent years, in which innovation has crossed paths with the not-so-obvious innocence of the founders of more than one DAO.

A Decentralized Autonomous Organization, or DAO, is partially characterized by being made up of members, or token holders, with voice and/or voting rights (governance rights). When members are allowed to make decisions concerning different areas of governance, such as the Treasury, creativity is met with bad faith by those who are fast enough. Interestingly, John Nash’s game theory plays a very important role in these cases.

Consensus mechanisms are a computational problem that miners solve to verify and validate the information added to the distributed system, ensuring that only authentic transactions are recorded in the blockchain. By not depending on a central authority to validate the transactions and their veracity, as well as their content, these consensus mechanisms are the ones that perform this work in the blockchain itself and through different computational operations.

For these mechanisms to run optimally within a protocol, three aspects must be considered fundamentally. This is where the scalability trilemma, named by Ethereum founder Vitalik Buterin, is generated, since a consensus mechanism can, for the time being and due to current technological limitations, be limited to fulfilling only two of the three network characteristics:

• Network security,
• Scalability in the form of transaction throughput, and
• Decentralization (as the network’s ability to continue operating despite failures or attacks)

The imbalance between these and the high risks taken by DAOs explains why some protocols even offer million-dollar rewards for bounty hunters. Others, instead of taking such an offer, prefer flash attacks.

Beans: a particular stable token

Mid-April 2022 saw the most significant lightning attack on a decentralized finance (DeFi) protocol² . This is the largest case since the rise of DeFi, considering as dies a quo the 2019 takeoff of the DeFi ecosystem (although it could be argued that the DeFi ecosystem was born with the cryptoasset known as Dai in 2017).

The facts of the Beanstalk case, simplified, are as follows: the Beanstalk protocol, launched in September 2021, offers three cryptoassets called Beans, Stalks and Seeds, all created using the ERC-20 standard of fungible tokens from Ethereum’s non-permissioned public network³ .

Beans were offered with an assumed stable value 1:1 with the dollar, therefore, they were specifically designed as a cryptoasset with a payment purpose and stability mechanism in its value⁴ . This “stable” cryptoasset had a different design from other pre-existing stable token species, as it did not require the integration of collateral for its issuance (over-collateralization, as in the case of the Dai⁵ ), which made it a very particular stable token.

The Beanstalk protocol allowed, on the one hand, to deposit Beans in a smart contract, so as to form a liquidity pool, with depositors being repaid with new Beans created algorithmically, always with the aim of using this reserve, which they called Silo, as a mechanism for the stability of the “stable” 1:1 value of the Beans.

The protocol, on the other hand, also allowed depositing in the Silo other cryptoassets different from the Beans, such as Ether, to generate a greater store of value, giving in this case also a governance token, called Stalk, which granted certain benefits payable in Seeds, and also certain “political” rights to its holder, to propose and vote to accept (or not) to modify (via upgrades and updates) the protocol and its functionalities, voting the respective proposals documented in BIPs (Beans Improvement Proposals).

Finally, the protocol created a Decentralized Autonomous Organization (DAO), called Beanstalk DAO, to manage the creation of the three types of tokens and the decision making by the Stalks token holders. Therefore, this protocol, its functionalities, and its modifications, was governed through a DAO managed by those holding the Stalks governance tokens, i.e., it was managed by its members through a PoS-type consensus mechanism. The source code of this DAO and the entire protocol was published open source, so that any user with the necessary skills could analyze it and, if necessary, decide to participate. Or decide to attack it by exploiting some coding defect, if it exists (as in the case of TheDAO), or simply taking advantage of the new technological possibilities, and empty the Silo.

Biggest flash attack to date

On the night of Sunday, April 17, 2022, Beanstalk was the victim of a lightning attack that lasted 10 seconds, and ended up emptying the reserves (the Silo) of the protocol, generating for its users the loss of several tokens, worth 180 million dollars, and an estimated net gain for the attacker of 80 million dollars. Was it a perfect robbery, or a technologically legal, but socially disvaluable behavior?

The attacker (or the cheating user) leveraged himself by taking instant loans (i.e. flash loans⁶ ) on another DeFi platform, Aave, coincidentally the first platform to offer this type of instant unsecured loans. These flash loans⁷ are instant loans, which are granted without collateral of any kind, since they are repaid in a very short period of time (i.e. seconds, in a transaction contained within the same block), after which, if the loan is not repaid, the whole transaction is automatically canceled. Flash loans allow de facto elimination of counterparty risk, which in turn makes it possible to borrow crypto-assets in a very fluid and practically unlimited manner (except for the limited supply of all the cash offered by CEXs and DEXs), generally to take advantage of arbitrage opportunities⁸ .

