FlashSyn: Flash Loan Attack Synthesis via Counter Example Driven
Approximation
- URL: http://arxiv.org/abs/2206.10708v3
- Date: Fri, 12 Jan 2024 12:35:35 GMT
- Title: FlashSyn: Flash Loan Attack Synthesis via Counter Example Driven
Approximation
- Authors: Zhiyang Chen, Sidi Mohamed Beillahi, Fan Long
- Abstract summary: In decentralized finance (DeFi), lenders can offer flash loans to borrowers.
Unlike normal loans, flash loans allow borrowers to borrow large assets without upfront collaterals deposits.
Malicious adversaries use flash loans to gather large assets to exploit vulnerable DeFi protocols.
- Score: 4.639819221995903
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: In decentralized finance (DeFi), lenders can offer flash loans to borrowers,
i.e., loans that are only valid within a blockchain transaction and must be
repaid with fees by the end of that transaction. Unlike normal loans, flash
loans allow borrowers to borrow large assets without upfront collaterals
deposits. Malicious adversaries use flash loans to gather large assets to
exploit vulnerable DeFi protocols. In this paper, we introduce a new framework
for automated synthesis of adversarial transactions that exploit DeFi protocols
using flash loans. To bypass the complexity of a DeFi protocol, we propose a
new technique to approximate the DeFi protocol functional behaviors using
numerical methods (polynomial linear regression and nearest-neighbor
interpolation). We then construct an optimization query using the approximated
functions of the DeFi protocol to find an adversarial attack constituted of a
sequence of functions invocations with optimal parameters that gives the
maximum profit. To improve the accuracy of the approximation, we propose a
novel counterexample driven approximation refinement technique. We implement
our framework in a tool named FlashSyn. We evaluate FlashSyn on 16 DeFi
protocols that were victims to flash loan attacks and 2 DeFi protocols from
Damn Vulnerable DeFi challenges. FlashSyn automatically synthesizes an
adversarial attack for 16 of the 18 benchmarks. Among the 16 successful cases,
FlashSyn identifies attack vectors yielding higher profits than those employed
by historical hackers in 3 cases, and also discovers multiple distinct attack
vectors in 10 cases, demonstrating its effectiveness in finding possible flash
loan attacks.
Related papers
- AegisLLM: Scaling Agentic Systems for Self-Reflective Defense in LLM Security [74.22452069013289]
AegisLLM is a cooperative multi-agent defense against adversarial attacks and information leakage.
We show that scaling agentic reasoning system at test-time substantially enhances robustness without compromising model utility.
Comprehensive evaluations across key threat scenarios, including unlearning and jailbreaking, demonstrate the effectiveness of AegisLLM.
arXiv Detail & Related papers (2025-04-29T17:36:05Z) - Protecting DeFi Platforms against Non-Price Flash Loan Attacks [0.6096888891865663]
We present FlashGuard, a runtime detection and mitigation method for non-price flash loan attacks.
Our approach targets smart contract function signatures to identify attacks in real-time and counterattack by disrupting the attack transaction atomicity.
FlashGuard achieves an average real-time detection latency of 150.31ms, a detection accuracy of over 99.93%, and an average disruption time of 410.92ms.
arXiv Detail & Related papers (2025-03-03T18:18:05Z) - QuanCrypt-FL: Quantized Homomorphic Encryption with Pruning for Secure Federated Learning [0.48342038441006796]
We propose QuanCrypt-FL, a novel algorithm that combines low-bit quantization and pruning techniques to enhance protection against attacks.
We validate our approach on MNIST, CIFAR-10, and CIFAR-100 datasets, demonstrating superior performance compared to state-of-the-art methods.
QuanCrypt-FL achieves up to 9x faster encryption, 16x faster decryption, and 1.5x faster inference compared to BatchCrypt, with training time reduced by up to 3x.
arXiv Detail & Related papers (2024-11-08T01:46:00Z) - Strengthening DeFi Security: A Static Analysis Approach to Flash Loan Vulnerabilities [0.0]
We introduce FlashDeFier, an advanced detection framework for price manipulation vulnerabilities arising from flash loans.
FlashDeFier expands the scope of taint sources and sinks, enabling comprehensive analysis of data flows across DeFi protocols.
