Technical Audits Are Not Enough: Economic Security in DeFi
DeFi protocols face vulnerabilities not just from coding bugs or exploits but from economic factors such as market fluctuations, governance manipulation, and liquidity crises. While traditional technical audits focus on ensuring the code behaves as expected, they often fail to account for how economic conditions, like market stress or manipulation, can affect a protocol’s stability.
Technical Audits focus on ensuring that the code performs as intended and that there are no exploitable bugs or vulnerabilities. However, they are limited to examining the protocol in isolation, not considering the broader economic environment or interdependencies with other protocols.
What Are Economic Audits?
Economic audits are described as a security practice that extends beyond the scope of technical audits, which typically focus on finding bugs or coding flaws. Economic audits simulate real-world market conditions and stress tests to evaluate how a protocol would behave under various economic scenarios.
The focus is on understanding the economic interactions within a DeFi protocol and how external factors, such as market fluctuations, liquidity crunches, and governance manipulation, can exploit vulnerabilities.
One of the critical aspects of economic audits is the simulation of market conditions such as sudden price movements, liquidity fluctuations, or changes in user behavior. Another crucial factor in economic audits is examining the governance structures of DeFi protocols. Governance-related vulnerabilities can arise if malicious actors can manipulate voting systems to take control of a protocol, as seen in cases like the Beanstalk exploit.
Additionally, economic audits evaluate the incentive structures within the protocol to ensure that they promote healthy participation and prevent malicious behaviors. For instance, poorly designed incentives can encourage attacks or opportunistic behavior that might destabilize the protocol. Economic audits also look at the ripple effects that can occur when one protocol or token is exploited, especially in a DeFi ecosystem where protocols are highly interconnected.
These audits aim to predict the cascading impacts of a single exploit across multiple protocols, similar to how financial crises in traditional markets can spread from one sector to another. The interconnected nature of DeFi makes these ripple effects particularly dangerous, as one protocol's failure can significantly impact liquidity, pricing, and governance across other protocols.
Lastly, the audit also evaluates whether the risk parameters within the protocol are well-calibrated to withstand potential stress or manipulation. Economic Audits helps protocols prepare for and mitigate economic vulnerabilities that technical audits would not catch, thus providing a more comprehensive security framework for the DeFi ecosystem.
Technical Audits vs. Economic Audits
While both audits are essential, they serve different purposes and one cannot replace the other.
Atomic vs. Non-Singular Operations
- Technical Audits: These focus on ensuring that the code performs atomic operations—meaning the operations execute fully or not at all, minimizing the risk of partial failures that could lead to exploits. Technical audits examine the specific code logic to ensure that it operates as expected without bugs or loopholes.
- Economic Audits: Economic audits go beyond atomic operations, considering the broader economic environment where non-singular operations occur. These are operations that depend on factors outside the protocol, such as external liquidity, market prices, or governance decisions. Economic audits simulate these conditions to assess how these external factors could create vulnerabilities.
Code Loopholes & Exploitability
- Technical Audits: These aim to identify specific code loopholes that attackers could exploit. For example, if a function is not properly secured, a hacker might be able to drain funds or alter key protocol parameters.
- Economic Audits: While technical audits look at code vulnerabilities, economic audits focus on how broader economic conditions could expose the protocol to attacks. For example, an economically risky governance setup might allow a hostile takeover or a market manipulation event that could severely impact the protocol.
Public/Private Audits Scope
- Technical Audits: The scope of technical audits is typically defined by the protocol itself. They focus on reviewing the codebase, identifying technical bugs, and ensuring that the protocol operates as intended from a purely functional standpoint.
- Economic Audits: Economic audits have a much broader scope—they look beyond the protocol’s internal logic to understand how it interacts with the wider DeFi ecosystem, including external factors such as market conditions, liquidity, token interdependencies, and governance structures. This broader scope allows for more comprehensive risk analysis, especially in dynamic and interconnected ecosystems like DeFi.
Exploitability in Different Contexts
- Technical Audits: The primary focus is on ensuring that the code itself is not vulnerable to specific, isolated exploits (e.g., reentrancy attacks, integer overflows). Once the technical checks are in place, the code is assumed to be secure in a controlled environment.