Thanks to flash loans, the attacker was able to buy enough Stalks to allow him to pass a proposal. The attacker then “camouflaged” his true intention in a proposal (BIP) that proposed to donate part (200k) of the crypto-assets from the Beanstalk reserve to an official Ukrainian address, where crypto-asset donations are genuinely received. Hidden in the BIP 18/19 code⁹ , there was instruction that, if approved, would transfer the rest of the reserve funds towards a private Ethereum address. Approved as the transaction was by the same attacker in possession of enough Stalks, the Beanstalk reserve was emptied, and the Beans went from being worth U$D 1 to 0.11 cents in a few hours.

Given the pseudonymous nature of non-permissioned public networks such as Ethereum, the real identity of the person behind the scheme is not known, although the Ethereum registry allows tracking the movements of the affected ERC-20 tokens to some extent, as in the case, after the requested flash loans were paid — within seconds — the attacker was able to launder the remaining tokens, valued at $80 million, through an anonymization blending service offered by Tornado Cash¹⁰ . The founders of Beanstalk are working with the FBI to try to trace and recover the stolen tokens.

As can be seen, the attacker did not even have to find a programming defect (bug) that would allow him to empty the funds of a DAO (as happened in the famous TheDAO case in 2015¹¹ ), but used, in a maliciously creative way, the protocols in place (basically the PoS having Stalks, and the system of approval by super majority via BIPs).

Other cases using flash attacks

The Beanstalks case, while the highest volume involved to date, is far from an isolated case. The first attack of this type took place in February 2020, and affected the bZx protocol¹² by manipulation, exploiting a bug in a smart contract in a five-step maneuver that was the first of its kind.

But only months later, in November 2020, the DeFi Origin protocol suffered the largest attack of its kind to date¹³. It was also an attack on a stable token, known as OUSD (Origin Dollar), issued by the Origin protocol. In this case there was a programming defect (known as re-entrancy bug, the same defect that allowed the attack on TheDAO) in the smart contract that created the OUSD, which was detected and exploited by the attacker, who was able to get hold of 7,137 ethers and 2,249 M Dais, which were then sent to a wallet controlled by the hacker, to be later laundered in TornadoCash, wBTC and renBTC.

In this case, the attacker took a flash loan of 70,000 ethers from the DEX known as dYdX, which he then converted to Dais and USDT (Tether) in another DEX, Uniswap. With these stable tokens, the attacker generated OUSD in an amount slightly greater than half of the total in circulation, and, exploiting the programming flaw, was able to create more OUSD than he would have been entitled to, and redeem them in UniSwap and SushiSwap for USDT (Tether).

Also in the month of November 2020, Value Defi, another similar protocol suffered an attack that generated losses of $6 million in Dais¹⁴ , but in this case two separate flash loans were used: 80,000 ethers were borrowed from the Aave platform and 116 million Dai from UniSwap. The attacker swapped the loan in Ethers for different stable coins, which he deposited along with the Dais in the protocol vault. He then performed different swaps between stable tokens, which exploited a flaw in the smart contract that allowed him to escape with tokens valued at $6 million. Days earlier, other DeFi platforms had been victims of attacks using flash loans, Akropolis¹⁵ and Harvest Finance¹⁶ , losing $2 million and $2.5 million in cryptoassets, respectively.

Half a year later, already in May 2021, another DeFi protocol, xToken¹⁷ , suffered a flash loan attack but in this case, the losses were already much higher, reaching $24.5 million. This protocol offered eight different cryptoassets, two of which were attacked. In this case, using a flash loan for 61,800 ETH, the attacker detected a bug in the coding of a smart contract that allowed him to manipulate the values of the oracle that xToken used to accept the value of certain tokens. Note that the cost of this complex transaction was 5 Ethers.

Also in May 2021, a flash loan attack on the DeFi PancakeBunny protocol, developed on the Binance Smart Chain (BSC), caused the Bunny platform’s native token, Bunny tokens, to lose 95% of their value in seconds¹⁸ . In this case, the attacker borrowed a large amount of Binance tokens, BNB¹⁹ , using PancakeSwap, and with them manipulated the exchange price between USDT/BNB and Bunny/BNB in the PancakeBunny liquidity pools²⁰ . This allowed him to get hold of a large amount of newly created Bunny tokens, cancel the flash loan and escape with $3 million in cryptoassets, generating losses of almost $50 million. A few days earlier, another BSC native DeFi protocol also suffered losses of more than $10 million when it was attacked using flash loans²¹ .

