An On-Chain Mechanism Against DeFi Price Manipulation Attacks

Lin Liansheng; Zheng Huanqin; Su Shen; Lei Kai; Chen Xiaofeng; Tian Zhihong

doi:10.7544/issn1000-1239.202330291

Journal of Computer Research and Development > 2025 > 62(2): 443-457. > DOI: 10.7544/issn1000-1239.202330291 CSTR: 32373.14.issn1000-1239.202330291

Lin Liansheng, Zheng Huanqin, Su Shen, Lei Kai, Chen Xiaofeng, Tian Zhihong. An On-Chain Mechanism Against DeFi Price Manipulation Attacks[J]. Journal of Computer Research and Development, 2025, 62(2): 443-457. DOI: 10.7544/issn1000-1239.202330291

Citation:

PDF (2013 KB)

An On-Chain Mechanism Against DeFi Price Manipulation Attacks

1.
Cybersecurity Institute of Advanced Technology, Guangzhou University, Guangzhou 510006
2.
Engineering Research Center of Integration and Application of Digital Learning Technology (The Open University of China), Ministry of Education, Beijing 100039
3.
Shenzhen Key Laboratory of Information-centric Networking & Blockchain (Peking University), Shenzhen, Guangdong 518055
4.
State Key Laboratory of Blockchain and Data Security (Zhejiang University), Hangzhou 310027
5.
Standardization and Project Management Department, Hangzhou Qulian Technology Co., Ltd., Hangzhou 310051

Funds: This work was supported by the Key Research and Development Program of Guangdong Province (2020B0101090003), the National Key Research and Development Program of China (2022YFB2702305), the National Natural Science Foundation of China (61902083, 62172115, 61976064), the Innovation Foundation of Engineering Research Center of Integration and Application of Digital Learning Technology, Ministry of Education (1221045), the Higher Education Innovation Group of Guangdong Province (2020KCXTD007), and the Higher Education Innovation Group of Guangzhou City (202032854).

More Information

Author Bio:
Lin Liansheng: born in 1998. Master. His main research interests include blockchain security and DeFi security

Zheng Huanqin: born in 1999. Master, His main research interest includes smart contract security

Su Shen: born in 1985. PhD, professor. Senior member of CCF. His main research interests include blockchain security, DNS security, and routing security

Lei Kai: born in 1976. PhD, professor. Distinguished member of CCF. His main research interests include blockchain network and new network architecture

Chen Xiaofeng: born in 1985. Master, director of standardization and project management department of Qulian Technology Co., Ltd. His main research interests include automated testing, and blockchain technology research and testing

Tian Zhihong: born in 1978. PhD, professor, PhD supervisor. Distinguished member of CCF. Changjiang distinguished professor. His main research interests include network attack and defense competition, network security, and intrusion detection
Received Date: April 02, 2023
Revised Date: January 21, 2024
Available Online: December 11, 2024

Graphical Abstract

Abstract

Abstract

Price manipulation attacks manipulate the on-chain prices of decentralized financial (DeFi) projects by altering the digital asset stock, thereby attacking their liquidation mechanisms to achieve improper profits. Nowadays, price manipulation attacks have emerged as the most significant security threats to the current decentralized financial ecosystem. To defend from the price manipulation attacks, the oracle obtains the exchange prices from the real world, which are difficult to manipulate. However, the maintenance expense of the oracle is very high due to frequent on-chain data update, making it challenging to meet industrial demand. To address these issues, we propose a defense mechanism against price manipulation attacks. This mechanism utilizes off-chain prices to guide the identification of on-chain price manipulation behaviors and intercepts price manipulative transactions through a contract proxy. The mechanism reduces the frequency of price submissions and the cost of updating off-chain data on-chain through low-frequency price feeding. This compromise aims to balance the cost of defense against price manipulation attacks with the precision of identification. Based on the experimental findings, we have conclusively demonstrated that our innovative method substantially diminishes the overall maintenance cost by over 30%, concurrently achieving an outstanding success rate of 97.5% in effectively safeguarding against price manipulation attacks.
- blockchain,
- smart contract,
- decentralized financial,
- price manipulation attacks,
- oracle price feeding

FullText(HTML)

References (48)

