Maya Zehavi, blockchain consultant, and Zubin Koticha, cofounder and CEO of Opyn, discuss the two recent bZx attacks, whether they were hacks or arbs and whether they were unethical or illegal. They also look at whether flash loans are to blame, how much transparency DeFi teams should have about vulnerabilities on their platforms, how much bug bounties should be for DeFi, and whether flash loans means the amount of bug bounties should be higher. We also talk about whether DeFi should institute circuit breakers, when those would make sense, and whether these attacks could happen to anybody or whether bZx isn’t up to the standards needed in this community. We also cover how bZx should handle the under-collateralized loans left on their platform, whether Chainlink will be a sufficient solution to prevent these attacks in the future, and whether DeFi insurance should cover these kinds of attacks. Plus, Maya and Zubin explains why they’re happy the attacks happened and have made them more optimistic. And Maya reveals why she has a pizza slice emoji in her Twitter profile.
Thank you to our sponsors!
CipherTrace: https://ciphertrace.com
Crypto.com: https://crypto.com/
Kraken: https://www.kraken.com
Episode links:
Maya Zehavi: https://twitter.com/mayazi
Zubin Koticha: https://twitter.com/snarkyzk
Opyn: https://opyn.co/
Description of first attack: https://www.palkeo.com/en/projets/ethereum/bzx.html
https://www.theblockcrypto.com/post/56171/bzx-exploit-former-google-engineer-explains-how-an-attacker-made-350k-in-single-transactionDescription of second attack: https://www.theblockcrypto.com/post/56171/bzx-exploit-former-google-engineer-explains-how-an-attacker-made-350k-in-single-transaction https://www.theblockcrypto.com/daily/56413/experts-weigh-in-on-bzx-attacks-flash-loans-highlight-the-need-to-improve-defi-security-models https://www.theblockcrypto.com/linked/56134/defi-lending-protocol-bzx-exploited-a-portion-of-eth-lost
Unconfirmed episode about the attacks: https://unchainedpodcast.com/how-2-defi-attacks-made-almost-1-million-in-profit/ 1inch.exchange blog post: https://medium.com/@1inch.exchange/yes-we-hacked-bzx-fulcrum-but-one-month-ago-3f7e5c437ee3
1inch exchange-Fulcrum dispute: https://www.theblockcrypto.com/post/56579/bzx-attacks-and-1inch-exchange-allegations-heres-what-the-teams-have-to-say
Nexus Mutual payouts: https://defirate.com/nexus-mutual-first-payouts/
Nexus Mutual blog post: https://medium.com/nexus-mutual/bzx-flash-loan-event-55753d19e52b
Transcript:
Laura Shin:
Hi, everyone. Welcome to Unchained, your no-hype resource for all things crypto. I’m your host, Laura Shin. If you enjoy Unchained or unconfirmed, my other podcast, which also features a weekly news recap please give us a top rating or review in Apple Podcasts or wherever you listen to the show.
Crypto.comThe Crypto super app that lets you buy, earn and spend crypto in one place. Get a metal MCO Visa Card with up to 5% back on ALL your spending. Download the Crypto.com App today. Kraken
Kraken is the best exchange in the world for buying and selling digital assets. It has the tightest security, deep liquidity and a great fee structure with no minimum or hidden fees. Whether you’re looking for a simple fiat onramp, or futures trading, Kraken is the place for you. CipherTrace
CipherTrace cutting-edge cryptocurrency intelligence powers anti-money laundering, blockchain analytics, and threat intel. Leading exchanges, virtual currency businesses, banks, and regulators themselves use CipherTrace to comply with regulation and to monitor compliance.
Laura Shin:
Today’s topic is the bZx attacks. Here to discuss our Maya Zehavi. Blockchain consultant and Zubin Koticha, co-founder and CEO of Opyn. Welcome, Maya and Zubin.
Zubin Koticha:
Thanks, so much for having us.
Maya Zehavi:
Hi.
Laura Shin:
In the past couple of weeks, DeFi lending protocol bZx suffered two attacks in which flash loans were used. The attacker or attackers, it’s not clear whether it was the same person or different people behind the attacks, made off with about 950 thousand dollars in ether. I did an interview Lev Livnev, the person who discovered that the first attack, had occurred on Unconfirmed last Friday, where we covered how the attacks happened, but for those who missed that interview can you briefly recap how it occurred? We’ll just start with the first one. Maya, can you explain how the attacker executed it?
Maya Zehavi:
Yes. The attacker took about 2.7 million dollars in flash loan on dYdX, which is 10K in Ink. He put 5.5 ETH onto compound and borrowed 12…sorry, 112 WBTC, and then he went onto bZx and shorted WBTC on a margin trade with Ink 3X, and behind the scenes, of course, bZx ended up dumping all of the WBTC on Uniswap, and the Uniswap triggered a slippage in the price, which allowed the attacker to basically, both return the 10K ETH and take back 71 ETH as a profit from that one single trade, which is kind of elegant, to be honest.
Laura Shin:
I know, we were saying…and I kind of tweeted this, but the first time that I read about this I had the sensation of having just watched a snowboarder doing some really elegant flips on a halfpipe, or something, with a sheer number of…
Maya Zehavi:
No, that’s what it was. It was…
Laura Shin:
Go ahead.
Maya Zehavi:
Sorry. I’m just saying that the fact that you can take a flash loan was well-known in advance. The fact that it could probably and maybe with a slimmer of a chance lead fast cash that was also well-known but doing that in one trade and kind of using a logic exploit on the bZx that’s genius. I mean, that’s a work of art. You have to hand it to whoever it was.
Laura Shin:
Yeah, and basically…so they borrowed this money and then they had some of it in wrapped BTC, but they, with the other half, shorted it significantly in order to benefit, and that’s how they made off with the money, but then the group that was left holding the bag was bZx to the tune of about 600 thousand dollars, I think, so yeah.
