Flash Loan Attacks in DeFi Space
Given the current situation with flash loan attacks in DeFi space, the team of Biswap has conducted extensive research on this issue. The dev team has accurately assessed the situation on the market as well as the code of Biswap. Before we jump to the conclusions, let us guide you through the whole process.
Basically, a flash loan is an unsecured loan because no collateral is provided. You simply ask the lender if you can borrow $50,000 in BNB, they say yep! Here you go! and you're off. But a flash loan must be repaid in the same transaction.
In the case of a flash loan, you can think of your transaction "program" as being made up of three parts: receive the loan, do something with the loan, repay the loan. And it all happens in a flash! Let's just attribute it to the magic of blockchain technology.
The transaction gets submitted to the network, temporarily lending you those funds. You can do some stuff in part two of the transaction. Do whatever you want, so long as the funds are back in time for part three. If they're not, the network rejects the transaction, meaning that the lender gets their funds back. Actually, as far as the blockchain is concerned, they always had the funds. That explains why the lender doesn't require collateral from you. The contract to repay is enforced by code.
The idea is to feed the funds into a smart contract (or chain of contracts), flip a profit, and return the initial loan at the end of the transaction. As you can see, the point of flash loans is to profit.
Multiple DEX platforms were flash-loan attacked during the past 24 hours. BurgerSwap made an official announcement and confirmed that they experienced a flash loan attack and incurred financial losses.
An Official Announcement From Burger Swap
According to one of the developers of Uniswap, the exploit happened because the attacker could do reentrance and did a second swap before reserves, which are used to calculate the number of tokens in swaps, were updated. In simple terms, a flash loan attack on BurgerSwap was successful because of one missing line in the code that was removed either intentionally or unintentionally.
Our dev team has taken all the necessary measures to investigate the cause of these attacks. When it comes to our code, the attacker cannot do reentrance and perform a second swap before reserves, which are used to calculate the number of tokens in swaps, are updated. This is ensured by the following line in the code.
According to the research conducted, you can be assured that Biswap does not have any vulnerabilities that can lead to a flash loan attack. Your safety has always been our top priority, hence, we have also invested significant financial resources to have our smart contracts assessed by the leading blockchain security company - Certik. The final report from Certik is expected in the coming weeks.