“Flash loans” are now used to manipulate protocol votes
Flash loans can be used for more than just siphoning funds from poorly assembled Decentralized Financing (DeFi) protocols.
It’s a lesson investors can learn from Israeli startup BProtocol’s manipulation of flash loans to influence election results on the former DeFi MakerDAO project earlier this week.
According to MakerDAO Community ForumOn October 26, BProtocol borrowed 13,000 MKR tokens worth approximately $ 7 million via a flash loan from the dYdX derivatives platform traded for MKR on the Aave lending platform. Voting with MKR tokens loaned by flash enabled BProtocol to accelerate the desired electoral results for its MakerDAO-based project.
The “attack” was less of an attack and more of an unintended consequence of Flash Loans, an early crypto product that debuted in early 2020 with the DeFi Aave platform.
Read more: Everything you always wanted to know about the DeFi “Flash Loan” attack
Flash loans allow a savvy trader to build up insane leverage behind a trade by providing a temporary loan that must be executed and settled in a single block. Here – and perhaps for the first time – BProtocol has borrowed millions of MKR tokens to influence a protocol election and return the money in one lump.
Other DeFi degens have used flash loans to perform what is commonly referred to as an oracle attack. In these situations, a project’s funds are threatened due to poor project infrastructure – usually poor quality prices. This happened last Sunday with the $ 1 billion Harvest Finance protocol, whose prices for its stablecoin pools were influenced by a flash loan, resulting in a haircut for traders at Harvest.
However, the possibility of using flash loans to exploit governance events is quite recent. MakerDAO governance token holders usually decide how the platform evolves.
But here, BProtocol has shown that if there are enough MKR tokens to borrow in DeFi markets, a flash loan can be used by just about anyone to influence Maker election results. All someone has to do is wait until they are last in line to vote and deposit the borrowed tokens, BProtocol CEO Yaron Velner said on a WhatsApp call.
Velner added that he believed the Maker Foundation was aware of the unlocked door BProtocol went through with its flash loan, and that the outcome of the vote likely would have been the same.
He said the team had waited extra days to be whitelisted for using MakerDAO’s pricing oracles and became “curious” after months of studying Maker’s infrastructure to see if flash loan was possible. So they decided to play around a bit.
Now, MakerDAO community members and the Maker Foundation are considering options to “deter large MKR holders from providing MKR liquidity on lending and AMM platforms” until MakerDAO can put the votes on blacklist using flash loans, according to the MakerDAO Forum.
Instead of commenting, the Maker Foundation told CoinDesk a Community forum October 6 discussion on limiting the use of flash loans for governance procedures.