Smart contract security isn't just about Solidity bugs. Sometimes, the code is flawless, but the surrounding economic logic is fatally flawed. Economic exploits manipulate the financial incentives and mathematical models of a protocol, often without directly "hacking" the contract itself.
One of the most common vectors for economic exploits involves Automated Market Makers (AMMs) and Liquidity Provider (LP) tokens.
The AMM Vulnerability: Price Oracles
Many DeFi protocols use AMMs (like Uniswap V2) as their on-chain price oracle. This is problematic:
- Limited Liquidity: AMM pools, especially for illiquid assets, can be easily manipulated if a large swap is executed.
- Flashloans: An attacker can borrow vast sums of capital to execute massive, temporary price swings.
The Harvest Finance Exploit ($34M)
The Harvest Finance exploit is a classic example of AMM manipulation to devalue LP shares.
- The Target: Harvest Finance was an auto-compounding yield farm. It took users' stablecoins (e.g., USDT) and deposited them into a strategy, which involved providing liquidity to Curve's 3pool (USDT-USDC-DAI).
- The AMM Flaw: Curve's 3pool, while designed for stablecoins, still uses an AMM model. More importantly, Harvest's profit calculation (and thus LP share value) relied on the ratio of stablecoins within this pool.
- The Attack Steps:
- Flashloan: The attacker borrowed a massive amount of stablecoins (e.g., $50M in USDT).
- Price Manipulation: They then swapped a huge portion of this USDT into USDC and DAI within the Curve 3pool. This artificially inflated the price of USDT relative to USDC/DAI inside the pool.
- Deposit: The attacker deposited their remaining (now "overpriced") USDT into Harvest Finance, minting new LP shares at an inflated valuation.
- Rebalance: They swapped the USDC/DAI back into USDT on Curve, restoring the original stablecoin ratios and causing the USDT to devalue back to its true price.
- Withdraw: The attacker then withdrew their LP shares from Harvest. Because the USDT they deposited was artificially overvalued, their shares now entitled them to more underlying assets than they initially put in.
- Profit & Repay: The difference was pure profit. The Flashloan was repaid, completing the atomic transaction.
The Harvest Finance smart contract code was not directly "hacked" or exploited for a Solidity bug. The attacker simply used the protocol's reliance on a manipulable AMM as a price oracle for its internal accounting.
Defense Strategies
- Time-Weighted Average Price (TWAP) Oracles: Instead of instant prices, use an oracle that averages prices over a period (e.g., 10-30 minutes). This makes Flashloan attacks economically unfeasible, as the manipulated price only lasts for one block.
- Decentralized Oracles: Rely on Chainlink or similar robust, decentralized oracle networks that aggregate prices from multiple sources, making single-pool manipulation ineffective.
- Understand LP Share Mechanics: If your protocol uses LP tokens, ensure its valuation logic is resilient to large, single-block swaps.
Economic exploits highlight that comprehensive security requires an understanding of both code and market dynamics.