Maya Zehavi:
Yeah, but let me just stop you. I think one thing that’s kind of not well-known with that, the margin trade that the attacker did was on a 3X bZx, right, just in terms that they’re shorting it and they’re going to get a return 3X at the amount that they shorted, right, but there was an exploit on bZx for 5X the amount, and that might’ve allowed them to weave that trade a lot more than they originally thought, and it also leads to the issue of whether it was a logic or an arbitrary.
Laura Shin:
Okay, and I’m sorry. Can you explain that once more? Repeat it. What was for 3X and what was for 5X?
Interviewee:
The short that the attacker did was on a 3X on bZx, right, meaning they were going to get three times the amount that they shorted as a return if there actually is a slip in price or the price that the bitcoin drops, but what led to more of a slippage in the price on Uniswap than was originally intended was the fact that behind the scenes bZx protocol, in order to compensate, ended up also dumping more ETH than they intentionally…than they had to, let’s put it that way, on the Kyber Uniswap, and it leads to the second-order effect, which is the insurance of Nexus Mutual had on the bZx contract. Was it an arbitrage trade or was it a bug that the attacker exploited, and that’s kind of…it’s still an open question, I think, in regards of whether or not Nexus Mutual has an obligation to repay that insurance, and they chose to repay almost every one of the people that had a trade on that.
Laura Shin:
Okay. Yeah, so now we’re getting really into the weeds, but I will say that in that interview I did with Lev Livnev on Friday he did say that he felt like the real culprit was a bug in bZx, and so obviously in that situation that would be something that would be covered by the Nexus Mutual protocol, which by the way, for those who aren’t aware, is a decentralized insurance protocol. Obviously, you would need to sign up for it and to ask to be covered for bZx before you could make a claim, but they did end up paying out a few claims. So, before we get even more into the weed on all of this why don’t we just go to the second attack. So, Zubin, can you describe what the attacker did in the second attack?
Zubin Koticha:
Yeah, absolutely. So, in the second attack, it was a similar flash loan mechanism where you can take out a massive amount of ETH as long as you repay it in the same transaction, and they took out 7500 ETH from bZx itself, so it was weird because in the first exploit they dYdX, a different platform for this flash loan, but here they actually used bZx itself. Then what they did is they took some of this ETH, about 900, and they essentially…they dumped this ETH in an SUSD on Kyber, so what that means is they’re pumping the price Synthetix USD, a stable coin, and then they took the rest of the ETH and they deposited on bZx itself and used it to borrow that exact…sorry. They took the Synthetix USD, they put it down on bZx itself and used it borrow far more ETH, and the thing is that bZx uses an oracle through Kyber, which they had just pumped the price on, so it thinks that this collateral, this Synthetix USD is worth way more than it actually is, and bZx the platform gives this attacker way more ETH than they actually should be entitled to.
They used this ETH to repay the flash loan on bZx and they make out with a massive profit of 2,378 ETH.
Laura Shin:
Yeah, and they did such a massive purchase of SUSD on Kyber. So, what was this about…it’s Kyber and Uniswap, like somehow, they’re connected?
Zubin Koticha:
Yeah, so what’s interesting about Kyber is that Kyber kind of can use reserves from multiple different DEX’s and what’s interesting about this specific trade is that…or these two trades was that they went through Kyber, which had very low amounts of liquidity relative to the flash loan size, and they largely executed through the Uniswap, routed through Kyber as just kind of a mechanism and that caused massive slippage, and then after the slippage, they used these massively manipulated prices to borrow much more than they should be entitled to from bZx itself, so Kyber is just a mechanism to kind of go through Uniswap.
Laura Shin:
Yeah, and I did read that at that moment when they had manipulated the price, they had boosted the value of SUSD to more than two dollars when obviously it should be one dollar, so yeah. It’s kind of interesting because it…of course, I’m sure at this moment a lot of people are speculating about who it should be, but I did wonder, of course, at first oh, is it the same person, but then I thought well, it could also just be that once the first attack happened then somebody else figured out another way to perform similar…a somewhat similar move, but anyway. Okay.
So, Maya and I started to get into this, but let’s now have a discussion between you two, because I think both of you have slightly, and maybe even really different views on this, but what is your interpretation of what happened? I saw online some people were debating whether these were hacks or just arbitrage trades. What do you guys think?
Maya Zehavi:
I don’t think it’s a hack. I mean, first of all, I think the fact that it was a logic bug maybe puts it under a hack, but I consider DeFi an experiment with a huge bounty, especially everything that is dependent on make or die, and this is a bounty that is testing the fragility of the entire system of DeFi, the protocol risks, the oracle risks, and I think as a consequence of this hack three main issues in DeFi were fleshed out for people to see and really consider as a risk factor. One is the centralization behind the scenes of backdoors with admintees of protocol. That can always pause protocols. Two would be the market depth that Zubin just eluded to, in terms that a lot of these decks don’t have that much liquidity, and it’s very simple to manipulate them, and third is how oracles are a single point of failures for a lot of these trades.
Now, keep in mind that a lot of the DEX’s rely on a moving average indicator in order to figure out the price, and it’s not that one trade can…that is…and the slippage that happened in the byproduct can distort the price, but if it’s big enough it can, and the consequences for that are an increase both in the volatility and a lack of liquidity as a response because there’s a lot of domino effect in all of these trades. Now, taking advantage of that, I don’t consider that a hack. Nobody did anything illegal, in my view.
Laura Shin:
Okay, and before we hear from Zubin, I just did want to talk about the admin key thing. What you were referring to was how bZx did pause trading, essentially, with this admin key and yeah, that kind of caused a lot of debate online as well. Zubin, so what’s your take about what Maya said.
