Quantstamp, a global leader in blockchain security, is pleased to announce the launch of its novel service called Economic Exploit Analysis. This exclusive, first-of-its-kind offering allows Quantstamp to uncover flash loan attack vectors in smart contracts through automated tooling before protocols get hacked. The Economic Exploit Analysis service is powered by research from the University of Toronto that Quantstamp advanced and turned into a production-level tool.
In the first half of 2023 alone, an estimated $207M was stolen through flash loan attacks. A flash loan is an uncollateralized loan provided by a smart contract that can be taken out for as short as a single transaction. In these attacks, hackers leverage flash loans to borrow substantial funds and manipulate DeFi protocols into unexpected states that developers may not have anticipated. Flash loan attacks can drain the entire TVL (total value locked) of a DeFi protocol, and their complicated nature combined with DeFi’s composability means these attack vectors often evade conventional audits.
Seeing the dire need to prevent these attacks, Quantstamp collaborated with researchers from the University of Toronto to advance their research into a production-level automated tool. With the tool now fully developed, Quantstamp is unveiling a new service for DeFi clients called Economic Exploit Analysis, where the Quantstamp team uses the tool to detect flash loan attack vulnerabilities in a client’s code. Available for both deployed and undeployed protocols, this innovative service will vastly benefit the entire DeFi ecosystem by reducing the number of flash loan attacks and the amount of funds lost to those hacks.
Quantstamp believes that the Economic Exploit Analysis service will have a lasting impact on the DeFi ecosystem. Coupled with Quantstamp’s core business offering, smart contract audits, services such as Economic Exploit Analysis will foster a safer and more secure environment for both DeFi companies and their users, pushing the industry further toward mainstream adoption.
“DeFi has the potential to change the global financial infrastructure for the better, but its success requires preempting threats like flash loan attacks. We developed this tool to provide DeFi protocols an extra layer of security on top of audits,” said Martin Derka, Head of New Initiatives at Quantstamp. “As DeFi evolves, security measures need to evolve with it. Services like Economic Exploit Analysis give us an edge against hackers.”
While the search process of the tool is automated, some manual guidance and protocol-specific adaptations are required. In addition to checking clients’ contracts, auditors also incorporate contracts from the integrated and other relevant DeFi protocols, which enhances Quantstamp’s ability to discover flash loan attack vectors that involve multiple protocols. While the search tool is non-exhaustive, meaning that attacks may still exist even if the automated tool doesn’t detect them, its practical success rate is remarkably high. Currently available across all EVM-compatible chains, the Economic Exploit Analysis service has the potential to adapt the tool to other blockchains and VMs (virtual machines) suffering from similar attack vectors.
Quantstamp also offers security services including smart contract audits, ZK rollup audits, and more. Quantstamp is blockchain-agnostic, conducting audits for several other blockchains beyond Ethereum including Solana, Flow, Cardano, Avalanche, Binance Smart Chain, Near, Hedera Hashgraph, Tezos, Aptos, and Sui.
To learn more about Quantstamp’s Economic Exploit Analysis service, visit quantstamp.com/economic-exploits