Decentralized government and the (new) risks inherent in the DeFi ecosystem

It has been argued that just as 2017 was the year of ICOs, 2020 was the year of DeFi protocols²² , and with these, the use of Oracles, generally centralized and operated by companies, to take external pricing data from hundreds of Exchanges (CEXs and DEXs) to feed into a DeFi protocol (such as Aave, Compound, MakerDAO²³ and UniSwap) mounted on public networks such as Ethereum or BSC was empowered.

The manipulation of Oracles (i.e. the Oracles problem) using flash loans is perhaps the biggest cyber risk of the entire DeFi vertical, to which can be added, perhaps, the regulatory risk of not being able to comply with KYC-AML-CFT protocols at the DEX level, although progress is being made on this front²⁴ .

Therefore, the design of oracles must be especially aware of the risk of manipulation via flash attacks, since this type of attack, by all metrics, is (and will be) the most common in the DeFi ecosystem. This risk became very clear with one of the first technologically legal uses of a flash loan to acquire governance tokens and make a decision for one’s own benefit, but affecting a DeFi protocol, such was what happened in October 2020 with MakerDAO²⁵ . In this case, a group of developers wanted to get access to the oracle that MakerDAO uses, and to do so, they took a flash loan, bought a significant amount of MKR tokens, and voted in favor of their proposal (behavior that was thereafter baptized as flash loan voting). The whole transaction was duly communicated to the community by its ideologues, but the community decided to take measures so that such behaviors would not be repeated, essentially extending the window period that follows a vote, but precedes its implementation²⁶ .

Evidently, if flash loan voting can be considered a systemic risk in DeFi protocols, this is because they generally opt for a decentralized governance system, managed by a DAO, and operated through governance tokens (such as MKRs or Stalks tokens), designed on the basis of a Proof Of Stake (PoS) type consensus mechanism, which grants certain “political” rights to its holder (or its delegate, when a DPoS type mechanism is used).

The case of Steemit, a tokenized social network launched in 2016 on its own blockchain (Steem), masterfully analyzed by Shermin Voshmgir²⁷ , discusses the problematic of employing DPoS-type protocols, in which the community votes to designate “witnesses or delegates”, to whom the votes associated with STEEM tokens are delegated (and can be removed).

In February 2020, the Tron foundation, which manages the Tron blockchain, acquired Steemit, Inc. The Steem ecosystem community expressed concerns about the acquisition and the new leadership, which, among other things, proposed a plan to migrate STEEM tokens to the Tron blockchain network. Another, even greater, community concern was that with this acquisition, Tron’s foundation also gained control of about 20% of the total STEEM tokens, which the community colloquially called “the ninja stake coined by Steemit Inc.” These ninja tokens were pre-sharked years ago and distributed to the STEEM founders, who were now selling Steemit Inc. to the Tron foundation.

While ninja tokens always posed a threat, they had never been actively used (such as to vote on updates to the Steemit blockchain). The Steemit community was confident that the founders of the network would not misuse these tokens to take control of the network. However, due to distrust of the new owners and fear of a potential takeover, the Steem tokens (DPoS) almost immediately executed a soft fork of the Steem blockchain with votes that the network’s users had delegated to them.

With this action, the ninja tokens were blocked from future activities to take control of the network. The community voted for this soft fork to prevent new owners (the Tron Foundation) from using the ninja tokens. Witnesses justified the action as a “temporary protective protocol to maintain the currently established status quo regarding Steemit Inc.’s interests and its intended use […] and continued use of the assets it controls.” The community-led soft fork failed because the Tron Foundation coordinated with some Exchanges to retroactively undo the fork with STEEM tokens of users hosted on those platforms. The misuse of user tokens by Exchanges was hotly debated.

Instead of fighting for power in the Steem network, the community decided to secede, executing a secession through a hard fork. In mid-March, the fork of the Steem blockchain protocol and Steemit application occurred, into a new network with the name “Hive”. All ninja tokens controlled by Steemit Inc. were censored and not migrated to the new Hive network. All other network tokens were transferred to Hive. All blog information from the Steemit application was also transferred to the Hive network. From there on, it would be up to each blogger to decide which application to use in the future, Steemit or Hive.