Zubin Koticha:
I think there’s a lot of good points in there. I think that DeFi is a massive system with just a huge bounty attached to it. The question for me, as to whether it is a hack or not seems a little bit like a definition or semantic question, but I think what’s clear is that this is a software flaw that was exploited. It’s not an arbitrage, right. An arbitrage is where you can take advantage of a mispricing in an otherwise well-developed system, architecture, and make a pure profit. This was a poorly designed system where they had a lot of reliance’s, a lot of assumptions, and that’s what allowed this hacker to take the money, right. There’s a reason why you can’t just take a 3X long position on dYdX, or you can’t just borrow a lot of money through compound and manipulate DEX prices and make away with a big profit. The reason being that flawed software relied on very thin markets for oracles, and that, to me, seems like irresponsibility on the behalf of the creators of this software, and so when you think about an arbitrage it, to me, seems like the market, the participants might be acting irrationally here. The system itself was broken and was exploited, and a chink in the armor was used to make a fat profit for this attacker.
Maya Zehavi:
I mostly agree with what you said, but at the end of the day these systems are economic-financial systems and there’s always an attack factor that is mostly financial especially as DeFi is a bunch of Legos or composables, and when people design one protocol a lot of times they design for the worst-case scenarios, and stress test, that protocol, in a silo. In isolation from everything else that can come into that, and the minute we introduced flash loans we’re basically creating a series of trades that are automated into one transaction that not always can be predicted or simulated when people design these protocols, and there’s also a time different between the day that a protocol is shipped and goes into main net, after it’s been audited, and all of the other protocols that introduced into DeFi, and I think that is really a lot of the protocol risks, as it is more distinct than the entire market risk of DeFi. That’s how I think about it, to be honest.
Zubin Koticha:
Interesting. Yeah. So, the way I see this, and then this comes to another debate people are having on the internet, which is are flash loans the culprit here. In a flash loan-less system, one without flash loans, do these mistakes, arbitrages, exist and fundamentally, from the math of it, if you take the same attackers and you have them…instead of flash loaning 7500 ETH, in the beginning, they’re just extremely wealthy, and they started off with 7500. They still make the exact same transactions and they make off with a massive profit. There’s no fundamental new thing that a flash loaner…loanee, I guess. Flash borrower can do that someone with 7500 ETH initially can’t do as well, so that, to me, calls into question the notion of whether these flash loans are the culprits here, because the Vitalik could’ve made this trade this happen with his capital as it is today.
Maya Zehavi:
So, one, I don’t think the flash loans are the culprit in this, but we do have to be cognizant of the fact the flash loan basically lowered the barriers for such an attack because you don’t have to be someone who has to get financing, or hoard all of these coins in order to start an attack like that, right, so a lot of different people are now incentivized to try similar attacks, not necessarily on bZx, but on other protocols that I think are just as vulnerable without needing all of that cash.
Zubin Koticha:
Yeah, absolutely. I think that’s fair.
Laura Shin:
Yeah. Well. Actually, one thing that I was going to actually ask you later, but let’s discuss it now, is that…because actually this comes up in a pretty big way, also, later in the week, which we’ll get to that later, but I just wondered, in this scenario where you’re kind of democratizing these sort of hacks so that they’re not just limited to whales who have that capital to pull that off do bug bounties still make sense? Do you know what I’m saying? Like if I realize that there’s vulnerability in a protocol and maybe I wouldn’t be able to profit from it in the way that I could’ve without a flash loan, but I can at least get some money from the team itself. In this world where you have flash loans does that change the incentives?
Zubin Koticha:
Yeah, I think what’s interesting here is that maybe the bug bounty size might have to increase. So, if you look at bZx their largest reward for catching a bug was 5K. On compound, it’s in the hundreds of thousands, right, and so if you look at comparable platforms 2bZx, they have much higher bug bounties. I think that’s one way to do it, but the main thing is now this attacker has maybe…they’re not traceable but they have a lot of money that they have to launder, and if you can have a bug bounty, or maybe even a Dow that will pay out people to find these exploits, and then this money isn’t illegal money. If it is from the beginning something people can use, like pay taxes on and they don’t have to sit on this black money, essentially. It is much easier.
So, to a certain extent yes, you can look at a purely rational actor and say that okay, they’ll make more money from a hack than they will from getting a bug bounty, but I think that the money isn’t the same. The money you get from a bug bounty is much easier to deal with.
Laura Shin:
Okay. Yeah. You know what? Let’s actually just talk about this other incident then…now that happened because the amount that the bZx team is willing to pay in bug bounties is potentially another issue here. So, essentially, on Thursday 1inch.exchange…this is the Thursday after the two attacks. 1inch.exchange published a blog post in which they said that back in January they discovered a bug in Fulcrum, which is the lending part of…it’s the same team, actually, as bZx but it does loans, that would enable 2.5 million dollars of user funds from three different pools to be stolen in a single transaction, and in their blog post they allege that they had given the information to Fulcrum and had even offered to white hack the contract to protect the user funds, but that Fulcrum had instead chosen to leave the funds vulnerable while deploying a fix, and that that whole thing took 16 hours, and in the blog post there’s this whole…
Maya Zehavi:
And negotiate the bounty.
Laura Shin:
Right, and so…yeah. Then they go into this thing with the bounty, but actually before we do…before we talk about the bounty, I just want to let you know, so what do you think of what happened there? Do you think that Fulcrum should not have left user funds vulnerable for 16 hours, that 1inch.exchange is right, or do you think the opposite?
Maya Zehavi:
Well. I think if we leave bZx for a second and not make them the ultimate arbitrator of what the right bounty is let me just take you back eight months to June of last year when a white hack happened on Synthetix, and I think they hacked about 750K, returned the money and got a nice bounty. No scandal. Nothing and the team was willing to pause the entire protocol and rethink the flaw that they had. bZx wasn’t as willing to pause the protocol and basically left all of their pools susceptible to any attack for 16 hours, but I think the macro environment of DeFi has also changed in that time in a role because right now pausing a protocol in DeFi has a huge reputational risk and could affect further liquidity of different dependents and contracts built on that. I feel like we don’t really know enough…or I don’t know enough to make a judgment call there, but there was a complete lack of transparency on bZx’s part throughout the entire hacks and the vulnerability since January.