References

[1]	Nofer M, Gomber P, Hinz O, et al. Blockchain[J]. Business & Information Systems Engineering, 2017, 59: 183−187
[2]	Wang Shuai, Yuan Yong, Wang Xiao, et al. An overview of smart contract: Architecture, applications, and future trends[C]//Proc of the 2018 IEEE Intelligent Vehicles Symp (IV). Piscataway, NJ: IEEE, 2018: 108−113
[3]	Liu Yuan, Zhang Chuang, Yan Yu, et al. A semi-centralized trust management model based on blockchain for data exchange in IoT system[J]. IEEE Transactions on Services Computing, 2022, 16(2): 858−871
[4]	Su Shen, Tian Zhihong, Li Shuang, et al. IoT root union: A decentralized name resolving system for IoT based on blockchain[J]. Information Processing & Management, 2021, 58(3): 102553
[5]	Jensen J R, von Wachter V, Ross O. An introduction to decentralized finance (DeFi)[J]. Complex Systems Informatics and Modeling Quarterly, 2021(26): 46−54 doi: 10.7250/csimq.2021-26.03
[6]	Wood A, Cohen A, Allen S, et al. What are decentralized exchanges, and how do DEXs work[EB/OL]. [2023-01-11]. https://cointelegraph.com/defi-101/what-are-decentralized-exchanges-and-how-do-dexs-work
[7]	Berenzon D. Constant function market makers: DeFi’s “zero to one” innovation[EB/OL]. [2023-01-11]. https://medium.com/bollinger-investment-group/constant-function-market-makers-defis-zero-to-one-innovation-968f77022159
[8]	Buterin V. A next-generation smart contract and decentralized application platform[EB/OL]. [2023-01-11]. https://ethereum.org/en/whitepaper/
[9]	Pesse S. First attacks[EB/OL]. [2023-01-11]. https://xiangganzi.gitbook.io/flashloan/shan-dian-dai-gong-ji-ce-lve/bzx-di-yi-ci-gong-ji-ce-lve
[10]	Hellobtc. DeFi world’s Oracle attack[EB/OL]. [2023-01-11]. https://www.blocktempo.com/why-defi-arbitrageurs-earn-more-than-hackers
[11]	Williams C, Craig T, Oliver J, et al. 2388 ETH estimated lost in bZx’s second exploit[EB/OL]. [2023-01-11]. https://cryptobriefing.com/2388-eth-estimated-lost-bzxs- second-exploit
[12]	Pan Yubo, Gong Quanyu. Beosin: Anch price manipulation[EB/OL]. [2023-01-11]. https://www.chaincatcher.com/article/2077562
[13]	Wang Dabao, Wu Siwei, Lin Ziling, et al. Towards a first step to understand flash loan and its applications in DeFi ecosystem[C]//Prof of the 9th Int Workshop on Security in Blockchain and Cloud Computing. New York: ACM, 2021: 23−28
[14]	Odaily. Optimism price manipulation[EB/OL]. [2023-01-13]. https://www.odaily.news/newsflash/310619
[15]	Picardo E. USD coin (USDC): Definition, how it works in currency, and value[EB/OL]. [2023-01-13]. https://www.investopedia.com/usd-coin-5210435
[16]	SlowMist. Slowmist hacked[EB/OL]. [2023-01-13]. https://hacked.slowmist.io
[17]	Hertzog E, Benartzi G. Bancor Protocol[EB/OL]. [2023-01-13]. https://storage.googleapis.com/website-bancor/2018/04/01ba8253-bancor_protocol_whitepaper_en.pdf
[18]	Curve. Curve Finance[EB/OL]. [2023-01-13]. https://www.curve.com
[19]	Wombat Exchange. What is Stableswaps[EB/OL]. [2023-01-13]. https://medium.com/wombat-exchange/what-is-a-stableswap-58786d32e3d4
[20]	Adams H, Zinsmeister N, Salem M, et al. Uniswap V3 core[EB/OL]. [2023-01-13]. https://berkeley-defi.github.io/assets/material/Uniswap%20v3%20Core.pdf
[21]	Breidenbach L, Cachin C, Chan B, et al. Chainlink 2.0: Next steps in the evolution of decentralized oracle networks[EB/OL]. [2023-01-13].https://research.chain.link/whitepaper-v2.pdf?_ga=2.22594877.704683947.1680333446-783667085.1668944739
[22]	Srinawakoon S, Suriyalarn S, Nattapatsiri P. Band Protocol documentation[EB/OL]. [2023-01-13]. https://docs.bandchain.org
[23]	Wang Wenbo, Hoang D T, Hu Peizhao, et al. A survey on consensus mechanisms and mining strategy management in blockchain networks[J]. IEEE Access, 2019, 7: 22328−22370 doi: 10.1109/ACCESS.2019.2896108
