Announcing DeFi Audits & The Holistic bZx Post-Mortem)
DeFi Audits (due diligence beyond static Solidity code) & bZx Post-Mortem (explaining what happened in detail and what we can learn from it)
bZx Hack Full Disclosure (With Detailed Profit Analysis)
We emphasize that this is not an oracle attack. Instead, it is a clever arbitrage execution, which did exploit a bug in bZx smart contract implementation to allow for the leakage of supposedly-locked bZx funds to Uniswap and further absorb the leaked funds into a Compound position.
bZx: The Oracle Manipulation Attack post mortem
We will be working towards the three medianized oracle price feed model initially proposed in our whitepaper. This will be done in three steps.
In Phase 0 we will use Chainlink to provide reference prices. In Phase 1 we will incorporate both Chainlink and Band protocol oracles. The final form of the oracle system will be to include price information from Chainlink, Band, and Uniswap v2.0. The prices will be medianized, and that median price will be used as the reference rate.
DeFi lending protocol bZx exploited, ‘a portion of ETH lost’
Decentralized finance (DeFi) lending protocol bZx has just been exploited. While the exact amount of lost ether (ETH) is not yet known, bZx co-founder Kyle Kistner said: “a portion of ETH [has been] lost.”
Taking undercollateralized loans for fun and for profit
By relying on an on-chain decentralized price oracle without validating the rates returned, DDEX and bZx were susceptible to atomic price manipulation. This would have resulted in the loss of liquid ETH in the ETH/DAI market for DDEX, and loss of all liquid funds in bZx. Fortunately, no funds were actually lost.
Yields of 25% to 42% Lure Lenders Back to DeFi Platform bZx – CoinDesk
Lenders and depositors are coming back to bZx, as the decentralized protocol for margin trading offers significantly higher yields on ether deposits compared to its peers.