Laura Shin:
Zubin, do you have an opinion?
Zubin Koticha:
Yeah. I mean, it’s a hard call to make if you’re a founder and you have 2.5 million dollars of user funds, and the question comes down to do you want to risk the reputational risk for your users benefit, and I think as an ethical business, or even just an ethical smart contract creator the question is do I care more about my own reputational risk or do I care more about my users, and I think in the long run it pays to care more about your users even if you are a selfish actor, right, and so bZx has seen that the reputational damage that they’ve taken by not…trying to cut corners and not take users concerns us seriously, far, far outshines…or sorry. Is far greater than the amount of reputational damage they would have taken had they stopped the protocol and done a very responsible thing and had a lot of community outreach, because this community is, to a large extent, highly technical, understands there’s risks with these protocols, understands that sometimes there will be hacks, and is very forgiving, I think, and so I think it pays to care about your users and to be ethical in a business like this.
Laura Shin:
Yeah, earlier when you, kind of at the beginning of your answer, said should they care more about their reputation or their users I was thinking well, the way you build a reputation is to care about your users, so they’re same thing.
Zubin Koticha:
Exactly. Yeah.
Laura Shin:
Yeah, so let’s go into, now, the bounty part of it, because that’s kind of where we were headed before, but that same blog post that 1inch.exchange published gave this, actually, very long recounting of the back and forth over or not Fulcrum should pay them a bug bounty for the work, and there was this whole other thing, too, where they kind of wanted to hire them for an audit and they were bickering over the fee, and anyway. So, one of the screenshots from the back and forth included somebody from bZx saying that they had a bug bounty program but it’s only for bugs that are disclosed confidentially by email, and the blog then published an article where they interviewed bZx founder Kyle Kistner and he said that they had “agreed to pay 1inch.exchange a bounty even though they violated our disclosure policy by publishing the vulnerability to the public”, and I tried to figure out from the blog post. It wasn’t super clear, but it looks like the amount they finally agreed to pay them was 3500 dollars, and they also said that they were planning to publish a postmortem at the end of February and that the industry standard for discloser of such vulnerabilities is 90 days.
So, what’s your opinion on how these types of bugs should be disclosed and how people who find these vulnerabilities how they should be rewarded?
Zubin Koticha:
Well. I think it’s pretty clear that the 1inch.exchange folks found this pretty quickly, right, or early on compared to these later attacks, and what that means is someone else, someone else who’s technically competent is also going to find out about this bug even if it’s patched. The history is public, and so I think a 90-day disclosure policy maybe that’s…I’m not as familiar with that but maybe that works in a closed source environment, but in an open-source environment where you’re non-custodially dealing with user funds people are going to find out about this stuff, and so I think it just pays…it’s just smart to care about your users, be as upfront as you can be. Everything is open source. There’s really nowhere that you can hide, and I think that people care more that…they don’t want to see someone who’s flawless, right.
We’ve seen problems before in Ethereum, and yet the Ethereum community hasn’t left after things like the Dow attack, and people still believe Parody even after the Parody wallet multi-stake incident, and Synthetix is a similar example where this white hat found an exploit and that was done in a way that Synthetix community hasn’t left, so to me disclose it, be honest, be upfront. In an open-source environment where we’re all trying to work towards similar goals it just makes more sense to be forthcoming.
Maya Zehavi:
I’ll just add that I thought it was mega troll, the 1inch because the post warning that bZx published this week they did come…they were very upfront about the fact that they didn’t have transparency on their mind and they promised going forward they’re going to be more transparent and disclose more, and then the 1inch blog comes out and it turns out that all the bZx team wanted was no one to be aware of these flaws, and probably going forward disclosures of the exploits and vulnerabilities are actually going to be rewarded, A. Two, I think we’re going to see a surge in people buying some insurance contracts. Nexus Mutual is going to see a surge as well as default swaps for people trying to just protect themselves in the possibility that we’re going to see more of these.
Laura Shin:
And what do you guys make of what the bounty should be, like this argument they were having about the fee? You kind of mentioned earlier that, I guess…was it Compound of dYd…I think it was Compound you said has a much higher bounty fee. Do you think that bZx should’ve had higher bounty fees?
Zubin Koticha:
Yeah, I mean when you start to have lots and lots of user funds on the line you want to just be safe. It’s not like the bounty is something that you’re using for the benefit of humanity at the expense of yourself. A bounty is to make sure that any exploits are done in a white hat way, and so you can imagine that if the bounty was closer to 300 thousand dollars the first attacker wouldn’t have made the attack because they would’ve gotten this money in a much more ethical way and way where they can…and a legal way and they’re not in any place where they have to hide these new funds, and so it’s not even should they be higher from a moral point of view. I think rationally they should be higher, too, right, and that’s why bug bounties exist in the first place.
Maya Zehavi:
I was actually thinking this week how smart…or at least in the slogan or the naming a protocol like UMA was very wise to create, or design, the entire protocol where they have a cost of corruption for their oracles thinking how much would it cost for someone to lie, or to distort the price in one of the oracles that they use, and that’s really what we’re…
Laura Shin:
Maya, can you just remind us what UMA is. I have actually talked to Hart before and I’m just blanking on what UMA does.
Maya Zehavi:
UMA is another synthetic protocol. I think it’s called Universal Market Access, it’s an acronym for that, and they make use of oracles and price them as the cost of corruption. That’s literally how they branded and I was thinking this week that’s actually kind of a similar take but in a different creature, or a different animal bounties, because they’re kind of saying hey, suppose you want to buy out all of our market participants and give them an incentive to lie, how much would it cost, and that’s one form of bounties, right, because they’re basically saying we’re going to pay it up to the oracle, so they don’t have a reason to exploit our protocol. It’s a different twist on the same problem.
