undefined | Better HN

0 points3np4y ago0 comments

The general consensus is that it's a terrible idea to rely on Uniswap (or any other dex) as a price oracle for valuation/pricing for other on-chain defi applications/dexes. With enough capital (which can be acquired through flash loans) you can absolutely perform economic attacks though atomic transaction chains involving moving the dex price. Uniswap, Kyber, and others will tell you the same thing. This makes me think that even things like DAI/MakerDAO (and anything that relies oracles like Chainlink) can start to get brittle when/if the major price discovery and liquidity are on Dexes.

This has been seen in practice, for example in the Fulcrum hack:

https://gist.github.com/alexvansande/edcc9fe935b61526766c956...

https://dappradar.com/blog/defi-flash-loan-attack-what-just-...

0 comments

ikeboy4y ago

Flash loans are not relevant to the uniswap TWAP oracle, which ignore any transactions in the current block. That oracle was written specifically to be resistant to manipulation and I don't think there's any consensus not to use it.

3npOP4y ago

It's definitely an improvement. Still, I would advise against it in general, especially for arbitrary pairs. This category of attacks can be difficult to foresee and even arise after deployment due to new incentives outside of the system.

While Chainlink has its own host of issues and risks, there are still valid reasons why companies are paying them and their node operators good money to feed price contracts for ERC-20 token pairs.

acjohnson554y ago

Could you not still use flash loans in attacks that take longer than one block? You'd have to pay the loan back within each block, but it seems like you could still shift markets enough to take advantage, if you were willing enough to take on some risks.

nadahalli4y ago

That'd be quite expensive. And as you manipulate prices across blocks, arbitrageurs would arb it back to "market price". Uniswap V3 allows for a 3rd party smart contract to ask its Uniswap V3 Oracle to employ a 9 day moving average price - which is of course, not very useful as a "spot price", but is super hard to manipulate.

j / k navigate · click thread line to collapse