- Economic Audits: In contrast, economic audits assess how the protocol would behave in real-world scenarios, where external economic pressures (like price manipulation or governance attacks) could expose vulnerabilities. They simulate real-world economic conditions to ensure that the protocol remains secure even when subjected to these external factors.
Scope Differences
- Technical Audits: Their scope is typically restricted to the internal operations of the protocol and its codebase. The audit checks whether the smart contract functions as intended, securing against coding errors and logic bugs.
- Economic Audits: These audits have a wider scope, considering external influences such as market dependencies, governance structures, and liquidity stresses. They evaluate how a protocol interacts with the broader DeFi ecosystem and assess whether the protocol is resilient to economic pressures.
Both audits are complementary and necessary for comprehensive security.
Key Vulnerabilities Unchecked by Technical Audits
Technical audits fail to address some vulnerabilities that arise from external economic factors, dependencies, and interactions with other protocols, all of which require economic audits to identify and mitigate.
Token Interrelationships & Ripple Effects
Token interrelationships are a significant source of risk in DeFi, where tokens from one protocol may have interdependencies with tokens in other protocols. For example, if the price of one token crashes, it could lead to cascading effects across multiple platforms. Technical audits do not assess the ripple effects that could occur when a token within a protocol is affected by external economic conditions, such as a market downturn or an exploit in another protocol.
Economic audits, however, simulate these scenarios to understand how the protocol might react to such events. An example is the collapse of Terra Luna, where the de-pegging of its stablecoin caused widespread disruptions across the DeFi ecosystem.
Oracle Dependencies & Price Manipulation
Many DeFi protocols rely on oracles to fetch external data, such as token prices or interest rates. A common vulnerability arises from oracle dependencies, where protocols are at risk if the oracle becomes compromised or if the data it provides is inaccurate or manipulated. Price manipulation attacks are a specific form of economic exploit that can occur when an attacker manipulates the price of a token through an oracle, allowing them to profit from arbitrage or forced liquidations.
Technical audits typically ensure that the code interacts correctly with the oracle, but they do not assess the risk of price manipulation at the oracle level, which can have devastating effects on the protocol.
Governance Exploits
Governance vulnerabilities are another major risk in DeFi protocols, especially in systems where voting power is tied to token ownership. Attackers can exploit governance mechanisms to take over a protocol, propose malicious changes, or drain funds, as seen in the Beanstalk exploit. In the Beanstalk case, the attacker used a flash loan to gain 79% of the voting power temporarily, allowing them to push through a malicious proposal and steal $181M.
Technical audits often overlook governance structures, focusing instead on the smart contract code. However, economic audits analyze how governance systems can be exploited, particularly through flash loans or other mechanisms that temporarily increase voting power.
Liquidity Crises & Protocol Stress
Liquidity crises are a significant concern in DeFi protocols. When the liquidity of a protocol drops suddenly, it can cause price slippage, forced liquidations, or collateral shortages, leading to a downward spiral that puts the entire system under stress. A liquidity crisis can arise from various factors, such as market downturns, token volatility, or large withdrawals from a protocol.
While technical audits ensure that smart contracts function correctly under normal conditions, they do not simulate stress scenarios where liquidity is low, making protocols vulnerable to attacks or unintended behavior. Economic audits, on the other hand, simulate these stress conditions to assess how the protocol would handle a liquidity crunch and whether it has mechanisms to mitigate or recover from such crises.
Notable Economic Exploits
These case studies provide detailed insights into how attackers have exploited vulnerabilities not related to code bugs but rather economic weaknesses in the design and structure of DeFi protocols.
Case 1: Mango Market Exploit
- Date: October 2022
- Exploit Vector: Price Manipulation
- Amount: $116 million
In this exploit, the attacker manipulated the price of the Mango token ($MNGO) across various exchanges, causing massive liquidations and draining the protocol of funds. The steps involved in the attack were as follows:
1. Initial Setup: The attacker used two wallets, each holding $5 million USDC, to execute the attack. Wallet 1 placed a large sell order for $483 million worth of MANGO tokens at a low price of $0.0382.