Laura Shin:
Yeah, that’s super interesting, and actually, I also want to pick up on what Zubin mentioned, because he used the words like legal and ethical to…or rather illegal and unethical to describe these attacks, but actually, before we do that let’s first get a quick word from the sponsors who make this show possible.
Cipher TraceWill the world follow France and advocate banning privacy-coins? Will government-backed stable-coins become the new fiat? Are distributed and peer-to-peer exchanges just a flash in the pan? The answer is maybe. Virtual currencies can flourish and create a new, private and more versatile economy. But that grand vision can’t happen without keeping crypto clean —AND that requires support of governments and accountability for bad actors. Privacy Enhanced Compliance using cryptographic controls has the potential to preserve anonymity without compromising legitimate investigations. CipherTrace is working on this vision of the future. Sign up stay up to date on the Privacy Enhanced Compliance initiative and receive authoritative Crypto AML reports quarterly. https://www.CipherTrace.com/KeepCryptoClean Kraken
Today’s episode is brought to you by Kraken. Kraken is the best exchange in the world for buying and selling digital assets. With all the recent exchange hacks and other troubles, you want to trade on an exchange you can trust. Kraken’s focus on security is utterly amazing, their liquidity is deep and their fee structure is great – with no minimum or hidden fees. They even reward you for trading so you can make more trades for less. If you’re a beginner you will find an easy onramp from 5 fiat currencies, and if you’re an advanced trader you’ll love their 5x margin and futures trading. To learn more, please go to kraken.com. Crypto.com
Crypto.com sees a future of cryptocurrency in every wallet. The MCO Visa Card lets you spend anywhere VISA is accepted. Loaded with perks including up to 5% back on ALL your spending and unlimited airport lounge access. They pay for your Spotify & Netflix too! Crypto.com is like a wallet that generates interest. You can earn up to 6% per year on the most popular coins like BTC, ETH, XRP and up to 12% p.a. on Stablecoins. Crypto.com Exchange is introducing Sydicate lite, more frequent events with slightly lower discounts for the hottest coins. The first event is offering bitcoin at 25% off on 4 Feb! Sign up on the Crypto.com Exchange now to participate.
Laura Shin:
Back to my conversation with Maya Zehavi and Zubin Koticha. So, Zubin, before the ad break you mentioned that you felt that if the bounties on bZx had been higher that then the attacker would’ve gotten paid for understanding this vulnerability in what you called a legal and ethical way, so does that mean that you think the attack was illegal and unethical?
Zubin Koticha:
I’m not a lawyer, but I know that this is in many, many ways trending towards the illegal definition, so what we see in traditional finance is that there are oracles everywhere, people in DeFi who are not necessarily as familiar with traditional finance may not realize that, but things like LIBOR are used as oracles to determine interest rates, and wherever you have this massive, massive, massive pile of derivatives in traditional finance you’ll have things like cash settlement, which determine how much money both sides of the trade make based on an oracle, and you have things like to mart to market, so there’s oracle everywhere in traditional finance, and it’s quite, quite, quite illegal and quite possible in traditional finance to make money by manipulating oracles in one direction or another, and it’s ways that are very similar to these attacks, and so maybe DeFi as a system comes from a certain ethical mentality that code is law, or that this is just arbitrage, or that these systems are poorly written, and so breaking them may not be unethical.
That ethical and unethical question is a little bit different, but I think what is very, very clear is that it is illegal from many different points of view, but…and that regulators would have no hesitancy in going after something like this and would have many grounds by which to go after it. I think the other thing, and you can just look at this as a defaulted loan, right, and a defaulted loan on bZx because for…especially the first attacker takes out a massive leverage position. The second attacker also takes out a massive loan and both of them are essentially under collateralized, and so they’ve defaulted on their debt. And that has legal repercussions as well, so I think there’s just so many different ways where you can look at this as not necessarily in good legal territory but in the ethical question, I think that is more interesting and a little bit more up for debate.
Maya Zehavi:
First off, not a lawyer, but if you consider the entire DeFi to be a cake, a layered cake, right, of all of these composable contracts that have no KYC, no AML issue, all of these securities, and futures, and synthetics without any jurisdictional purview, and register securities for de facto then just having this one trade in an…and distorting an oracle is just the cherry on the top, and if anyone were to look at the legality of that trade the first culprit is going to be the protocol, and the trader is not going to be someone any regulator is going to pursue, and you can see that if you look at the ICO enforcements, who they chose to prosecute, right, and I think that kind of maybe diminishes how illegal this trade is in comparison to traditional finance, but again I just…I don’t consider it to be something illegal.
I think there was an opportunity here based on how these protocols were designed and someone just saw an opportunity and took it. He outsmarted the game. That’s it, and that’s also my opinion on whether or not it’s ethical, and I do agree that maybe disclosing this as a white hack might have been the smartest and more responsible way, but when we saw the 1inch post on Thursday that kind of signaled to me that hey, even if someone were trying, and maybe they had been in contact with the bZx team, the fact that it wasn’t disclosed and there wasn’t any transparency maybe meant that the only way to surface this vulnerability was by actually attacking it.
Laura Shin:
Wow. Yeah. Well. Actually, just Zubin, to ask you a little bit more about your point that you made there, so what jurisdiction do you feel like would this attack fall under? Is it just wherever the attacker resides or…and I know you’re not a lawyer, but I didn’t know how much you had thought this through, but that was something I wondered about.
Zubin Koticha:
I mean, I think what’s interesting about regulators, when it comes to…especially American regulators when it comes to finance is that even if things aren’t happening on US soil, if the dollar is involved, if it ever touches the dollar they take extremely big liberties with taking it under their jurisdiction, and I think for the second attack, at least, you have the SUSD, so Synthetix USD stable coin, and there’s an argument to make there that regulators can go after that because it’s touching the American dollar, right, and American regulators dispute.
