Web3 Security Firm Quantstamp Launches Novel Economic Exploit Analysis Service to Combat Flash Loan Attacks
SAN FRANCISCO, Aug. 23, 2023 /PRNewswire/ — Quantstamp, a global leader in blockchain security, is pleased to announce the launch of its novel service called Economic Exploit Analysis. This exclusive, first-of-its-kind offering allows Quantstamp to uncover flash loan attack vectors in smart contracts through automated tooling before protocols get hacked. The Economic Exploit Analysis service is powered by research from the University of Toronto that Quantstamp advanced and turned into a production-level tool.
In the first half of 2023 alone, an estimated $207M was stolen through flash loan attacks. A flash loan is an uncollateralized loan provided by a smart contract that can be taken out for as short as a single transaction. In these attacks, hackers leverage flash loans to borrow substantial funds and manipulate DeFi protocols into unexpected states that developers may not have anticipated. Flash loan attacks can drain the entire TVL (total value locked) of a DeFi protocol, and their complicated nature combined with DeFi‘s composability means these attack vectors often evade conventional audits.
Seeing the dire need to prevent these attacks, Quantstamp collaborated with researchers from the University of Toronto to advance their research into a production-level automated tool. With the tool now fully developed, Quantstamp is unveiling a new service for DeFi clients called Economic Exploit Analysis, where the Quantstamp team uses the tool to detect flash loan attack vulnerabilities in a client’s code. Available for both deployed and undeployed protocols, this innovative service will vastly benefit the entire DeFi ecosystem by reducing the number of flash loan attacks and the amount of funds lost to those hacks.
Quantstamp believes that the Economic Exploit Analysis service will have a lasting impact on the DeFi ecosystem. Coupled with Quantstamp’s core business offering, smart contract audits, services such as Economic Exploit Analysis will foster a safer and more secure environment for both DeFi companies and their users, pushing the industry further toward mainstream adoption.
“DeFi has the potential to change the global financial infrastructure for the better, but its success requires preempting threats like flash loan attacks. We developed this tool to provide DeFi protocols an extra layer of security on top of audits,” said Martin Derka, Head of New Initiatives at Quantstamp. “As DeFi evolves, security measures need to evolve with it. Services like Economic Exploit Analysis give us an edge against hackers.”
While the search process of the tool is automated, some manual guidance and protocol-specific adaptations are required. In addition to checking clients’ contracts, auditors also incorporate contracts from the integrated and other relevant DeFi protocols, which enhances Quantstamp’s ability to discover flash loan attack vectors that involve multiple protocols. While the search tool is non-exhaustive, meaning that attacks may still exist even if the automated tool doesn’t detect them, its practical success rate is remarkably high. Currently available across all EVM-compatible chains, the Economic Exploit Analysis service has the potential to adapt the tool to other blockchains and VMs (virtual machines) suffering from similar attack vectors.
Quantstamp also offers security services including smart contract audits, ZK rollup audits, and more. Quantstamp is blockchain-agnostic, conducting audits for several other blockchains beyond Ethereum including Solana, Flow, Cardano, Avalanche, Binance Smart Chain, Near, Hedera Hashgraph, Tezos, Aptos, and Sui.
To learn more about Quantstamp’s Economic Exploit Analysis service, visit quantstamp.com/economic-exploits
About Quantstamp
Quantstamp is a global leader in blockchain security, on a mission to secure the future of web3. Founded in 2017, the team has honed their expertise through hundreds of audits and worked with some of the top projects in the industry including Maker, Compound, Polygon, Arbitrum, Sandbox, and many more. To date, Quantstamp has performed 600+ audits and secured over $200 billion in digital asset risk from hackers. In addition to providing an array of security services, Quantstamp facilitates the growth and longevity of the web3 space through strategic investments and acting as a trusted advisor to help projects scale. To learn more head to our website Quantstamp.com or follow us on Twitter @Quantstamp
SOURCE Quantstamp