- DeFi has a maths challenge and it has to do with the imprecise way that protocols handle fractions.
- Several recent attacks have exploited this vulnerability.
- One security expert says a “cultural change” is needed to solve the problem.
DeFi builders have a maths headache — hackers can steal from their protocols if they don’t guard against vulnerabilities that stem from the use of approximations in their smart contracts.
Hackers stole $3.6 million from stablecoin protocol Raft Finance last week. The hackers used a flash loan to fund an attack to exploit a precision loss vulnerability in the Raft smart contract. This class of vulnerability is due to rounding errors that happen when numbers are approximated, allowing hackers to get additional share tokens.
This vulnerability was not patched despite Raft undergoing several audits from firms that included Trail of Bits and Hats Finance.
The Raft Finance hack is only the latest in a series of DeFi thefts where the attackers targeted a precision loss vulnerability. DeFi protocols like Balancer and Onyx have also fallen victim to such exploits. In fact, like Onyx, forks of DeFi lender Compound have also been found to contain rounding errors in their codes which have been exploited, as was the case with Hundred Finance and Midas Capital.
Approximation or rounding is using a number that is close to but not exactly the same as the true value of the original number. These approximations can lead to rounding errors and precision loss, especially in complex DeFi protocols that do a lot of maths computations.
“I do think that DeFi has a math challenge, specifically regarding integer rounding,” Taylor Webb, a smart contract developer and security researcher, told DL News.
Approximations aren’t a problem when there are only a few of them, but when they mount up, the rounding error can reach a level large enough for hackers to exploit as they have done on countless occasions.
“The highly dynamic and innovative behaviour of some DeFi apps may allow attackers to amplify the precision loss to a significant amount,” Trust, the pseudonymous head of crypto auditing firm Trust Security told, DL News.
“The combination of the flashloan mechanism, which gives attackers instant access to incredible amounts of value, alongside high-liquidity [Automated Market Makers], allows hackers to capitalise on theoretical ‘loss of value’ issues at a grand scale,” Trust said.
Difficult to detect
Rounding errors and precision loss are pervasive in crypto and there are several reasons why.
The major reason for this is that the computing logic that underpins crypto does not work well with fractions.
“The [Ethereum virtual machine] — like almost any other computing architecture — doesn’t support calculations in fraction form, so there is an inevitable loss of precision,” Trust said.
Meanwhile, tokens run out to different numbers of decimal places — for example, USDC has six decimal places while DAI has 18. A trading pool where both tokens are being swapped will have to be designed with some form of precision scaling to account for the disparate number of decimal places. Precision scaling involves adjusting the decimal places of the secondary asset to match that of the primary asset.
In addition, like other arithmetic issues, rounding errors, are notoriously difficult to detect by smart contract auditors. In fact, these vulnerabilities are routinely missed during audits, leading to instances where heavily-audited protocols still fall victim to hackers exploiting this vulnerability.
‘A cultural change’
The Raft Finance hack has sparked debate on the need to take rounding errors seriously.
“I don’t think the problem is that we are limited to using integers by the EVM, I think the problem is with how developers and auditors approach the rounding error class of bugs,” Webb said.
Webb called for a “cultural change” that would see DeFi builders and auditors treat rounding errors with the same fervour as reentrancy — a type of vulnerability that allows an attacker to interact with a smart contract more times than should be possible.
Smart contract auditor Joe Dakwa told DL News that robust unit and fuzz testing, or fuzzing, should become standard best practice. Fuzzing is a type of test that can be carried out on smart contracts where random data inputs are fed to the code to see if something breaks.
Security experts say invariant testing, which is similar to fuzzing, should also be added to the mix.