Laura Shin:
I’m not sure if any regulators know much about SUSD.
Zubin Koticha:
Yeah, I’m sure they don’t right now but I’m sure within a few…
Maya Zehavi:
They know more than you guys give them credit for.
Laura Shin:
That is true.
Zubin Koticha:
Yeah, I would agree with that.
Laura Shin:
That is true. I’ve actually had a bunch of…well, I’m not going to say, but just regulators have told me that they do listen to the show, so…
Maya Zehavi:
I agree with Zubin, but I’d say that the only regulators that really matter are the Americans, and it has nothing to do with whether or not someone touches the US dollar because you can see that any regulatory jurisdiction that respects itself or considers itself as a first-tier is always going to make sure that their regulatory enforcement is on par with the American one, and you can see it in all of the discussions, SATF regulations as well, as FATCA and different FINCEN and directives.
Zubin Koticha:
I think Switzerland might feel differently.
Maya Zehavi:
The Americans say what they want…
Zubin Koticha:
But yeah.
Maya Zehavi:
Sorry.
Zubin Koticha:
I said I think Switzerland a bunch of other havens might disagree, right, but I think to a large extent you’re right. I think that America has been able to, to a certain extent, exert influence across every regulatory paradigm in finance.
Laura Shin:
Yeah, and they definitely did that in Switzerland in a big way, where they forced more transparency so people could…
Zubin Koticha:
Exactly.
Laura Shin:
Yeah, couldn’t hide finds over there. All right. So, here’s something that we have kind of talked a little bit about, but I just want to ask about it directly. Now bZx essentially has undercollateralized loans on its hands, so how do you guys think bZx should handle the situation?
Zubin Koticha:
Well. So, I think that the fact that there’s been two successive attacks, and this is kind of a chain, right, so first you have Sam CZ Sun coming up with an oracle exploit, and then you have the 1inch team coming up with another exploit, and then there’s two successive attacks on the protocol that leave it devoid of funds, and when there’s that many problems happening in a row to a certain extent you can commonly put a fix, so you say okay, the oracle is going to be through Chainlink, and that’s what they’re doing right now. They’re trying to change the oracles to something they feel will be safer, but I think more fundamentally when you have such a successive set of problems that are happening with a protocol, I think much more drastic action needs to be taken. That’s my personal view, whether that’s going through a set of rigorous audits with multiple independent auditing firms, like OpenZeppelin, etcetera, that’s one way to think about it, or may just rewriting the whole protocol, or maybe just shutting it down.
I mean, they have admin keys that allow them to pause the protocol. I’m sure they could find a way to return user funds, but I think some drastic action needs to be taken.
Laura Shin:
Maya, what do you think?
Maya Zehavi:
One of my most intuitive takeaways that I…that occurred to me as a result of this attack was that I think we’re going to see more protocols put in circuit breakers, which are…we have them in traditional finance, where if there’s a drop or a spike in a price of an asset that…I think it’s over 7% on the NASDAQ they stop trading for an hour and then resume trading, and if they see another spike they just end the trading for the day and given the fact that crypto is a 24/7 trading venue maybe we’re going to see more protocols build in circuit breakers within their own collateralized lending mechanisms so that if for a second they’re under collateralized, they’re going to pause the trading, they’re going to rebalance from their own equity, maybe, and only then return to normal operations that’s one, and second, I think we’re going to see an increase in financial audits as well, like Gauntlet Network did on Compound just to stress test how these protocols behave in extreme scenarios, and more likely than not some of these scenarios are going to be combining different compostable products into a single trade and look into oracle manipulations as well.
So, I think that’s going to be a growing field for auditing that’s going to become more and more popular, and hopefully will also become the default just like code audit is.
Zubin Koticha:
Yeah.
Laura Shin:
So, one argument that I have heard about circuit breakers in crypto, and I’m not super familiar with this area, but I did hear that because crypto is so much more volatile and there could be legitimate reasons that a crypto…the price of a crypto asset could fall precipitously in a short span of time, or potentially even spike, that circuit breakers don’t always make sense for these assets, so what do you make of that argument?
Maya Zehavi:
I agree. I think you have to really think through when, or in what trades you’re going to want to do that, or maybe even have very extreme spikes in the prices for you to trigger a circuit breaker, but then you see that in both of these attacks that’s exactly what happened, right. I mean, the synthetic USD doubled on a stable coin. That should be a huge head-scratcher for that, so that would be one of those extreme events, in my view.
Laura Shin:
And Zubin, do you have an opinion?
Zubin Koticha:
Yeah, I think that some of the points Maya brought up kind of highlight how this could have positive impacts for the community. We’re going to have people more careful about oracle risk, we’re going to have people doing financial audits, they’re going to design systems with this kind of cost of corruption approach where they assume maybe an infinitely funded rational adversary rather than making much lower assumptions on the power of their adversaries, and you’re going to also see, and you’re seeing this right now, money is going to go from protocols that are maybe a little bit less secure to ones that are more secure, ones that have been more well-tested, more well-audited, and I think all in all no one is going to come in DeFi and going to make this Kyber mistake again, or I hope so, that no one is going to…people are going to at least be very cautious when they think of oracle risk in the future, and when they think about flash loans and adversaries in the future, and I think that just leaves the system way more powerful and resilient in the future as well.
Laura Shin:
Yeah, and just to go back to my previous question about what bZx should do, I did see that Matteo Leibowitz, of The Block, suggested that they do what he called a graceful unwind because he noted that the bZx team had suggested that they would use the collateral left by the attackers for interest payments and basically wait until their insurance pool is big enough to cover this shortfall, but he was like I’m not sure they’re going to have the money to cover the shortfall, so essentially what I’m asking here is do you think that in a way these attacks are more like referendum on bZx that it’s more like hey, this team is not up to the standards that we need in this community, or is it something where it’s like it could happen to anybody.