2. Price Manipulation: Wallet 2 was then used to purchase all the MANGO tokens sold by Wallet 1 at this low price. Following this, the attacker began aggressively buying MANGO tokens on multiple exchanges, including Mango Markets, AscendEX, and FTX, pushing the price from $0.0382 to $0.91 in a short period.
3. Exploiting the Price Pump: This sudden price pump caused massive liquidations of short positions, as the high MANGO price exceeded the collateral held by those shorting the token. As a result, the attacker was able to profit from the manipulated price rise, and the MANGO token price later crashed to $0.0259.
Outcome: The attack led to significant draining of Mango Market’s liquidity as over 4,000 short liquidations were triggered, further destabilizing the protocol. This economic exploit did not rely on any technical bug but rather took advantage of price manipulation across multiple platforms, demonstrating a clear case where economic audits could have prevented or mitigated the impact of the attack by simulating such price manipulations.
Case 2: Beanstalk Exploit
- Date: April 2022
- Exploit Vector: Governance Manipulation
- Amount: $181 million
The Beanstalk exploit involved an attacker taking control of the governance system to push through malicious proposals. This exploit highlights how governance vulnerabilities can be as damaging as technical flaws if not properly managed. The key steps of the attack were:
1. Governance Exploit: The attacker made two proposals to transfer tokens from Beanstalk’s treasury to their own wallet. These proposals were disguised as legitimate governance changes. Beanstalk’s governance system required emergencyCommit votes, where proposals could be approved if they gained a two-thirds voting majority.
2. Flash Loan Attack: The attacker used a flash loan to temporarily borrow a massive number of Beanstalk tokens, enough to control 79% of the voting power. With this majority, the attacker was able to push through their proposals and execute them, transferring the tokens from Beanstalk’s treasury to their own wallet.
Outcome: The successful governance attack led to the de-pegging of the BEAN token, which lost 75% of its value, severely affecting the protocol. The total loss from the attack amounted to $181 million, which could have been mitigated if economic audits had been conducted to simulate governance-related vulnerabilities. Economic audits would have identified the risk of governance manipulation, especially the possibility of using flash loans to temporarily gain voting control, a scenario often overlooked in technical audits.
Both cases emphasize the need for economic audits to complement technical audits, ensuring that protocols are resilient against price manipulation and governance exploits, two critical areas often left unchecked in traditional security assessments.
Case 3: Terra Luna De-Peg Event
The collapse of the Terra Luna ecosystem serves as a prominent example of how economic factors, rather than technical flaws, can bring down an entire protocol. This event is often referenced as a textbook case of economic mismanagement, where a failure in one area triggered a cascading collapse across the entire DeFi space.
Terra’s stablecoin, UST, was algorithmically pegged to the US dollar, relying on its relationship with the Luna token to maintain its value. The idea was that UST could always be exchanged for a corresponding amount of Luna, keeping the price stable. However, this system depended heavily on market confidence and liquidity, both of which began to falter as external economic pressures mounted.
In May 2022, a significant market event caused UST to lose its peg, falling below $1. This triggered a death spiral as holders of UST rushed to exchange their tokens for Luna, which rapidly diluted the supply of Luna and drove its price down. As UST’s peg continued to break, it created a feedback loop where both UST and Luna collapsed in value, leaving the protocol unable to recover.
The collapse of Terra Luna had massive repercussions across the DeFi ecosystem, as many protocols were interconnected with Terra through liquidity pools, lending platforms, and staking services. The event caused a widespread liquidity crisis, leading to massive liquidations and loss of funds in other protocols that were indirectly exposed to Terra.
This exploit was not the result of any specific coding bug or technical flaw. Instead, it was caused by economic mismanagement—the reliance on an algorithmic stablecoin without adequate reserves or safeguards to handle market volatility. Technical audits would not have caught this vulnerability because it was rooted in the economic model of the protocol, emphasizing the need for economic audits that simulate such de-pegging scenarios and liquidity crises.
Terra Luna’s collapse showed how a single protocol’s failure could create ripple effects across the entire DeFi ecosystem, highlighting the need to evaluate inter-protocol dependencies during audits. The collapse was a result of an unsustainable economic model (algorithmic stablecoin) that was not prepared for extreme market conditions. Economic audits could have simulated these conditions to reveal the protocol’s fragility.
