Warp Finance adds Chainlink oracles to protect against flash loans

Published at: Jan. 8, 2021

Warp Finance, a DeFi lending protocol that suffered an $8 million flash loan exploit shortly after release, is now gearing up for a relaunch that will include an integration with oracles by Chainlink.

The inclusion of Chainlink oracles reportedly serves as protection against similar exploits. Flash loan exploits use a feature that allows borrowing an unlimited amount of funds, as long as it is also returned within the same Ethereum block. According to the team, security experts determined that the root cause of the exploit was an exploitable price oracle.

The issue seems to have been compounded by Warp Finance’s use of liquidity provider tokens for collateral. This feature is one of the main selling points of the protocol, as it allows committing yield-bearing tokens as collateral, combining both the yield from trading fees and from borrowers using the protocol.

According to DeFi whitehat hacker Emiliano Bonassi, the exploit relied on the fact that Warp Finance oracles did not properly calculate the underlying value of the pool tokens. The new protocol will use Chainlink price feeds for all critical functions — notably the value of the LP tokens used for collateral.

Chainlink and its founder, Sergey Nazarov, have often been adamant about the fact that price oracles need to cover as much of the market as possible. Indeed, many flash loan exploits are closer to market manipulation than outright software bugs. Even when no malice is present, incidents such as Compound’s excessive liquidation event in November could have been prevented with more market coverage. Compound relied only on prices from Coinbase and Uniswap, which temporarily posted a highly inflated price for Dai.

When asked by Cointelegraph why Warp Finance did not initially use Chainlink oracles, a spokesperson replied:

“Uniswap oracles have been an option for many projects that seek price feeds for a variety of use cases. As such, we launched similarly to other lending platforms for the trial phase, with the ability to upgrade later.”

The spokesperson further noted that a significant portion of DeFi projects are not using Chainlink, and they believe that the relaunch “gives our users much greater peace of mind about the security of our protocol.”

Warp Finance also drafted a compensation plan for affected users, already having recovered 73% of the stolen funds.

Tags
Related Posts
Band Protocol CEO says that a single Chainlink data request costs $450
Band is one of Chianlink’s main competitors in the oracle space that is based on Cosmos technology. In a recent Cointelegraph interview, Soravis Srinawakoon, the CEO of Band Protocol, said: “If you look at Chainlink, one data request right now can take almost $450 because someone needs to submit the request data to ask for the data. Let's say 20 data providers need to receive that, respond to that with 20 transactions, and then the aggregation contract to do all the computation before returning the final result, all of these require a lot of gas.” Srinawakoon also provided a link …
Technology / Sept. 1, 2020
Yearn Finance’s founder says he ‘doesn’t build for speculators’
The founder of Yearn Finance, Andre Cronje, has seen a fair share of criticism lately as he deployed some smart contracts that ended up losing users’ money. Cronje defended himself in a blog post and explained why he believes he shouldn’t be held responsible for those who “ape in” his testing contracts. Cronje will often place large disclaimers urging people to treat them with caution and not just go in because he built it. Little can be done to prevent this, given the permissionless nature of these products. Nevertheless, Cronje was sometimes criticized for not deploying contracts on testnets, where …
Technology / Oct. 15, 2020
Finance Redefined: You get hacked, they get hacked, everyone gets hacked, Nov. 11–18
If people actually used insurance against hacks, this week would definitely have bankrupted a great many insurers. In the span of one week, a total of four flash loan-enabled exploits were registered (one actually happened the week before, but wasn’t noticed until later). We have, in order, Cheese Bank with a $3.3 million theft, Akropolis with its $2 million loss, Value DeFi with a whopping $6 million exploit and finally Origin Protocol’s loss of $7 million. In total, the hackers stole $18.3 million, which admittedly, is not that much — less than the single October exploit of Harvest Finance. As …
Technology / Nov. 19, 2020
Jump Crypto replenishes funds from $320M Wormhole hack in largest-ever DeFi 'bailout'
On Thursday, Jump Crypto, a crypto venture capital firm that owns Certus One, the developer of the Wormhole token bridge, announced it had deposited 120 thousand Ether (ETH) into a Solana-Ethereum bridge that suffered a devastating exploit. The day prior, hackers fraudulently minted 120 thousand wrapped Ether (wETH) worth $321 million on the Solana (SOL) platform, then redeemed 93,750 wETH for ETH on the Ethereum network while swapping the rest for other altcoins on the Solana network. The cross-chain ETH-wETH is supposed to have an exchange ratio of 1:1 against one another. Therefore, unauthorized minting of wETH leads to significant …
Technology / Feb. 3, 2022
Hacker tries to exploit bridge protocol, fails miserably: Finance Redefined
Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week. This past week, there were some major developments in the run-up to the upcoming Ethereum Merge slated for Sept. 15. Bitfinex became the latest crypto exchange to throw its support behind the chain split token. While DeFi bridge hacks have become a norm this year, developers behind Rainbow Bridge managed to foil an exploit attempt within seconds, leading to the hacker losing their safety deposit. The Tornado Cash developer who was arrested last week …
Ethereum / Aug. 27, 2022