Blockchain security provider Quantstamp has launched an automated service to detect flash loan attack vectors in smart contracts. The new service is being called Economic Exploit Analysis and is based on research done at the University of Toronto.
Economic Exploit Analysis will be available to protocols, whether they have been deployed or not. It will enhance Quantstamp’s audits by identifying flash loan attack vulnerabilities in a client’s code. The service will be available on any Ethereum Virtual Machine (EVM)-compatible blockchain and is non-exhaustive — that is, it may not detect all attacks.
In decentralized finance (DeFi), a flash loan is an unsecured loan that has to be taken out and paid back in the same transaction. Flash loans can be used to take advantage of price differences between crypto exchanges (arbitrage), debt refinancing and similar actions. A flash loan attack is the manipulation of DeFi protocols in ways developers did not foresee. Quantstamp explained:
“Flash loan attacks can drain the entire TVL (total value locked) of a DeFi protocol, and their complicated nature combined with DeFi’s composability means these attack vectors often evade conventional audits.”