The acquisition and subsequent forks demonstrated the decentralized nature of blockchain networks, but also exhibited potential attack vectors with delegated proof-of-stake (DPoS) consensus mechanisms. What was originally intended as a decentralized social network proved to be prone to centralization, by the acquisition of the Tron foundation and by its collusion with Exchanges that used its users’ tokens to conduct votes (without their prior consent). It also demonstrated the power of tokens, which acted as ringleaders of these forks²⁸ .

While Steemit laid the groundwork for a new era of social networking by demonstrating how we can rethink social networking in a tokenized economy, its design flaws were considerable.

In late June 2022, some USD 100 billion was stolen from Horizon Bridge²⁹ , a Layer 1 blockchain that allows assets to be transferred from Ethereum to other blockchains, following what would be the eighth hack so far this year.

According to the official analysis of Certik, security protocol and code auditing, “twelve attack transactions and three attack addresses were identified. Through these transactions, the attacker obtained various tokens on the bridge, including ETH, USDC, WBTC, USDT, DAI, BUSD, AAG, FXS, SUSHI, AAVE, WETH and FRAX. The transactions vary in value but range from $49,178 to over $41,200,000. The attacker accomplished this by somehow controlling the owner of a MultiSigWallet and calling confirmTransaction() directly to transfer large amounts of tokens from the bridge in Harmony, resulting in a total loss of about $97 million in assets on the blockchain, which the attacker consolidated into one main address.³⁰”

The cases do not end here. A month after this another flash attack occurred, this time against Nirvana Finance³¹ , a yielding protocol based on the Solana blockchain. The attack was valued at a $3.5 million USD exploit, using flash loans or flash loans to manipulate and drain their liquidity funds.

At the time of the attack, the platform’s native token, ANA, fell more than 80% and its stablecoin, NIRV, dropped as much as 8 cents, losing its parity with the dollar.

Conclusions

From the exposed cases we can observe that all of them show a common pattern: systemic risk inherent to the dynamics of the created ecosystems. With different nuances, either due to risks in the code architecture (problems that we will call bugs) or in the functional macro-architecture of the consensus mechanism and the decision making process, it is no less certain that the recent events in particular, but the more recent history of the last 3 years in general, should be an alert sensor for those of us who work with and in these spaces.

The greatest challenges we face, in a context still full of lack of clarity and regulatory balkanization, are to think of mechanisms that, without losing the spirit and the benefits that DLTs offer us, prevent their employability from becoming a pandora’s box with potential downsides not correlated with the expected benefits.

We can thus find alternatives to eliminate or mitigate these risks, as long as we assume that we do not yet have a clear regulatory framework that obliges us and/or clarifies how to do this. Following this reasoning, we could think of consensus mechanisms that are superior to the existing ones, which, for example, have blend dynamics, thus exploiting their best attributes individually considered but in a synergetic way.

An example of this could be a consensus iteration between two protocols within the same ecosystem, where one counterbalances the other and vice versa. In this way we could think of consensus mechanisms such as PPoS, PoS, DPoS, PoA among others integrated in the same decentralized decision making process.

In line with this proposed alternative, we can think of the concept of SupraDAOs, where the DAO being a system in itself, in a continuous homeostatic process, it could be thought of as a whole and at the same time as part of another even larger system, where each of the systems (DAOs) members play a role in the voting process and decision making process of the ecosystem. These alternatives could be very good approaches to mitigate (at least) the systemic risk inherent to the use of the underlying technology of these protocols. A witness case of this type of counterweight can be seen in Synthetix³² , where, as a strategy to mitigate risks of this nature, the creation of an ecosystem of 5 DAOs³³ (SpartanCouncil, grantsDAO³⁴ , the ambassadorDAO, the Treasury Council, and the protocolDAO) with autonomous and independent powers each one of them, but interconnected, and conditioned, such that none of them individually could alter the ecosystem per se, but all of them are necessary at the same time for its proper functioning (a kind of decentralized governance by institutions).

Last but not least, we must not lose sight of the validations and reviews of the protocols, basically code auditing processes carried out by suitable/experts, otherwise, no matter how well designed the mechanism of consensus and collective will formation, we are always at the mercy of bugs or simply script errors that significantly expose the ecosystem, the industry and in general the society that is progressively beginning to understand the valuable attributes that this technology can contribute to the problems of today.