[24]	Curry B, Rodeck D. What is Ethereum[EB/OL]. [2023-01-14]. https://www.forbes.com/advisor/investing/cryptocurrency/what-is-ethereum-ether
[25]	Liu Yuan, Yu Wangyuan, Ai Zhengpeng, et al. A blockchain-empowered federated learning in healthcare-based cyber physical systems[J]. IEEE Transactions on Network Science and Engineering. 2023, 10(5): 2685−2696
[26]	向杰,杨哲慜,周顺帆,等. 一种基于运行时信息的以太坊智能合约防御技术[J]. 计算机研究与发展,2021,58(4):834−848 doi: 10.7544/issn1000-1239.2021.20200135 Xiang Jie, Yang Zhemin, Zhou Shunfan, et al. A runtime information based defense technique for Ethereum smart contract[J]. Journal of Computer Research and Development, 2021, 58(4): 834−848 (in Chinese) doi: 10.7544/issn1000-1239.2021.20200135
[27]	Liu Yuan, Xiong Zehui, Hu Qin, et al. VRepChain: A decentralized and privacy-preserving reputation system for social internet of vehicles based on blockchain[J]. IEEE Transactions on Vehicular Technology. 2022, 71(12): 13242−13253
[28]	Chriseth, Beregszaszi A, Sliwak K, et al. Solidity, thecontract-oriented programming language[EB/OL]. [2023-01-14]. https://github.com/ethereum/solidity
[29]	Griesemer R, Pike R, Thompson K, et al. Build simple, secure, scalable systems with Go[CP/OL]. [2023-01-15]. https://go.dev
[30]	Amberdata. Your lens into the entire cryptoeconomy[EB/OL]. [2023-01-15]. https://www.amberdata.io
[31]	Mita M, Ito K, Ohsawa S, et al. What is stablecoin? A survey on price stabilization mechanisms for decentralized payment systems[C]//Proc of the 8th Int Congress on Advanced Applied Informatics (IIAI-AAI). Piscataway, NJ: IEEE, 2019: 60−66
[32]	Tamplin T. What is tether(USDT)[EB/OL]. [2023-01-15]. https://www.financestrategists.com/wealth-management/cryptocurrency/tether-usdt/?gclid=EAIaIQobChMInoPMwcn2_QIV1DMrCh1PZQ6QEAAYASAAEgK0m_D_BwE
[33]	Wikipedia. DAI(cryptocurrency)[EB/OL]. [2023-01-15]. https://en.wikipedia.org/wiki/Dai_(cryptocurrency
[34]	Binance. What is BUSD[EB/OL]. [2023-01-15]. https://academy.binance.com/en/articles/what-is-busd
[35]	Vranken H. Sustainability of bitcoin and blockchains[J]. Current opinion in environmental sustainability, 2017, 28: 1−9 doi: 10.1016/j.cosust.2017.04.011
[36]	Markus B, Palmer J. What is Dogecoin[EB/OL]. [2023-01-15]. https://dogecoin.com/
[37]	CoinMarketCap. Cryptos[EB/OL]. [2023-01-15]. https://coinmarketcap.com
[38]	Pacheco M, Oliva G A, Rajbahadur G K, et al. Is my transaction done yet? An empirical study of transaction processing times in the Ethereum blockchain platform[J]. ACM Transactions on Software Engineering and Methodology, 2023, 32(3): 1−46
[39]	Abdi H. The method of least squares[J]. Encyclopedia of Measurement and Statistics, 2007, 1: 530−532
[40]	Tan M, Chuan W, Pauline, et al. DEX activity[EB/OL]. [2023-01-16]. https://etherscan.io/stat/ dextracker
[41]	Dune. Dune dashboards[EB/OL]. [2023-01-16]. https://dune.com/browse/dashboards
[42]	Barros G, Gallagher P. EIP−1822: Universal upgradeable proxy standard (UUPS) [EB/OL]. [2023-01-16]. https://eips.ethereum.org/EIPS/eip-1822
[43]	OpenZeppelin. Securely code, deploy and operate your smart contract[EB/OL]. [2023-01-16]. https://www.openzeppelin.com/
[44]	Ethereum Foundation. Go-ethereum[CP/OL]. [2023-01-16]. https://geth.ethereum.org
[45]	Lee W M. Beginning Ethereum Smart Contracts Programming: With Examples in Python, Solidity, and JavaScript[M]. New York: Apress, 2019: 169−198
[46]	CoinMarketCap. Quotes Historical v2[EB/OL]. [2023-01-16]. https://coinmarketcap.com/api/documentation/v1/#operation/getV2CryptocurrencyQuotesHistorical
[47]	Tellor. A decentralized Oracle protocol[EB/OL]. [2023-01-16]. https://tellor.io/whitepaper
[48]	Srinawakoon S, Suriyalarn S, Nattapatsiri P. A high-performance blockchain[EB/OL]. [2023-01-16]. https://bandprotocol.com/bandchain