Maya Zehavi:
So, first off, I don’t think…I think bZx is the outlier and they help bring attention to a risk that exists across DeFi, right. I think other teams are just a lot more responsible and they undergo vigorous audits and they check to make sure that they have the underlying liquidity to make good with their users if something happens, but more important than that you have to keep in the mind the bZx didn’t lose any of the users funds, right. They’re all perfectly safe. What happened was that the synthetic coin that bZx uses has no liquidity, and a lot of the users that hold that can’t get out of their positions due to that. Due to the fact that they’re locked and no one really…there’s no demand for bZx right now, right.
I just looked on the site today and they are offering a 49% APR right now, and the thinking is if the community loses trust in bZx how are the users that still have funds there going to unwind their positions, and that also goes back to a comparison to traditional finance where any lending entity has to have segregated accounts where they have their own Astro from which they can use in case of such an occurrence, and we don’t necessarily see that in DeFi. We do see that with exchanges like Binance, right, so maybe one of the lessons from this incident will be that protocol would aside some money to make good with their users in such an event.
Zubin Koticha:
Yeah. I think it’s interesting. When you think of loss of funds and no funds were lost, I think there’s two ways to think about that. The first is it’s true no one…they didn’t go into the bZx protocol and still some ETH that were there, but you can think of a protocol losing funds as well, from a financial point of view, so if a bank…you put a bunch of money on a bank, you deposit some amount of money to a bank and then they go and make a loan that gets defaulted upon and then they can’t give you necessarily all of your money back if you try to take out all of your money at that moment. To me, that’s a loss of money, right, and so a massive irresponsible loan that gets defaulted upon is a loss of money in a bank context, and I think in the bZx context there was a loss of Ether funds because there were two massively undercollateralized / liquidated…or kind of liquidation…massively undercollateralized positions in the bZx protocol itself, and so the protocol made massive irresponsible defaulted loans, and in that way, since people can’t take all of their ETH out right now to me it feels like a loss of funds in the financial context.
Laura Shin:
Yeah. Well. I guess we’re going to just have to see what they decide to do. Clearly, it’s not a good situation for them or their users, but let’s talk about another solution that they plan to move to, which is that they do plan to integrate Chainlink, as you mentioned, which is a decentralized oracle network, and they say that they plan to integrate this, “as a supplement to the Kyber price fee to provide time-weighted information on price data”, and then they said, even though this was not an oracle attack there were many that expressed concern that the security properties of our oracle could be more robust, so how much do you think this is going to be a solution to prevent attacks like this in the future, both on bZx as well as more generally in DeFi?
Zubin Koticha:
Yeah, so I think that the Chainlink solution that bZx was talking about does help to a certain extent with some of the oracle problems that are existing right now. I’m not as familiar with the Chainlink system itself, but for all of the oracle class of attacks not merely relying on Kyber or illiquid DEXs seems to be a prudent move. However, I think that there are flaws beyond that in bZx’s processes that they’ve kind of admitted. We have had flaws in our processes, with their disclosure, maybe with their security, with the way that they respond to existing bugs, etcetera, etcetera, and so an example of this, right.
They have a kind of pause mechanism by which they’ve paused the protocol right now, and if you look through what they’ve said, they’ve said they didn’t even realize they had that pause mechanism. That means that they’ve written code and they didn’t know that it allowed them to pause the entire protocol, and to me, it just seems like you go…the more, and more, and more you look into this the more you realize okay, they’ve try to build something cool, but maybe they haven’t done it in necessarily the right way, and an oracle fix doesn’t solve these cultural issues.
Maya Zehavi:
Honestly, I was really skeptical when they said that. It seemed to me that they would know if they have access and an admin key because someone has to issue an admin key.
Zubin Koticha:
Exactly. If they knew they had an admin key that could pause the protocol and then lied about it that’s bad. If they created a protocol and they didn’t know that it allowed them to pause the entire protocol that’s also not so good, right, so there’s bigger problems at play here.
Laura Shin:
It does defy logic, though. It somehow doesn’t seem like that would be possible, you would know if you could do that.
Maya Zehavi:
You would think.
Laura Shin:
So, this came up a little bit earlier, but obviously, Nexus Mutual is something that we did talk about briefly but let’s just dive into this insurance issue a little bit more now. So, Nexus Mutual, which is the Ethereum-based insurance against smart contract failure, did pay out its first claims after the bZx attack, and the first person to make a claim was denied, actually, initially by seven of the eight assessors, but only because it was filed very shortly after the attack when there was little information available about what exactly occurred. Eventually, however, they did decide that this was a smart contract bug and that the smart contract code was used in a way that was not intended. Do you guys agree that these claims deserve to be paid out?
Zubin Koticha:
I think so. I think that these claims should be paid out because I think that when you’re dealing with a financial system the…when you talk about or think about insurance, you’re not just thinking about unintended code usage, you’re not just thinking about hacks, right. It would be bizarre if FDIC covered you only if there was a hack in the bank system and not a financial crisis, right, and when we think of these risks we think of insolvency as the first one. We think of if the protocol somehow irresponsibly uses my money and loses it how do I get it back, and maybe it’s not because of a hack maybe it’s because of some other massive problem or liquidity crisis, or whatever, and so I think that nay insurance…and of course, full disclosure, I am building Opyn, which is doing exactly this. It’s providing…
Laura Shin:
Right. I should’ve mentioned that when I asked this, but anyway.
Zubin Koticha:
Anyway.
Laura Shin:
Yeah, because you guys are doing the financial coverage as well.
Zubin Koticha:
Exactly. So, our idea is that you want to cover everything. You want to cover financial problems, you want to cover liquidity crisis, you want to cover oracle manipulations, you want to cover everything that you can, including the technical problems, the hacks, the exploits, and to me it seems like if you’re using Nexus Mutual right now I can imagine you’re relieved about the first one paying out, but does the second and do further attacks that come down the line, are they going to be paid out, and you’re scared, like what if I filed my claim too quickly? What if I need the money really badly and I have to wait for this claims process? To me, it seems like if you have a decentralized permissionless system insurance should be decentralized and permissionless, and I think the Nexus Mutual team is extremely strong, very smart, but I think until you cover financial risks, like these flash loan type of lists by well-funded adversaries until then you don’t have comprehensive insurance.