Tested against a dataset of high-profile DeFi incidents, FlashDeFier identifies 76.4% of price manipulation vulnerabilities, marking a 30% improvement over DeFiTainter.
arXiv Detail & Related papers (2024-11-02T12:42:01Z) - FORAY: Towards Effective Attack Synthesis against Deep Logical Vulnerabilities in DeFi Protocols [7.413607595641641]
We introduce Foray, a highly effective attack synthesis framework against deep logical bugs in DeFi protocols.
Based on our DSL, we first compile a given DeFi protocol into a token flow graph, our graphical representation of DeFi protocols.
Then, we design an efficient sketch generation method to synthesize attack sketches for a certain attack goal.
arXiv Detail & Related papers (2024-07-08T19:35:48Z) - LookAhead: Preventing DeFi Attacks via Unveiling Adversarial Contracts [15.071155232677643]
Decentralized Finance (DeFi) incidents have resulted in financial damages exceeding 3 billion US dollars.
Current detection tools face significant challenges in identifying attack activities effectively.
We propose a new direction for detecting DeFi attacks that focuses on identifying adversarial contracts.
arXiv Detail & Related papers (2024-01-14T11:39:33Z) - FABind: Fast and Accurate Protein-Ligand Binding [127.7790493202716]
$mathbfFABind$ is an end-to-end model that combines pocket prediction and docking to achieve accurate and fast protein-ligand binding.
Our proposed model demonstrates strong advantages in terms of effectiveness and efficiency compared to existing methods.
arXiv Detail & Related papers (2023-10-10T16:39:47Z) - G$^2$uardFL: Safeguarding Federated Learning Against Backdoor Attacks
through Attributed Client Graph Clustering [116.4277292854053]
Federated Learning (FL) offers collaborative model training without data sharing.
FL is vulnerable to backdoor attacks, where poisoned model weights lead to compromised system integrity.
We present G$2$uardFL, a protective framework that reinterprets the identification of malicious clients as an attributed graph clustering problem.
arXiv Detail & Related papers (2023-06-08T07:15:04Z) - Transferable Sparse Adversarial Attack [62.134905824604104]
We introduce a generator architecture to alleviate the overfitting issue and thus efficiently craft transferable sparse adversarial examples.
Our method achieves superior inference speed, 700$times$ faster than other optimization-based methods.
arXiv Detail & Related papers (2021-05-31T06:44:58Z) - Secure Bilevel Asynchronous Vertical Federated Learning with Backward
Updating [159.48259714642447]
Vertical scalable learning (VFL) attracts increasing attention due to the demands of multi-party collaborative modeling and concerns of privacy leakage.
We propose a novel bftextlevel parallel architecture (VF$bfB2$), under which three new algorithms, including VF$B2$, are proposed.
arXiv Detail & Related papers (2021-03-01T12:34:53Z) - Blockchain Assisted Decentralized Federated Learning (BLADE-FL) with
Lazy Clients [124.48732110742623]
We propose a novel framework by integrating blockchain into Federated Learning (FL)
BLADE-FL has a good performance in terms of privacy preservation, tamper resistance, and effective cooperation of learning.
It gives rise to a new problem of training deficiency, caused by lazy clients who plagiarize others' trained models and add artificial noises to conceal their cheating behaviors.
arXiv Detail & Related papers (2020-12-02T12:18:27Z) - BlockFLA: Accountable Federated Learning via Hybrid Blockchain
Architecture [11.908715869667445]
Federated Learning (FL) is a distributed, and decentralized machine learning protocol.
It has been shown that an attacker can inject backdoors to the trained model during FL.
We develop a hybrid blockchain-based FL framework that uses smart contracts to automatically detect, and punish the attackers.
arXiv Detail & Related papers (2020-10-14T22:43:39Z) - Adversarial Example Games [51.92698856933169]
Adrial Example Games (AEG) is a framework that models the crafting of adversarial examples.
AEG provides a new way to design adversarial examples by adversarially training a generator and aversa from a given hypothesis class.
We demonstrate the efficacy of AEG on the MNIST and CIFAR-10 datasets.
arXiv Detail & Related papers (2020-07-01T19:47:23Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.