The lack of adequate reserves and failure to account for extreme market volatility were key contributors to Terra Luna’s collapse, pointing to the importance of testing for such risks during an economic audit.
This case study underlines the fact that no matter how technically sound a protocol’s code may be, it is vulnerable to economic collapses if broader market conditions and economic models are not adequately stress-tested.
Layered Architecture of DeFi Protocols
DeFi protocols are built with multiple layers, each of which plays a specific role in the overall functionality of the protocol. These layers are typically composed of:
- Core Protocol Layer: This is the foundation of the protocol, consisting of the smart contracts that define its operations, such as borrowing, lending, staking, or trading. Technical audits usually focus on this layer, ensuring that the smart contracts function as expected without bugs or coding errors.
- Oracle Layer: DeFi protocols often depend on oracles to fetch real-time data from external sources (e.g., price feeds, interest rates). This layer is critical for the protocol’s functioning, as incorrect data can lead to incorrect pricing, under-collateralization, or other risks. Economic audits examine the dependencies on oracles and the risk of oracle manipulation, which technical audits often fail to fully address.
- Governance Layer: Many DeFi protocols use decentralized governance structures to make key decisions about the protocol’s evolution. Governance layers involve voting, token-based decision-making, and protocol changes. Economic audits analyze governance vulnerabilities, such as voting power manipulation or flash loan attacks, where large amounts of voting power can be temporarily gained to influence protocol decisions.
- Liquidity Layer: This layer ensures that there is enough liquidity for the protocol to function smoothly. In lending or trading protocols, the liquidity layer determines whether users can access their funds or execute trades. Economic audits simulate liquidity stress scenarios to determine how the protocol would behave under conditions of low liquidity, such as a mass withdrawal or a sudden market downturn.
Economic Risks in Layered Architectures
Several economic risks that arise from the interaction between these layers, which are often not captured by traditional technical audits.
- Many DeFi protocols are interdependent, relying on other protocols for liquidity, collateral, or data. For instance, a lending protocol may rely on an external stablecoin for collateral. If that stablecoin fails or loses its peg, the lending protocol could become under-collateralized, causing widespread liquidations.
- Attackers can exploit the relationships between protocols by targeting one layer, knowing that it will have ripple effects on other layers. For example, manipulating the price of an asset in one protocol (via oracle manipulation) could affect lending, trading, or collateralization in another.
- Layered architectures also introduce risks of liquidity crises, where one layer’s liquidity depends on another. A sudden liquidity withdrawal in a liquidity pool could affect the protocol’s ability to maintain its operations, leading to cascading failures across other layers.
The interconnected nature of DeFi protocols means that risks often propagate through multiple layers. An exploit in one layer (such as oracles or governance) can cause a chain reaction, leading to failures in other layers (such as liquidity or core operations). Technical audits focus primarily on the core protocol, ensuring that the smart contracts execute as expected, but they do not simulate the systemic risks that arise from the interactions between these layers.
The layered architecture of DeFi protocols introduces complex economic risks that technical audits alone cannot capture. Economic audits provide a critical assessment of how the different layers—core operations, oracles, governance, and liquidity—interact with each other and how they might be exploited or strained under real-world conditions.
Conclusion
Technical audits alone are insufficient to protect DeFi protocols from the broader range of economic risks. Economic audits simulate real-world market conditions, stress-testing the protocol’s resilience to price manipulation, liquidity crises, and governance exploits. The DeFi industry must embrace economic risk management to safeguard protocols against systemic threats. The market for economic audits is currently underserved, presenting a significant opportunity for firms specializing in this area. Future DeFi security will require both technical and economic audits to ensure protocols are protected against a wider range of vulnerabilities.
About Chainrisk
Chainrisk is a comprehensive risk management platform focused on the DeFi sector. It aims to identify & mitigate economic risks associated with DeFi protocols. Chainrisk provides a suite of tools & services designed to stress test DeFi protocols under various market conditions, using agent-based & scenario-based simulations. This helps uncover potential economic exploits & vulnerabilities within these systems before they can be exploited maliciously.