Quantstamp, a provider of blockchain security solutions, this week unveiled Economic Exploit Analysis. Economic Exploit Analysis identifies flash loan attack vectors in smart contracts through automated tooling before protocols get hacked. The service is based on research from the University of Toronto that Quantstamp commercialized.
In the first six months of 2023, an estimated $207M was stolen through flash loan attacks. A flash loan is an uncollateralized loan provided by a smart contract that can be taken out for as short as a single transaction.
In a flash loan attack, hackers exploit flash loans to borrow substantial funds and manipulate DeFi protocols into unexpected states that developers may not have anticipated. They can drain the entire total value locked of a DeFi protocol, and these attack vectors often evade conventional audits.
Economic Exploit Analysis detects flash loan attack vulnerabilities in code. It is available for deployed and undeployed protocols.
“DeFi has the potential to change the global financial infrastructure for the better, but its success requires preempting threats like flash loan attacks. We developed this tool to provide DeFi protocols an extra layer of security on top of audits,” said Martin Derka, head of new initiatives at Quantstamp. “As DeFi evolves, security measures need to evolve with it. Services like Economic Exploit Analysis give us an edge against hackers.”
Some manual guidance and protocol-specific adaptations are required. In addition to checking clients’ contracts, auditors also incorporate contracts from the integrated and other relevant DeFi protocols. While the search tool is non-exhaustive, meaning that attacks may still exist even if the automated tool doesn’t detect them, its practical success rate is remarkably high, Quantstamp claims.
Quantstamp also offers security services including smart contract audits, ZK rollup audits, and more. Quantstamp is blockchain-agnostic, conducting audits for several other blockchains beyond Ethereum including Solana, Flow, Cardano, Avalanche, Binance Smart Chain, Near, Hedera Hashgraph, Tezos, Aptos, and Sui.