Maya Zehavi:
So, first of all, I want to…I think we…Nexus Mutual deserves a huge kudos because I think it was very impressive, the payout, and the claim, and everything that happened this week. Having said that, I think there are some lessons to take away from that. Number one, that it wasn’t smart to immediately vote on that claim, but on the other hand, there is a liquidity issue for people who have funds stuck or paused on their protocol that even if they do receive a claim they might have…they might be short on other assets that they need to pay out, right, and so maybe we need to think about insurance, especially about smart contracts slightly different. Maybe provide some sort of funds in the meantime before that claim is resolved and create some mechanism to allow people to access other funds until they know whether or not they’re going to receive the money from Nexus Mutual.
Having said that, the default or the case of insolvency Zubin mentioned is something that we can prepare but I believe that when we have a default on DeFi there is going to be a huge domino effect that could have ramifications on the underlying assets themselves, which in DeFi’s case is essentially the ETH, or the Ethereum protocol, right. If you really think on the abstract you can imagine that DeFi is essentially financialized instruments where the underlying assets are always Ethereum that’s being locked up, right, and we haven’t seen a huge slippage on that. We have seen funds stuck, whether it was the Parody hack, or if it was…right now it was bZx or Synthetix. The domino effect is the systematic growth that I find to be the most disturbing in this market and I don’t necessarily think that just having a credit default flop on chain would be enough to cover it because it’s also going to succumb to the underlying protocol and the slip in ETH if there is such a black swan event.
How we’re going to address that as a community I think is going to be tested because like we started this conversation, we have a huge bounty in DeFi to experiment and find out.
Laura Shin:
Yeah, I’m a little bit nervous as we go forward because I feel like some of these issues are not super-resolved and DeFi just keeps getting bigger.
Maya Zehavi:
I’m the token skeptic and to me honest this week I’m actually happy because I think all of these risks were there from the get-go and people kind of just covered it up, or were quiet and didn’t discuss it in great detail, and the fact that we had this series of events over the past week actually makes the conversation and the debate…it brings it up a level so we can actually discuss and see how best to design the right system so we can go forward and build it into a real financial market, so I’m actually optimistic.
Zubin Koticha:
Yeah, I think this has been really good for the ecosystem. I agree. I think that people are now waking up to the risks that are in DeFi. Kind of to your point earlier, Maya, you were talking about credit default swaps. I agree. I think credit default swaps don’t work at all, because you need some kind of oracle to determine if there was a hack or not. I think a solution that doesn’t require any human intermediaries is the best. You were right that protocol-level issues still exist, right, so if you’re building a DeFi insurance there’s going to be some reliance on ETH, because if ETH crashes to zero then there’s basically no consensus that can happen, and even things like mining start to break down, but I think that you want to cover as much of the risk as you can, and I think that the way we’ve done it, which you can read about more at Opyn.co is much better, but yeah. I think that this is really good for the ecosystem in general.
Laura Shin:
Okay. All right. Well. We will see how the various teams in DeFi incorporate the lessons from this and note whether or not we see any similar attacks going forward. Hopefully not but yeah, I’m going to have to keep my fingers crossed, I think. All right. Well. Where can people learn more about each of you?
Zubin Koticha:
Well. Yeah, to learn about how we do insurance we’ll be taking about a lot of that in new blog posts that are coming out, but I can go to convexity.opyn.co and you’ll read exactly how our protocol works. That’s where our white paper is, and how do you do trustless completely decentralized insurance that covers both technical financial risks.
Laura Shin:
Maya?
Maya Zehavi:
And you can follow me at Twitter at Mayazi.
Laura Shin:
And why don’t you just spell that for people?
Maya Zehavi:
Sorry. Mayazi.
Laura Shin:
All right. Actually, can I ask you, why do you have a pizza slice in your Twitter profile name? By the way, people, it says DePi.
Maya Zehavi:
DePi, Laura. How do you not know about what the joke was, that…and this started out as a troll, and it’s actually related to this whole conversation, the entire DeFi is not decentralized, it’s a centralized as a pizza, right. You have all of the toppings scattered, but at the end of the day you always have an admin key, so it’s a pie, it’s not a DeFi.
Laura Shin:
Okay. And a pizza is centralized because it’s just like a single object?
Maya Zehavi:
It’s one pie, it’s a circle.
Laura Shin:
Okay. Got it.
Maya Zehavi:
Yeah, and there’s also…
Zubin Koticha:
Interesting.
Maya Zehavi:
FYI, there’s always a DePiant podcast about the best pizza and how centralized it is. I kid you not. That’s my chain with self-promotion.
Zubin Koticha:
Oh, DePiant, that’s your own…Okay. Got it.
Laura Shin:
Is that your podcast.
Maya Zehavi:
No, it’s a friend. It’s how we started out the troll for the DePi.
Zubin Koticha:
That’s so funny.
Laura Shin:
Oh, I see. All right. Well. I guess we’ll have to check that out. It sounds funny and probably relevant here. All right. Well. Thank you both, so much, for joining today. This was an amazing discussion, and yeah. I have a feeling people will have feelings about what you guys said. All right. People, to learn more about Maya and Zubin and the bZx attacks check out the show notes inside your podcast player, and whether you’re feeling this crypto winter, or the other kind of winter keep yourself warm with some Unchained t-shirts, hats, mugs and stickers, which you can find at shop.unchainedpodcast.com.
Unchained is produced by me, Laura Shin, with help from Fractal Recording, Anthony Yoon, Daniel Nuss, Josh Durham, and the team at CLK Transcription. Thanks for listening.