Nexo

We’re Giving out 10 BTC in Rewards until the Bitcoin Halving

Learn More
Home » Business » Trader Exploits bZx Oracle for $330,000 Profit

Trader Exploits bZx Oracle for $330,000 Profit

by

Clever trader cracks DeFi.

Chinese And Thai Traders Stockpile Bitcoin As Asian Fears Of Recession Grow

Share this article

A trader took full advantage of bZx’s use of a price oracle by crashing the price of wBTC after opening a 5,000 ETH wBTC short on the platform. 

Breaking Down the Trade

What started as just another day in DeFi has ended in an episode of drama and reflection. A trader used the flash loans functionality to profit off bZx’s use of a price oracle.

bZx uses oracles for pricing its internal products. This particular trader took a 10,000 wETH flash loan from dYdX and split the corpus into two: one half was deposited into Compound and the other half into bZx’s Fulcrum protocol.

The Compound portion of the deposit was used as collateral to borrow 112 wBTC and the 5,000 wETH deposited into Fulcrum was a long position perpetual swap on sETH/wBTC, as per the transaction details from EtherScan

112 wBTC was then dumped into Uniswap. This caused a major decrease in Uniswap’s wBTC price as this accounts for 14.6% of the total supply for wBTC. As a result, this trader pocketed just over $1 million in revenue as the sETH/wBTC price went up due to bZx’s reliance on Uniswap for prices. 

wBTC was likely chosen by the trade because of its low supply and liquidity in the market. This translated to a steeper decline in price. 

This trader was left with close to $690,000 worth of debt, and after paying off the 10,000 wETH loan, they walked away with close to $330,000. 

Even after being hit with massive slippage from the sale of a chunk of wBTC, the trader still came out of the trade victorious. Net profit for Uniswap liquidity providers fell as a result of this, and this was the highest volume day for Uniswap’s wBTC market since the DEX’s inception.

Oracle Deficiencies Come to Light

The DeFi community has constantly discussed the possibility of using Uniswap as a resilient, permissionless price oracle for protocols and dApps. However, the risk of using a single source of truth for a protocol opens it up to incidents like this, where oracles are exploited for profit.

ChainLink, for example, draws the price of an asset from multiple sources. If bZx had used ChainLink, Uniswap’s wBTC price would’ve accounted for just a portion of the total price. Other sources such as Kyber, Switcheo, IDEX, and Bitfinex would also have been used.

To conduct a similar attack on a network that uses multiple price inputs, one would have to force the price of an asset down across the various exchanges from which price inputs are taken.  

Oracles are a critical piece of infrastructure for permissionless systems. Protocols like ChainLink help streamline this process and ensure price manipulation on one platform does not meaningfully affect the end result for their clients. 

It’s important to note that this wasn’t a hack or unethical move of any sort. The trader simply found an exploit and gamed the bZx protocol. Decentralized systems need to be robust on their own, without human intervention. 

Incidents like this will only push DeFi protocols to implement better standards. This one event will go a long way in improving the overall robustness of DeFi.

Earlier, Crypto Briefing claimed the reason the trader used Uniswap was that bZx used Uniswap as a price oracle for the protocol. The bZx team has since refuted these comments, with co-founder Kyle Kistner stating “we can mostly say what didn’t happen more than what did at this point.”

People in the DeFi community still speculate that there is a connection between bZx and Uniswap that explains the scenario. bZx claims the trader exploited a comprehensive vulnerability in the smart contract and an upgrade has already been deployed to curb this from happening in the future. The project has additionally stated that they use Kyber as a price oracle and query the bid and ask components of orders.

Share this article

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.